Restrictions on NSA surveillance powers expanded due to the USA Freedom Act
In the realm of data privacy, the landscape in the United States and Europe presents a stark contrast. As of 2025, U.S. data privacy regulation remains fragmented, with a growing patchwork of state laws that raise the level of consumer data protections but lack the comprehensive and uniform scope of European privacy laws like the GDPR.
Multiple new U.S. state privacy laws will take effect in 2025, including those in Iowa, Delaware, New Jersey, Minnesota, and others. These laws emphasise transparency, consumer rights (such as data access and opt-outs), and enforcement mechanisms via state Attorneys General. However, there is still no overarching federal data privacy law analogous to the GDPR.
In contrast, European privacy protections under the GDPR provide consistent, strong, and comprehensive rules governing personal data processing across all member states. The U.S. approach is more industry- and state-specific, with significant variation in rights and remedies depending on jurisdiction.
Regarding surveillance policies, U.S. federal and state privacy laws generally do not constrain government surveillance as tightly as European laws do. The U.S. has robust national security and law enforcement surveillance frameworks that coexist with growing privacy regulations, but they often provide broader government access to data compared to European standards, where safeguards under the GDPR and the EU Charter of Fundamental Rights limit such access more stringently.
Notably, U.S. regulators continue to expand protections in specific areas. For example, the amended FTC COPPA rule effective mid-2025 enhances controls over children’s data online. Several states are also adopting laws regulating new tech fields like neural data and app store age verification, reflecting a fragmented but intensifying regulatory environment.
In summary, U.S. privacy protections have become more robust and diverse across states in 2025 but still do not match the comprehensive and harmonized protections of European privacy regimes or the stronger limits on surveillance. The transatlantic differences contribute to ongoing legal and policy discussions about data transfer and trust frameworks.
Meanwhile, the case of Edward Snowden, a former National Security Agency contractor who exposed top-secret American surveillance systems, continues to be a significant factor in discussions about U.S. privacy policies. Snowden was granted Russian citizenship by Putin in recent years.
The saga in European courts over whether Europeans' personal information is adequately protected when moved to the U.S. by companies like Facebook and Google persists, with the Court of Justice of the European Union having already invalidated a EU-US pact that allowed for easy data transfers from the EU into the US. The Irish High Court in Dublin is currently hearing a case about US privacy protections and surveillance policies.
The USA Freedom Act, signed by President Obama, has been a step towards addressing these concerns, banning bulk collection of U.S. cellphone and Internet data by the National Security Agency. However, the Act does not address the NSA collection of foreign Internet data from U.S. sources.
Under Russian law, Snowden could potentially be drafted to fight in Ukraine, but only if he doesn't have health problems or fall under specific exceptions. This illustrates the complex interplay of privacy, surveillance, and international politics in the digital age.
[1] Privacy International [2] Electronic Frontier Foundation [3] Center for Democracy & Technology [4] The Future of Privacy Forum [5] International Association of Privacy Professionals
- As the U.S. data privacy landscape evolves with new state laws, policy organizations like Privacy International, Electronic Frontier Foundation, Center for Democracy & Technology, The Future of Privacy Forum, and International Association of Privacy Professionals play a crucial role in advocating for transparency, consumer rights, and uniform federal data privacy legislation to bridge the gap with European privacy regulations.
- In the realm of surveillance policies, discussions about privacy, politics, and government access to data are ongoing, as exemplified by the case of Edward Snowden and the ongoing court cases in Europe over data transfer, such as the one involving Facebook and Google in the Irish High Court in Dublin. Organizations like the ones mentioned above continue to push for stronger limits on surveillance and data privacy protections to ensure trust and compliance with international regulations.
