Europes data-privacy law turns 2. Has it actually made our information safer?
This week marks two years since the general data protection regulation went into effect you know. Gdp are for a while. They're in the before times. It's all anybody talked about. It's a massive set of data privacy regulations created by the European Union and affecting any companies. That operate there. It is also the template for California's new privacy law the CPA company spent millions of dollars on GDP. Our compliance people expected finds so big. They'd put big out of business and none of that exactly came to pass but what has the GDP are meant for consumer privacy and more importantly our awareness of how're data gets used by companies. Jessica Lee is a partner with the law firm. Loeb and Loeb who specializes in privacy and she says so far. It's a mixed legacy we've heard complaints. Gdp are is kind of you know the dog that didn't bite. It was supposed to come with all of these big fines and enforcement. And that's really what got companies scared into compliance and two years later. We'VE HAD SOME FINES. But we certainly haven't had two or four percent of you know annual turnover. No one's going out of business You know even at the very high and defined it's still you know there's nothing in the billion dollar range and I you know. The enforcement has sort of trickled out as opposed to been this mass explosion of enforcement and so I think that's caused some frustration on the enforcement side but that threat of enforcement caused a lot of companies really to comply and I think compliance was the point. And so that's why I would give it you know in the B. B. Plus Range So companies did make changes. Do you think those changes will be lasting? I do I think that after the are you know obviously in the US we have the CPA. There's a law in Brazil. Multiple countries are standing up their own privacy regulations while they're not you know kind of exact matches to the GDP are they do reflect a lot of the fundamental principles and. I don't think it really makes sense to stand up a program like Something that comply with the GDP are and then tear it down because there wasn't enforcement because there could be enforcement and I think that while we haven't seen it at the levels at some were hoping for the threat of enforcement I think will still cause companies to keep their compliance programs in place up to date not perfect. I won't say that everyone's perfect. Maybe that's part of the complaint but I think that will keep it on the radar as a priority. Do you think there's anything that has trickled down to consumers like I feel like the most visible change. Is the annoying cookie disclaimers like if anything the Internet. Got a little more annoying for us. I wonder are there any other benefits that you can point to? I think this as a general matter consumers generally or more cognizant of privacy online and I think we still have a long way to go a lot of my complaint with some of the privacy regulation is that it doesn't contemplate consumer education enough internally. I think that companies do implement the Judy Pr's principles that your data might be held and be processed in a more compliant fashion meaning. You're not collecting more than you need. Or maybe there's additional security controls in place or maybe it's not being shared as widely or without you know contractual protections. Maybe it was before so there are things that are benefiting consumers that they probably can't say do you think that GDP are actually really did change the way that companies think about data and privacy or that this sort of like ongoing awareness campaign will lead to sort of a philosophical shift companies? I do I think so. I probably has a bigger impact for US COMPANIES. And we're going to see this domino effect of privacy regulation that you know if you weren't thinking about it for GDP are you'll think about it for if you're not thinking about it. I see CPA. You'll be thinking about it for the law that ends up in your state or the federal law that we have like you'll they'll be get to a place you can't avoid kind of following these principles although we are now seeing those principles collide with the covid nineteen outbreak and we've talked to futurist and legal scholars who are saying privacy. Might end up being a bit of a casualty of the pandemic so I wonder how those laws are going to interact with what public health officials may see as a need for greater surveillance or more data. Oh definitely I mean. I think we were always headed toward surveillance and so these laws weren't going to stop us from getting surveillance. The goal would be to get us there in a more responsible fashion. Which is I think the benefit of the GDP are is that because it's principles based even if you do do a lot of data collection even if you do do enhanced surveillance I think there are still some fundamental principles that will be in place The US laws are kind of more spotty and more prescriptive and so we don't have that kind of principles based approach to privacy. And I think that's GONNA leave us in a tough spot because I do think that we always have to make a trade off right so online. Sometimes a trade off with data is do I want access to content for free or you know or do I am I am. I willing not to search on the site because I don't want to give them my information. I think the stakes are obviously much higher. Where we're talking about cove nineteen. I think people are going to be willing to accept. More surveillance will be willing to give over more data to get freedom right to be able to go back outside again with some level of comfort. We're going to be pushing in the direction of surveillance and the question is. Will we be doing it in a way where we have responsible rules in place? Are we going to do it in a way where we might be in a little bit of a free for All Jessica? Lee is a partner with the law firm. Loeb and Loeb. Who Specializes in privacy