Ross said US officials were "deeply concerned" about how the General Data Protection Regulation would be implemented, while noting that the guidance so far has been "too vague."
The law which took effect May 25 establishes the key principle that individuals must explicitly grant permission for their data to be used, and give consumers a right to know who is accessing their information and what it will be used for.
Some US officials have expressed concerns about the GDPR, but Ross is the highest ranking official to speak on the law, and his comments address a broad range of sectors that could be affected.
"We do not have a clear understanding of what is required to comply. That could disrupt transatlantic cooperation on financial regulation, medical research, emergency management coordination, and important commerce," Ross said in an opinion piece for the Financial Times.
The costs of the new law could be significant, to the point where it may "threaten public welfare on both sides of the Atlantic," according to Ross.
"Complying with GDPR will exact a significant cost, particularly for small and medium-sized enterprises and consumers who rely on digital services and may lose access and choice as a result of the guidelines," he wrote.
"Pharmaceutical companies may not be able to submit medical data from drug trials involving European patients to US authorities, which could delay the approval of new life-saving drugs."
He added that the US Postal Service has claimed the new rules could prevent EU postal operators from providing the data needed to process inbound mail.
Ross also echoed concerns from other officials that EU requirement that personal data be restricted from the internet address book known as "WHOIS" could hurt law enforcement efforts to crack down on cybercrime and online calls to violence.
"That could stop law enforcement from ascertaining who is behind websites that propagate terrorist information, sponsor malicious botnets or steal IP addresses," he said.
"These important activities need to be weighed carefully against privacy concerns. They are critical to building trust in the internet, safeguarding infrastructure, and protecting the public. Our respect for privacy does not have to come at the expense of public safety."