Irish GDPR Regulator Weighs In to U.S. Senators Shaping Federal Privacy Law
Ireland's data protection commissioner, who regulates the GDPR compliance of Facebook, Microsoft, Twitter and other U.S. tech companies incorporated in the EU country, shared lessons and advice on data privacy policies with senators at a hearing Wednesday.
May 02, 2019 at 03:00 AM
3 minute read
The original version of this story was published on Corporate Counsel
U.S. senators designing a possible federal data privacy law heard input from Ireland's data protection commissioner and U.S. consumer advocacy groups at a hearing Wednesday.
It's the latest in a series of congressional committee hearings in Washington, D.C., meant to shape policy ideas for the proposed law, which has gained bipartisan traction this year in the wake of numerous data breaches, the European Union's General Data Protection Regulation and the California Consumer Privacy Act.
Members of the Committee on Commerce, Science and Transportation raised their concerns with data privacy regulation on a federal level with witness Helen Dixon, the Irish data protection commissioner, whose agency oversees GDPR compliance for Facebook, Twitter, Uber and other U.S. tech companies incorporated in Ireland.
Sen. Ted Cruz, R-Texas, asked about the GDPR's impact on small- and medium-sized businesses in Europe and whether the law's implementation last May reduced employment opportunities. Irish officials are “not aware of evidence that the GDPR is effecting jobs adversely,” Dixon said.
That's in part because certain GDPR articles don't apply to smaller companies, Dixon said earlier in the hearing. The law dictates businesses implement new processes “appropriate to the risks and scale of personal data processing they're undertaking,” not a one-size-fits-all approach, she added.
Neema Singh Guliani, a hearing witness and senior legislative counsel for the American Civil Liberties Union, suggested a federal data privacy law's penalties should vary based on the size of the business.
Senators also questioned Dixon on the value of pre-emption in a U.S. federal data privacy law. Sen. Marsha Blackburn, R-Tennessee, said GDPR is an “EU-wide regime” versus a law specific to Ireland. Dixon noted GDPR is a “hybrid” state and EU-level law, with “members state flavors in terms of choices” on certain aspects of the regulation, such as the country's digital age of consent.
Guliani and James Steyer, the chief executive officer and founder of Common Sense Media, both said they would have “serious concerns” with a federal data privacy law that pre-empted state law, particularly the CCPA. Both witnesses said CCPA should be a “floor” for federal privacy regulation, not a ceiling, and would not back a nationwide law with looser consumer protections that undermined California's law.
Google, Twitter and other tech companies have pushed for a federal law that would pre-empt CCPA, which goes into effect on Jan. 1, 2020. In a September 2018 Senate Committee on Commerce, Science and Transportation hearing, Google chief privacy officer Keith Enright and Amazon.com Inc. associate general counsel Andrew DeVore said CCPA's definition of impacted personal information was unclear and backed the idea of a regulation with pre-emption.
At Wednesday's hearing, Dixon was also hit with questions on Ireland's enforcement of GDPR violations against EU versus U.S. companies by Sen. Roy Blunt, R-Missouri. Dixon said Ireland's Data Protection Commission hasn't issued any GDPR-related fines yet, but the agency is currently investigating 51 companies, 12 of which are U.S. tech companies, for violations.
Her agency plans to wrap the first wave of GDPR investigations up this summer, she said. That could include an investigation launched against Facebook in October after the Menlo Park, California-based company revealed a data breach impacting millions of users. The highest fine a company can face under the GDPR is 4% of its annual turnover, more than $1.5 billion for Facebook.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Friday Newspaper
- 2Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 3Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 4NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
- 5A Meta DIG and Its Nvidia Implications
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250