Posts Under: GDPR

Ready for A New Standard in Data Privacy Requirements: Four Steps to Ensure Your Solution is Compliant and How ETIN Can Help

“. . . as education companies we can't just come up with a great product, show it to teachers, and expect to be successful. Our products and services have to help decision makers with their state and federal compliance and intricately defined funding requirements if we are going to be successful. If we don’t know what these are, we can’t get our products accepted.”  — Mitch Weisburgh, Managing Partner, Academic Business Advisors

more

The Constitution Has a Role in Informational Privacy Legislation

The General Data Protection Regulation is designed to support the individual’s interest in informational privacy, which the EU recognizes as a fundamental right.  Under that law, the collection, use and transfer of personal information is prohibited unless done with consent of the individual.  It has a de minimis legitimating role for social or business purposes but generally, if the individual revokes consent, processing of information must stop and often the information itself must be deleted. The US works from a different paradigm.  We certainly value privacy as necessary and valuable to ensure both personal dignity and a free and functioning society.  But we focus privacy laws on the prevention and remediation of harm, not on consent.  United States privacy law grew out of the common-law privacy torts: defamation, intrusion on seclusion, disclosure of private facts, false light and the right of publicity.  Thus, for example, the tort of disclo ...

more

Six Case Studies on How Information Companies Are Dealing with GDPR

The EU’s sweeping General Data Protection Regulation (GDPR) went into effect on May 25 but now that it’s here, many companies are finding themselves scrambling even harder than before to make sure they’re in compliance. At a recent joint meeting of Connectiv’s Digital Media and Audience Marketing Councils, six different information companies (including Strategic Insight, Watt Global Media, EnsembleIQ, Brief Media, Northcoast Media and Northstar Travel Group) shared how they got their houses in order—and how they continue to make refinements to their audience data strategies as the realities of GDPR become clearer.

more

General Data Protection Regulation (GDPR) Entry-Into-Force: Ten Suggestions From SIIA

Tomorrow is May 25 and therefore the entry-into-force of the GDPR.  The European Commission views the GDPR as one of its significant Digital Single Market (DSM) achievements.  The Commission estimates that the DSM could add Euros 415 billion a year to EU GDP and add hundreds of thousands of jobs (see also this document on the economic impact of the DSM).  There is no Commission calculation on what contribution the GDPR would make to this overall DSM estimate (it does say that GDPR will save business some money – see below), but the Commission argues that the GDPR will enhance trust in the digital economy and therefore promote the expansion of Europe’s digital economy. As somebody who has spent a significant portion of the last year on counselling member companies on the GDPR, the immediate compliance burden looms larger than the possible innovation opportunity.  Nonetheless, there is still scope for European regulators and policymakers to interpret an ...

more

“What’s This New European Privacy Law About?”: Demystifying the General Data Protection Regulation (GDPR)

With just over a week until the European Union’s (EU) General Data Protection Regulation (GDPR) goes into effect, companies around the world are coming into compliance with the far-reaching law. Inboxes everywhere have been overflowing with consent notifications over the past few months. If you’re just getting started on GDPR or generally curious, here is a brief overview of the GDPR. Disclaimer – GDPR is broadly written and is context-specific. If your company is in need of compliance help, consider engaging with an outside firm to address your compliance needs.

more

The General Data Protection Regulation (GDPR): Reasonable Implementation Key Now

Today, the Atlantic Council hosted an interesting panel discussion entitled: “Protectionism, Data Privacy, and the Transatlantic Partnership.”  European Commission Digital Affairs Counselor Peter Fatelnig, Atlantic Counsel Distinguished Fellow Fran Burwell, and the U.S. Chamber’s Senior Manager for Digital Affairs Kara Sutton provided a lot of substance and perspective on what is happening in the run-up to the GDPR’s May 25, 2018 entry-into-force.    Appropriately, although the event name started with “protectionism,” nobody discussed the GDPR in those terms.  That is because whatever one’s views are on whether the Regulation really will promote digital innovation in Europe, the GDPR per se is not a protectionist Regulation.  Besides, the train has left the station.  Companies around the world, including SIIA and its member companies, are racing to comply with the GDPR.  Currently, I spend about a quarter o ...

more

Member Resource: New EU Data Privacy Regulations for 2018

In May 2018, the new European Union (EU) privacy and data security regulations will take effect. These regulations, formally known as the General Data Protection Regulation (GDPR), will make many changes from current EU regulations. Even with Brexit, the UK plans to implement the Regulation as well. The challenges can seem daunting, and the stakes are potentially high as the regulators can impose fines for non-compliance as high as 4% of global revenue.

more

Trade Agreements and Data Protection: Changing GATS Article XIV is Not the Way to Go

In a March 30, 2017 opinion piece, “Don’t trade away data protection,” two leading Members of the European Parliament, Viviane Reding and Jan-Phillip Albrecht, suggest “strengthening data protection safeguards in the General Exception (known as GATS XIV) and E-Commerce chapters, and removing necessity and consistency tests.”  The idea behind the proposal is to make absolutely certain that the General Data Protection Regulation (GDPR) and perhaps other parts of the EU privacy acquis could not be successfully challenged as inconsistent with an affirmative cross-border data flow obligation.  This is a topic SIIA will comment on again in the coming months, likely in a longer form Issue Brief.  This blog discusses the proposal to remove the necessity test.

more

SIIA Participation in July 2 Berlin Data Conference

I spoke on July 2 in Berlin at a conference organized by the German Standards Agency (DIN) on “Data protection in the EU and Germany – Impediment or basis of our digital future.”  SIIA was one of the sponsors of this important event.  DIN put together a terrific program with a good blend of proponents of European data protection approaches and perspectives from industries in the forefront of data-driven innovation.

more