Posts Under: Data

French Data Protection Authority (DPA - CNIL) Google Fine Shows That Regulatory-Industry Cooperation Crucial To Get Privacy Right

On January 21, 2019, the French National Data Protection Commission (CNIL) fined Google Euros 50 million for not complying with the General Data Protection Regulation (GDPR).   There will be a legal challenge, but this blog focuses on the policy considerations surrounding the decision.  There are at least three initial takeaways from the CNIL decision.  First, this enforcement action demonstrates that the GDPR should not be replicated word for word in a possible U.S. federal privacy law.  Some notion of consumer harm should enter the calculation when a fine is considered.  Second, DPAs should be more forthcoming with guidance on how to comply with the GDPR, especially when companies are making a good faith effort to comply with the law.  Third, there is a risk that the one-stop-shop is going to become effectively meaningless.  As U.S. policymakers consider a federal privacy law, this should be a key co ...

more

BIMs Preview: What AI and Machine Learning Can Do for You

Artificial intelligence (AI) and machine learning are here and reshaping business. But AI isn’t just for tech companies and online retailers—it can be a force multiplier for smaller and mid-sized information companies by enabling them to take control of content and audience data by automating many of the manual tasks associated with maintaining that data and helping create personalized and meaningful experiences for customers.

more

BIMS Preview: Peter Goldstone on Revenue Mix Versus Recurring Revenue

Business-to-business information companies are scrambling to expand their revenue mix and reduce their vulnerability of being overly dependent on any one revenue stream. But when everyone has an events business, a marketing services business and fledgling paid content and data business, is recurring revenue emerging as the real king of valuations?

more

The Constitution Has a Role in Informational Privacy Legislation

The General Data Protection Regulation is designed to support the individual’s interest in informational privacy, which the EU recognizes as a fundamental right.  Under that law, the collection, use and transfer of personal information is prohibited unless done with consent of the individual.  It has a de minimis legitimating role for social or business purposes but generally, if the individual revokes consent, processing of information must stop and often the information itself must be deleted. The US works from a different paradigm.  We certainly value privacy as necessary and valuable to ensure both personal dignity and a free and functioning society.  But we focus privacy laws on the prevention and remediation of harm, not on consent.  United States privacy law grew out of the common-law privacy torts: defamation, intrusion on seclusion, disclosure of private facts, false light and the right of publicity.  Thus, for example, the tort of disclo ...

more

General Data Protection Regulation (GDPR) Entry-Into-Force: Ten Suggestions From SIIA

Tomorrow is May 25 and therefore the entry-into-force of the GDPR.  The European Commission views the GDPR as one of its significant Digital Single Market (DSM) achievements.  The Commission estimates that the DSM could add Euros 415 billion a year to EU GDP and add hundreds of thousands of jobs (see also this document on the economic impact of the DSM).  There is no Commission calculation on what contribution the GDPR would make to this overall DSM estimate (it does say that GDPR will save business some money – see below), but the Commission argues that the GDPR will enhance trust in the digital economy and therefore promote the expansion of Europe’s digital economy. As somebody who has spent a significant portion of the last year on counselling member companies on the GDPR, the immediate compliance burden looms larger than the possible innovation opportunity.  Nonetheless, there is still scope for European regulators and policymakers to interpret an ...

more

“What’s This New European Privacy Law About?”: Demystifying the General Data Protection Regulation (GDPR)

With just over a week until the European Union’s (EU) General Data Protection Regulation (GDPR) goes into effect, companies around the world are coming into compliance with the far-reaching law. Inboxes everywhere have been overflowing with consent notifications over the past few months. If you’re just getting started on GDPR or generally curious, here is a brief overview of the GDPR. Disclaimer – GDPR is broadly written and is context-specific. If your company is in need of compliance help, consider engaging with an outside firm to address your compliance needs.

more