'Piece-by-Piece' U.S. Is Catching Up With the GDPR, Says Squire Privacy Co-Chair
Squire Patton Boggs' newest data privacy and cybersecurity group co-chair shares the top cases lawyers are watching in the European Union and beyond, and why the U.S. isn't that far from having a GDPR-like approach to data privacy.
October 02, 2019 at 11:30 AM
4 minute read
Squire Patton Boggs' data privacy and cybersecurity practice group co-chair Rosa Barcelo.
It's not just oceans separating the European Union and the U.S. Some would say that the U.S. is lagging behind the EU because it doesn't have a national data privacy law while the EU has the broad General Data Protection Regulation (GDPR). But Squire Patton Boggs' recently promoted data privacy and cybersecurity group co-chair Rosa Barcelo says upcoming U.S. data privacy laws aren't all that far apart from the GDPR.
In her new role, Barcelo will expand the firm's international data privacy team, which she joined in October 2018 as a deputy chair. Before coming to the firm's Brussels office, she served as deputy head of the cybersecurity and digital privacy unit of the Directorate‑General for Communications Networks, Content and Technology (DG CONNECT), which carries out the European Commission's digital economy and society, culture and media policies.
During a discussion with Legaltech News, Barcelo discussed how cookies, privacy shields and contractual clause rulings will impact clients, and how the U.S. may have a GDPR-lite on its hands. This conversation was edited for clarity and brevity.
Legaltech News: Do you think there will be any repercussions from last week's Court of Justice of the European Union's Google de-referencing ruling?
Rosa Barcelo: It's a case that in my view is focused on search engines. It will have repercussions for Google, but for the moment I think it's extremely focused on the specifics of this case. There are not that many search engines around that you can easily apply it to. … I don't see it as a ruling that overly affects other areas.
Do you think the court's proportionality could be applied in other cases?
I think the European Court of Justice has applied the same sort of principle in other cases in the past. I think it's a principle the European Court of Justice will continue to use.
Are there any pending rulings in the European Court of Justice you are watching closely?
One needs to remember the cases that are pending before the European Court of Justice about the validity of the Privacy Shield and also the standard contractual clauses because these are the elements that allow data to move from Europe to the U.S. We have two cases that are supposed to be decided around January next year. [The rulings are] also something that is important when advising clients because if we tell them to use these tools, it's important to say, 'Yes, these tools may be perfectly valid, but there are some question marks.'
Following yesterday's ruling on website cookies, what issues around consent are clients struggling with?
I think that where companies are asking for guidance is how you should ask for consent. In the past, you would see some websites that would say, 'If you continue browsing this means you are giving consent.' I think there's some pushback from regulators, and we will see whether these types of actions are affirmative and true expressions of consent of the individual or the individual wanted to continue browsing but didn't necessarily mean he wanted to consent.
Can you say, 'Well, unless you give us your data, we will not let you in'? When you make money out of the data and your business model is based on the data you collect, you might want to restrict access or otherwise you don't get the remuneration that was coming from this data.
How are you seeing data protection laws and regulations evolving in the European Union, U.S. or globally?
I found that you in the U.S. are having a great moment. … I understood that the person who proposed the CCPA, Alastair Mactaggart, is now supporting a new initiative that will [include] an authority enforcement similar to a European data supervisory authority that will be able to enforce the CCPA more.
I was thinking in the U.S. they will piece-by-piece end up with a sort of GDPR. The U.S. is catching up. I wouldn't say the CCPA is like the GDPR but there are many elements. One of the elements that the CCPA doesn't have is a supervisory authority European-style. But when I saw California [may] have something similar, bit-by-bit the U.S. is marching along and is starting to look like the GDPR, at least in California.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
