Fortunately, the European Union’s law should indirectly help Americans somewhat. In only a few weeks, Facebook, Google and all the other internet companies that collect our private information will have to allow European customers the protections these companies have fought to deny Americans. In an interconnected world where digital code doesn’t respect the geographical or national borders, this will surely have a positive global impact.

Internet companies are preparing for a future in which regardless of where a website is based, if it is visited by even a single European Union citizen and if it seeks to collect that person’s data, it must provide that person the protections of the General Data Protection Regulation. Hopefully, this experience will show these companies that protecting privacy is simply the responsible thing to do, not the end of their business.

The United States government has a lot of explaining to do. Why is it that American internet companies such as Facebook and Google are required to provide privacy protections when doing business with European consumers but are free to not provide such protections for Americans? Why is it that Americans’ best privacy hope is the secondary effect of interconnected networks rather than privacy protections designed for Americans? Why shouldn’t Americans also be given meaningful tools to protect their privacy?

Congress is now considering bipartisan legislation that responds to the problem of Russian targeted political advertising on social media by adding the requirement, long applied to broadcast advertising, that those websites disclose who is paying for their advertisements. But as well intentioned as that step may be, it addresses only a symptom of the problem of the extensive surveillance of Americans, not the root of the problem.

The New World must learn from the Old World. The internet economy has made our personal data a corporate commodity. The United States government must return control of that information to its owners.