Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
U.S. companies doing business in the European Union face uncertainty under a strict new privacy framework and an EU-U.S. data transfer program that is under attack, a panel of privacy professionals said at Bloomberg Law’s 2017 Privacy Outlook.
Although the EU is known for already strong privacy protections, the EU General Data Protection Regulation (GDPR) brings its laws into the digital age, Kendall C. Burman, cybersecurity and data privacy counsel at Mayer Brown LLP in Washington, said. The rise in cybercrime, internet of things (IoT) web-connected devices and other digital innovations caused the need for the EU to update privacy protections for its citizens, she said.
The GDPR is “more sensible for companies” to deal with as one, overarching harmonized framework rather than a patchwork of privacy laws from the 28 EU countries, Burman, who served in the Commerce Department during the Obama administration, said.
But Cameron Kerry, senior counsel at Sidley Austin LLP and former general counsel and acting secretary at Commerce, said companies still face uncertainty. The GDPR will take effect in May 2018, but there is still substantial guidance that needs to be released by EU privacy officials before companies will have sufficient clarity about the impending regulation, he said.
Under the GDPR, companies will face requirements that they report certain data breaches within 72 hours of discovering a breach. Companies could face fines of as much as 4 percent of their global annual revenue for any violation. For example, Alphabet Inc.'s Google had $60.6 billion in revenues in fiscal year 2015, Bloomberg data show. A fine of 4 percent means that, under the GDPR formula, Google could get a bill from the EU exceeding $2.4 billion for a single infraction.
The panel, moderated by Bloomberg Law Privacy & Data Security News Managing Editor Donald Aplin, also delved into the benefits and risks of the Privacy Shield data transfer program, given the uncertain political environment in the U.S. and court challenges across the Atlantic.
The Privacy Shield allows U.S. companies that self-certify their compliance with EU-approved privacy and security principles with Commerce to legally transfer personal data from the EU to the U.S. The Privacy Shield is relied upon by over 1,800 U.S. companies, including Google, Microsoft Corp. and Facebook Inc., as well as tens of thousands of EU companies.
There is a “tremendous amount of uncertainty going forward” due to multiple EU court challenges to the Privacy Shield, and concerns from EU regulators that President Donald Trump might not be fully supportive of the program, Kirk Nahra, privacy partner at Wiley Rein LLP in Washington, said.
Kerry said the biggest risk to the Privacy Shield is how the Trump administration handles surveillance issues and especially President Policy Directive 28 (PPD-28), which aims to limit the amount of data intelligence authorities can collect and process. If Trump repeals or alters PPD-28 in any material way, companies “can kiss the Privacy Shield goodbye,” he said.
But hope is not lost for companies wanting to do business in the EU, Nahra said. Companies should have backup plans with good processes, procedures, contracts and internal controls, so they can “engage in these activities” if the Privacy Shield is no longer adequate to protect EU citizens’ data, he said.
To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com
To contact the editor responsible for this story: Donald Aplin at email@example.com
The video is available at http://src.bna.com/nhT.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)