In May 2018, a new data privacy law went into effect in the European Union. This law — the General Data Protection Regulation (GDPR) — has been held up as a global standard for consumer data protection. It has also created momentum for lawmakers in the United States to introduce their own proposals for regulating data privacy. Yet one year later, consumers, businesses and regulators are dealing with a variety of unintended consequences. Given that GDPR has fallen short of expectations, policymakers in other countries have an opportunity to do better, rather than repeat Europe’s mistakes. As Daniel Castro writes for Government Technology, the United States should avoid repeating these mistakes and instead strive to create a national privacy framework that streamlines regulation, pre-empts state laws, establishes basic consumer data rights and minimizes the impact on innovation.