Digital Privacy Laws:  How Europe Protects Your Online Data Differently than the U.S.

Both Europe and the U.S. are facing far-reaching changes regarding digital privacy laws. However, the effects on data privacy differ drastically. Mukul Chopra sheds some light on the main differences between digital privacy laws in Europe and the U.S. and explains what multinational companies operating on both continents should know.

Mukul Chopra, Digital Transformation Center Director at COMPAREX

An article by the Mukul Chopra, Director of Digital Transformation Center Security at COMPAREX

Digital Privacy in the European Union

On May 25, 2018 – less than a year from now – the EU will put into effect one of the most far reaching and punitive measures dealing with digital privacy. The General Data Protection Regulation  - GDPR - is literally privacy on steroids and far beyond what we have ever seen.

A long list of identifiers (aka Personally Identifiable Information or PII) now fall within the purview of this regulation. In addition to the more recognizable PII like name, gender, sexual orientation, location data, economic, cultural, and economic data etc. we can now add IP addresses, genetic information and even biometric data.

Further, any EU resident may request access to their data and is entitled to enforce the “Right to be forgotten” whereby their personal data must be erased. The catch is that such erasure needs to occur from every instance where such data may have been shared! In cases where the data is deemed inaccurate, the data subject can enforce the “Right to restrict the processing of personal data”. Data subjects have the right to data portability and even to object to be evaluated based on automated processing systems. The list is very long indeed.

The law applies to any company doing business in the EU, and not just for companies based in the EU.

Breaches must be disclosed within 72 hours and if you have second thoughts about complying with the regulation, consider the penalties: 4% of global gross revenues or € 20 million – whichever is higher!

Based on 2016 revenues, a fine for Apple would be $ 8.6 billion. Think they are not going to take this seriously? Unlikely. By some estimates fully 95-98% of US companies doing business in the EU, are not prepared and are not on track to become compliant by May 2018. A frightening prospect.

Digital Privacy in the United States of America

On April 3, 2017, while the country was occupied with the latest crisis headlines, President Trump signed the repeal of the internet privacy rules into law. There was not even a comment from the White House and no photo opportunity of the President signing this law. Very few even noticed. The resolution passed by a 50-48 vote in the Senate and 215-205 in the House.

The repealed internet privacy rules  had been aimed at preventing internet providers from selling personal data without permission.

This battle, which had pitted large internet service providers and tech giants against consumer advocates and privacy rights groups, became history, and those ISPs that were interested in selling private data, won the day. Privacy took a blow to the nose.

In one report, consumer and rights advocates were outnumbered 50:1 by the lobbyists for their opponents. Critics of the rules had argued that this was an example of government overreach. One of the arguments for eliminating the rules was that these rules “would cause consumers to miss out on customized promotions”.

Now experts argue that these huge new databases of personal information are likely to become targets for hackers, law enforcement and spies.

The tide of consumer complaints, as more citizens become familiar with what has transpired is now causing some lawmakers to consider the repeal of the repeal of the internet privacy rules! Time will tell.

What is a large multinational company doing business on both continents supposed to do?

EU residents want to enhance privacy and whereas in the USA privacy has just been shredded. With this diametrically opposed cauldron of laws to deal with, how should companies respond?

Unfortunately, this is now a very confusing and contradictory landscape with no quick and easy path to resolution. Angela Merkel recently called for international regulations for the digital world. She went on to say that Europe and the US need to work together to ensure sensible rules because the “standards had been very erratically set so far”. For many companies, the statements resonate but a collaborative approach between continents is an elusive dream.

In the meantime, global companies must deal with a bipolar set of regulations making compliance a nightmare scenario.

Digital Privacy Laws Europe and U.S.

 Click here to download this graphic

 

Leipzig, 14.07.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

 Follow us on Twitter

Related articles

5 Facts You Should Know About the European Data Privacy

The General Data Protection Regulation was created to unite principals of data privacy within Europe. This situation will now be changed by a unique law which applies equally to each EU Member State. Read the full article ...

Archive

Get an overview of all published blog articles of the past months.

 Read more

Share this Article

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.