Indiana Law Journal

Document Type


Publication Date

Winter 2019

Publication Citation

94 Indiana Law Journal 297 (2019)


With the rise of the internet in recent decades, it has become increasingly easy for various enterprises—including retailers, advertising agencies, and service providers—to acquire, use, and even share the personal details of their users. Such a trend is unlikely to decrease in the coming years; in fact, internet usage is only likely to increase as more and more people gain access to the internet. In the wakeof recent data breaches, including the now infamous breach of Equifax as well as the scandal involving Facebook and Cambridge Analytica, people are even more aware of the need for (and the risk of not having) adequate data protection laws. Luckily though, in the last few years there have been serious pushes across the globe to institute new data protection laws that ensure private data is not used for nefarious purposes or given away frivolously.

This Note intends to outline the current data protection regimes in three large jurisdictions across the globe (the European Union, China, and the United States), to offer insight into the strengths and weaknesses of each regime, and to predict the path that data protection laws in the United States should take in upcoming years. As will be seen, both the European Union and China, with the institution of their newest data protection laws, use omnibus regimes, in contrast with the United States’ current sector specific regime. The United States should move from its current regime, in which there are only national laws for specific industries, to a more omnibus regime, taking elements from both the European and the Chinese data protection regimes, which will help provide a minimum floor of protection applicable to all citizens whose personal data is being processed rather than allowing for varying levels of protection between states and industries.