American Intern Meets the GDPR

Editor’s Note: Barbara Moss worked with TechGDPR as a research intern in late 2018. During her final week, we asked her to share her thoughts on learning about data privacy in Europe as a “digital native” from the U.S.A.

Arriving with an American Perspective

Since the enforcement  of the General Data Protection Regulation in the European Union, data privacy has become a part of everyday conversations in Berlin. To me, as an American, this approach to privacy is quite the contrast from the “online safety” classes I took as an adolescent. The extent of our education about being aware online focused heavily on how not to fall victim to online predators. There was absolutely no discussion of data collection and processing conducted by the platforms we were using, so we didn’t even think about it.

The only time “cookies” are mentioned by my American peers is when we’re buying airline tickets and want to deter rising prices. Since we already know that clearing our cookies can lower the prices offered to us on travel, how is it that did we not also consider how all of our search patterns are being tracked? I think this disconnect is due to the lack of awareness and concern by the typical American internet user. Perhaps we could have made this connection more clearly had we just paid more attention or had privacy rights included in our “online safety” classes.


Many Americans have been conditioned to believe our personal data is no more necessary to protect than what we ate for dinner. What we do not consider is that when we googled the dinner recipe, we told advertisers more than we realize. Without knowing it or understanding the ramifications, Americans have surrendered extensive details about our purchasing preferences, our eating habits, our location, as well as our family/relationship status, all of which are being monitored, stored, and sold. I was blindsided by the amount of information being collected about me.

The Bigger Picture

Lack of information about data security is, of course, a main challenge to Americans caring about online security, but Americans are also lulled by convenience. By pushing all of our login data through third-party sites like Facebook, we allow sites to collect additional unnecessary browsing and user information. Large advertising companies partnering with platforms like Facebook evolved so quickly, the social media providers could not keep up with what data was being breached. If huge technology companies were not able to keep up with the fast paced evolution, policymakers – and even more so, ordinary citizens – can hardly be expected to effectively manage privacy laws either. Instead it has taken multiple security breaches (i.e Facebook, Home Depot, Marriott) for the United States to start making changes. The efficiency of this action could be questioned as well, though as the average age of an American Congressperson is 57.8 years old. To understand just how behind Congress really seems to be in grasping current technologies, one need only watch about twenty seconds of the April 2018 Facebook Senate hearing.

In the wake of another large data breach (Marriott), members of Congress are now attempting to make federal changes to the way in which businesses handle personal data. California has already enacted its own version of the GDPR, the California Consumer Privacy Act. The Act does not have privacy coverage to the extent of the GDPR, but it is a step in the right direction. Americans need to realize that data protection is a right. I believe new legislation regarding data protection will become a much larger conversation in the United States as the world continues to evolve in how humans think about privacy.

Heading Home with a New View

As a 20-year-old raised in the technological world, the “technological culture shock” I experienced during my internship at TechGDPR was disorienting, but not hopeless. Since working at TechGDPR, I have a newfound respect for internet security which I have been able to pass along when people ask about my internship.

I no longer blindly accept cookies or sign in through Facebook so willingly. Luckily, I have been able to work in Germany where the GDPR has really resonated with policymakers and individuals alike. Not every American will be exposed to this perspective, which challenges the assumptions we are raised to accept in the U.S. As support for online privacy rights grows throughout the world, it is just a matter of time before the United States must improve data protection and user privacy, or risk losing a competitive edge in the global technology market.

Book a free consultation to discuss your DPO needs and the most suitable package

Request your free consultation