There is a very interesting issue related to GDPR that has emerged from the USA.
Very simply, USA firms that adhere to GDPR, but do not apply at least the same level of consent to its domestic customers may be acting illegally.
The implications are staggering.
The rationality for this argument is that there is a USA law related to “national origin discrimination” under the Title II of the Civil Rights Act of 1964. This means USA firms that apply GDPR consent to its EU customers and do not apply at least the same
standard to their USA customers, maybe acting illegally. Further details can be found at
Another aspect is that the USA regulators have fined banks staggering amounts of money, far more than any other country. For example, Bank of America has been fined in total US$76.1bn. They have fined five EU banks a staggering US$49bn: Deutsche Bank US$14bn;
RBS US$10.1bn; BNP Paribas US$9.3bn; Credit Suisse US$9.1bn; UBS US$6.5bn. Now it seems the EU is positioned to fight back by imposing huge fines using GDPR, whereby a firm may have to pay 4% of worldwide revenue for the fine.
This is where it gets interesting.
Which firms would the EU focus on that are likely to contravene GDPR to set an example and potentially put back US$49bn from the USA to EU? This means it could focus on those USA firms that have sufficient liquidity to pay such high fines. Some of the USA
tech giants could well be the early targets, especially those that have already been in terse discussions with the EU for not paying their fair contribution to tax. This is of course very Machiavellian thinking, but the EU did come up with 4% of worldwide
revenue after considering several scenarios, probably influenced by their tax discussions with tech firms.
Those USA firms that are fined by the EU re: GDPR contraventions may find they face “national origin discrimination” litigation back in the USA.
As previously reported, how do firms prove their customers understood the contextual consent for the use of their personal data. Its for this reason, post GDPR will lead to fines and create an opportunity for chatbots to become the primary means for helping
set a golden standard for customer consent underpinned by compliance automation.