Following a series of high-profile data leaks and hacks, many concerned Americans are now demanding stronger data privacy regulations. Some are even suggesting the European Union’s General Data Protection Regulation is a model worth adopting, including, surprisingly, Michael Chertoff, George W. Bush’s second Department of Homeland Security secretary.

That’s exactly the point he makes in his new book, Exploding Data. He expanded on those ideas—and how his national-security experience has left him willing to trust the government with “metadata” about the who and when of our communication but not the keys to decrypt its contents —in an interview Wednesday.

A pitch for regulation

The GDPR’s extensive list of rights goes far beyond U.S. law—yet because it’s often easier for companies to ship one version of an app, U.S. citizens have benefited from its provisions requiring user permissions and controls.

Chertoff called the roughly 54,000-word GDPR “somewhat over-bureaucratic and complicated” but would enshrine the GDPR’s core logic in U.S. law.

“The principle that people ought to have some right to control their data,” he said, “is a principle we need to adopt ourselves.”

Specifically, as he writes in Exploding Data, Chertoff would require companies to get your buy-in for “extrinsic” uses of data, those beyond making the app you’re using work better. Others—such as third-party marketing—would become a permission-only enterprise.

Chertoff would even import a limited version of the EU’s “right to be forgotten” rule. But instead of letting citizens demand that search engines like Google (GOOG, GOOGL) suppress “inadequate” or “irrelevant” links in searches for their names, he would limit that to false and defamatory material.

Chertoff also voiced support for giving customers a choice not required by GDPR rules: “get the service by paying for it as opposed to getting it by giving your data over.”

First, though,…

See more at: