The GDPR's Biggest Influence on Global Privacy May Be Through Commerce
More countries are beginning to adapt legislation that echoes pillars of Europe's General Data Protection Regulation. Is it a coincidence or strategically motivated?
December 20, 2018 at 09:30 AM
4 minute read
Imitation may be the sincerest form of flattery, but sometimes it's hard to tell imitation from sheer coincidence. Earlier this month, the Australian Competition and Consumer Commission released a series of recommendations echoing several core tenants of the European Union's General Data Protection Regulation (GDPR).
Australia isn't the only world player doing a GDPR cover. Back in November, Canada passed the Personal Information Protection and Electronic Documents Act offering similar privacy protections to those featured in the European Union. California's forthcoming California Consumer Privacy Act will even bring a taste of those principles stateside.
So is the GDPR taking over the world? The cultural differences that have historically defined each individual country's approach to privacy make it difficult to tell whether the European Union's landmark privacy legislation has set a new bar or simply overlaps a number of security best practices.
Still, Commerce is one of the few areas where it's easy to feel the guiding hand of the GDPR—and it can help to explain why lawyers in the U.S. won't be saying goodbye to the GDPR any time soon.
“People are really concerned about complying with [the GDPR]. It's the new hot topic, and it's just so comprehensive and there are so many provisions to it that it's still on the forefront of everyone's mind because there's so many aspects of compliance,” Elizabeth Dill, a partner and member of the data privacy and cybersecurity practice at Lewis Brisbois, said.
The firm is often fielding questions from corporate clients that fall somewhere along the lines of: “We don't technically have to do this, but wouldn't it just be easier to become GDPR compliant now?”
The answer is always yes. Companies, especially the bigger ones with lots of moving parts, can't change their data processing methods or security programs overnight. Christopher Ballod, a partner specializing in data privacy and cyber security at Lewis Brisbois, often advises clients to consider where they think privacy laws in the United States will stand in two years time.
For those purposes, California might be the best weather vane around. The state was at the forefront of the data breach notification laws that were eventually picked up in other states. While its incoming data privacy law is not an identical twin to the GDPR, it does include many of the same privacy protections.
“We spend a lot of time even with American companies who have little contact with Europe at this point getting them GDPR ready because they want to do business and continue to do business in California, or because they have plans to do business or market to European customers,” Ballod said.
Even if those clients have no designs on Europe whatsoever, they are often engaging in partnerships with larger domestic companies who are already compliant and expect the same of their business associates.
U.S. laws have typically avoided confronting privacy directly, instead focusing on breach notification standards or preventing identity theft. Still, if enough of the country's businesses begin tailoring their security and data infrastructure towards E.U. standards, it might make sense for any emerging national policies to begin leaning in the same direction.
“I think law is actually going to reflect reality as opposed to reality reflecting law,” Ballod said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllCalifornia Becomes 2nd State to Give Brain Waves Data Privacy Protections, With Mixed Reaction
Former FBI Cyber Expert on How AI Will Exacerbate Law Firms' Wire Transfer Vulnerabilities
Trending Stories
Who Got The Work
Arthur G. Jakoby, Ryan Feeney and Maxim M.L. Nowak from Herrick Feinstein have stepped in to defend Charles Dilluvio and Seacor Capital in a pending securities lawsuit. The complaint, filed Sept. 30 in New York Southern District Court by the Securities and Exchange Commission, accuses the defendants of using consulting agreements, attorney opinion letters and other mechanisms to skirt regulations limiting stock sales by affiliate companies and allowing the defendants to unlawfully profit from sales of Enzolytics stock. The case, assigned to U.S. District Judge Andrew L. Carter Jr., is 1:24-cv-07362, Securities and Exchange Commission v. Zhabilov et al.
Who Got The Work
Clark Hill members Vincent Roskovensky and Kevin B. Watson have entered appearances for Architectural Steel and Associated Products in a pending environmental lawsuit. The complaint, filed Aug. 27 in Pennsylvania Eastern District Court by Brodsky & Smith on behalf of Hung Trinh, accuses the defendant of discharging polluted stormwater from its steel facility without a permit in violation of the Clean Water Act. The case, assigned to U.S. District Judge Gerald J. Pappert, is 2:24-cv-04490, Trinh v. Architectural Steel And Associated Products, Inc.
Who Got The Work
Michael R. Yellin of Cole Schotz has entered an appearance for S2 d/b/a the Shoe Surgeon, Dominic Chambrone a/k/a Dominic Ciambrone and other defendants in a pending trademark infringement lawsuit. The case, filed July 15 in New York Southern District Court by DLA Piper on behalf of Nike, seeks to enjoin Ciambrone and the other defendants in their attempts to build an 'entire multifaceted' retail empire through their unauthorized use of Nike’s trademark rights. The case, assigned to U.S. District Judge Naomi Reice Buchwald, is 1:24-cv-05307, Nike Inc. v. S2, Inc. et al.
Who Got The Work
Sullivan & Cromwell partner Adam S. Paris has entered an appearance for Orthofix Medical in a pending securities class action arising from a proposed acquisition of SeaSpine by Orthofix. The suit, filed Sept. 6 in California Southern District Court, by Girard Sharp and the Hall Firm, contends that the offering materials and related oral communications contained untrue statements of material fact. According to the complaint, the defendants made a series of misrepresentations about Orthofix’s disclosure controls and internal controls over financial reporting and ethical compliance. The case, assigned to U.S. District Judge Linda Lopez, is 3:24-cv-01593, O'Hara v. Orthofix Medical Inc. et al.
Who Got The Work
Attorneys from Cadwalader, Wickersham & Taft and Pryor Cashman have entered appearances for Diageo Americas Supply d/b/a Ciroc Distilling Co. and Sony Songs, a division of Sony Music Publishing, respectively, in a pending lawsuit. The case was filed Sept. 10 in New York Southern District Court by the Bloom Firm and IP Legal Studio on behalf of Dawn Angelique Richard. The plaintiff, who performed as a member of producer Sean 'Diddy' Combs girl group Danity Kane and later his band, Diddy - Dirty Money, claims that she was financially exploited by Combs and subjected to inhumane working conditions. Among other violations, Richard claims that Combs required group members to remain at his residences and studios, deprived them of adequate food and sleep and forced them to rehearse for 36 to 48 hours without breaks. The case, assigned to U.S. District Judge Katherine Polk Failla, is 1:24-cv-06848, Richard v. Combs et al.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250