For comparison, while data protection and privacy are fundamental rights in the EU, there is no equivalent protection in the US.
EU data protection consists of several principles, which include, rules on data quality standards, on sensitive data, independent supervision, the purpose limitation principle, rules on inter-agency exchange or transfer of data to third states, time limits for the retention of data, effective judicial review and access possibilities, independent oversight, proportionality elements, notification requirements after surveillance or data breaches, access, correction and deletion rights as well as rules on automated decisions, data security as well as technical protection. These rights and principles are subject to restrictions, but these restrictions are limited by proportionality elements and are continually subject to judicial review. Some of these EU rights, such as notification, supervision or judicial review can also be found in certain US Acts, for instance in the ECPA, however, they only exist in a mitigated form.
Most of the EU data protection guarantees simply do not exist in US law. Good for businesses, bad for humans.