The General Data Protection Regulation (GDPR) is a European law that protects the privacy and security of personal data of individuals in the European Economic Area (EEA). Since about half of the world’s population uses social media, it is crucial to make sure that your personal data is protected and not being sold. The European countries that have adopted GDPR thus far are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom, Norway, Ireland, and Lichtenstein. Any personal data collected in these countries are subject to GDPR and if they fail to do so, then they can be hit with monetary fines, reputational harm, or noncompliance. They can also be fined up to 20 million Euros or 4% of prior financial year revenue.

Personal Data
Personal data is “anything that relates to an identified or identifiable natural person”. Before GDPR was put into place, individual’s personal data was being sold without them knowing. Examples of personal data are:
- A home address
- A first/last name
- An individual’s e-mail address
- An ID card #
- An IP address
- A cookie ID
- Phone identifiers
- Demographic, behavioral or health-related information that could identify a person
With GDPR now in place in European countries, researchers who wish to use an individual’s personal data must receive notice and consent from them.
What This Means For the United States
The United States does not have a law that protects the privacy of an individual’s data. In most states, companies can sell your data to other companies without you ever knowing or being notified. While in the European countries that have adopted GDPR, companies must receive permission from the individual to share their personal data.
While the United States does not have one main law that protects its individual’s data, we have a mix of laws that were made to only protect certain types of data. These laws include:
- Health Insurance Portability and Accountability Act (HIPAA)
- Fair Credit Reporting Act (FCRA)
- Family Education Rights and Privacy Act (FERPA)
- Gramm-Leach-Biley Act (GLBA)
- Electronic Communications Privacy Act (ECPA)
- Children’s Online Privacy Protection Rule (COPPA)
- Video Privacy Protection Act (VPPA)
Several states have proposed legislation. The most comprehensive signed to date is the California Consumer Privacy Act (CCPA).

In conclusion, data privacy laws differ across the world. Although there is not much an individual can do to stop their personal data from being exposed, it is important to know that it is happening.
I believe that, in the near future, more countries and states will convert to regulations like GDPR to help protect their citizens. You never know if your data is going to wind up in the wrong hands because all of your information can be exposed in a bad way. You should have to give permission and receive notice from any company/party trying to use your personal data. If you are unsure about your state/countries data privacy laws, I would suggest looking them up to see what they are to ensure that your personal data is not being sold without your permission.