A stricter regime for profiling07 June 2016
New York Times and Hogan Lovells Report from Berlin on Data Protection
In the Times article, the reporter focused on the determined opposition of U.S. technology companies to the proposed EU data protection regulation, which contains unworkable requirements like the “Right to be Forgotten” and staggering penalties of up to 2% of a company’s worldwide “turnover” (i.e., global revenue). The article notes that the parliamentary vote on the regulation has been delayed by a large number of proposed amendments.
Indeed, a view circulating sotte voce at the conference was that the arguments of those technology companies may be having their intended result. The threat of choking off future investment in the EU, coupled with the current economic downturn, may have created at least momentary hesitance among those whose support is necessary for the EU regulation to be adopted.
However, it was David Vladeck and U.S. enforcement that may have created the biggest stir the first day of the conference. Giving a spirited defense of U.S. privacy and security laws, which the EU tends to discount and still finds "inadequate", Vladeck, former Director of the FTC's Bureau of Consumer Protection, enumerated an impressive list of aggressive privacy and security enforcement actions undertaken by the FTC. The EU may have more stringent requirements, but it is known also for a noticeable lack of enforcement.
Drama aside, the bulk of the first day of the conference was devoted almost entirely to data protection laws in countries other than the EU or the U.S., a subject that may not be as provocative as the new regulation or the EU-U.S. name-calling, but in the end may be more noteworthy. Speakers described numerous developments in Asia, Latin America and the Middle East, virtually all of which adopt an EU-like approach to data protection regulation, though each with its own twist.
The take-home from the first day of the conference was that data protection laws are here to stay and global businesses may ignore them at their peril. In the end, the laws of countries other than the EU and U.S. may pose the greatest challenges to businesses. More than 90 countries were reported to have adopted data protections laws and the number continues to increase. Companies are faced with somehow harmonizing these laws into coherent and workable data protection compliance programs. To make matters worse, these international laws in many cases appear to combine the most demanding aspects of both the EU and U.S. approaches--stringent requirements and vigorous enforcement.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016