“. . . as education companies we can't just come up with a great product, show it to teachers, and expect to be successful. Our products and services have to help decision makers with their state and federal compliance and intricately defined funding requirements if we are going to be successful. If we don’t know what these are, we can’t get our products accepted.” — Mitch Weisburgh, Managing Partner, Academic Business Advisors
The General Data Protection Regulation is designed to support the individual’s interest in informational privacy, which the EU recognizes as a fundamental right. Under that law, the collection, use and transfer of personal information is prohibited unless done with consent of the individual. It has a de minimis legitimating role for social or business purposes but generally, if the individual revokes consent, processing of information must stop and often the information itself must be deleted.
The US works from a different paradigm. We certainly value privacy as necessary and valuable to ensure both personal dignity and a free and functioning society. But we focus privacy laws on the prevention and remediation of harm, not on consent. United States privacy law grew out of the common-law privacy torts: defamation, intrusion on seclusion, disclosure of private facts, false light and the right of publicity. Thus, for example, the tort of disclo ...