Centre for Information Policy Leadership
  • Home
  • About
    • CIPL Principals
    • Quarterly Reports
  • Membership
  • Events
    • Past Events
  • Projects
    • AI Project
    • Brazil AI Project
    • Organizational Accountability
    • Protecting Children's Data Privacy >
      • Policy Paper I: International Issues & Compliance Challenges
    • EU GDPR Implementation >
      • Global Readiness Benchmarks for GDPR
    • Enabling Data Driven Innovation and Big Data >
      • Privacy Risk Management
      • Transparency and User Controls
      • Updating Core Privacy Principles
    • Role of the DPO
    • Enabling Global Data Flows
    • Regional Focus and Outreach >
      • Effective LGPD
  • Resources
    • CIPL White Papers
    • Public Consultations
    • CIPL Articles
    • Hunton Andrews Kurth Privacy & Information Security Law Blog
  • CIPL Blog
  • Media
  • Contact Us
  • Home
  • About
    • CIPL Principals
    • Quarterly Reports
  • Membership
  • Events
    • Past Events
  • Projects
    • AI Project
    • Brazil AI Project
    • Organizational Accountability
    • Protecting Children's Data Privacy >
      • Policy Paper I: International Issues & Compliance Challenges
    • EU GDPR Implementation >
      • Global Readiness Benchmarks for GDPR
    • Enabling Data Driven Innovation and Big Data >
      • Privacy Risk Management
      • Transparency and User Controls
      • Updating Core Privacy Principles
    • Role of the DPO
    • Enabling Global Data Flows
    • Regional Focus and Outreach >
      • Effective LGPD
  • Resources
    • CIPL White Papers
    • Public Consultations
    • CIPL Articles
    • Hunton Andrews Kurth Privacy & Information Security Law Blog
  • CIPL Blog
  • Media
  • Contact Us

Emerging Privacy Regimes and the Need for US Leadership in the Digital Economy

9/14/2021

0 Comments

 
By Julie Brill
Corporate Vice President, Chief Privacy Officer, and Deputy General Counsel for Global Privacy and Regulatory Affairs at Microsoft​


Any views expressed herein are not necessarily the views of CIPL nor Hunton Andrews Kurth LLP
The European Union's Global Data Protection Regulation (GDPR) took effect on May 25, 2018, and since that day, the law has had a tremendous impact on the world of privacy. Indeed, it is not a stretch to call GDPR the most impactful global privacy development since Justice Brandeis' treatise on "The Right to Privacy", published 128 years earlier, at the end of the 19th century. 

If we step back and look at how the world has changed since 2018, we see a rapidly evolving regulatory environment, one in which GDPR has become the de facto global standard for privacy. Several countries, including Brazil, Canada, China, India, Japan, New Zealand, South Korea, and Thailand, have passed or proposed new laws, or are considering changes to existing laws, that are inspired by GDPR. These countries and their domestic businesses are working towards meeting the adequacy standards set out by GDPR or renewing their adequacy status. This has led these jurisdictions and many others to more closely align with some of GDPR's strong protections.

For example, Brazil's data protection law became effective in 2020, bringing with it the creation of the Data Protection National Authority (ANPD), a new authority charged with building out the law's requirements through rulemaking. Inspired by the GDPR, the Lei Geral de Proteção de Dados Pessoais (LGPD) imposes new requirements on companies, government agencies, non-profits, and other organizations that use data in Brazil, offer goods and services to people in Brazil, or collect and analyze data tied to people in Brazil, regardless of where the organization is located. Similarly, in India we have seen legislators pursue the Personal Data Protection bill, with provisions inspired by GDPR, including requirements supporting individuals’ control over their data, company accountability, and robust enforcement through a new data protection regulator. 

In total, more than 130 jurisdictions around the world have enacted privacy laws.

In spite of all the activity to ensure that individual privacy is protected and companies are held accountable, there is a critical and noted absence: the United States. Home to nearly a quarter of the world's Fortune Global 500 companies and the headquarters of many of the largest technology companies, the United States does not have a comprehensive privacy law in place. 

In contrast to the role it has traditionally played on global policy issues, the U.S. is not leading the discussion over privacy protections and common norms. The absence of U.S. action does not mean the absence of policy; instead, it means that the U.S. will continue to have little or no voice in the global conversation around what the rules of the road should be for American companies. That is a bad result for American businesses and organizations seeking to innovate and thrive in an ever-increasingly connected global economy. 

These global laws are going to shape how the world adopts new technologies like artificial intelligence, biometrics, and ambient data collection through an ever-expanding Internet of Things. They are also going to help guide how we use technology and data to address some of the world’s biggest societal challenges like climate change, racial inequality, and public health crises. The U.S. must enact a comprehensive privacy law in order to better protect people in the United States, and to join the global conversations to shape this rapidly evolving landscape. It will be difficult for the United States to continue to argue for interoperable global standards that can improve innovation and benefit society when it doesn’t have a comprehensive standard of its own.

If the United States doesn’t enact privacy legislation soon, it risks seeing the balance of power on these issues shift away from Washington, D.C. to Brussels, New Delhi, and other capitals around the world that recognize the growing consensus that people's data must be handled with respect. There are new norms and rules coming to govern technology and data. The key question is whether the U.S. will have a hand in shaping them and defining the next wave of responsible innovation. 
0 Comments



Leave a Reply.

    Archives

    March 2023
    February 2023
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2020
    June 2020
    April 2020
    March 2020
    December 2019

    Categories

    All
    Accountability
    Data Processing
    Individual Rights
    Legitimate Interest
    Transparency
    US Privacy

    RSS Feed

Copyright © 2022 by the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP.
Disclaimer | Privacy Policy | Cookies Policy | Contact
Picture
Picture