Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Good, The Bad, and the GDPR

Published byBruno Éthier Modified over 6 years ago

Similar presentations

Presentation on theme: "The Good, The Bad, and the GDPR"— Presentation transcript:

1 The Good, The Bad, and the GDPR
Policy Responses to Cambridge Analytica

2 Policy Responses to CA in DC
Whoah, this is terrible! We were already mad at Facebook for other reasons anyway! Let’s pass a law! Will CA mean privacy law gets more political traction than other things like campaign finance? What law would be a good idea? Presentation Name-Change in Slide Master

3 Privacy Law in Response to CA
US privacy law for Internet is arguably pretty broken FTC system + verticals like health, video Private action standing and damages problems Europe has a shiny new law, the GDPR It’s massively complicated and very few Americans understand it Nonetheless, people are invoking it as an answer Presentation Name-Change in Slide Master

4 What does GDPR Cover? A Sampling
Individual access, correction, and erasure rights Major limits on subsequent reuse of data gathered for a different purpose Data portability – user taking data to a new service Breach Consent requirement for some uses (e.g. of health data) Parental consent required for under 16 (or 13) Data transfer: can a company move data to another country? Enforcement Streamlining, sort of, system of Data Protection Authorities (DPAs) Extraterritorial application Fines of 4% of global annual turnover or €20 million Presentation Name-Change in Slide Master

5 What does GDPR Compliance Look Like for Companies?
“Data protection will be as significant as antitrust or anti-corruption in terms of compliance risk.” – Hunton & Williams Many small companies including news sites blocking EU users Product team compliance includes Changes, often major, to back-end data logging User interface changes New tools for access, correction, portability, etc. Legal team compliance includes Data Impact Assessments Internal record-keeping Renegotiating commercial contracts Changing user Terms of Service In some cases appointing Data Protection Officer resident in EU Presentation Name-Change in Slide Master

6 Core Concept of GDPR: Data Protection
Data Protection is: A separate right from Privacy under EU Charter Not rooted in concept of harm (like privacy invasion offensive to reasonable person), but instead in concept of fundamental (like Constitutional) right to control data about oneself Evolved from databases and “back-end” data processing Not “ownership” Compare moral rights Compare database directive Was a regulation before it was a right Presentation Name-Change in Slide Master

7 GDPR: Data Protection Consequences of grounding law in individual’s fundamental right to control data: Complex regulatory system, like for finance or emissions, makes sense. Default is you can’t process info. Need express justification. (Art. 6 GDPR) Consequences for any other law/policy about information management (free expression, copyright, etc.). Presentation Name-Change in Slide Master

8 GDPR Policy Trade-Offs: Internet Jurisdiction
Extraterritorial application of law by democracies  same by other govts Human rights “margin of appreciation” doctrine – if one country balances privacy versus free expression one way, and a second country does it another way, does one get to impose its balance on the other’s territory? Promoting Internet balkanization as small companies (tech companies, publishers, etc.) geoblock to avoid compliance costs Presentation Name-Change in Slide Master

9 GDPR Policy Trade-Offs: International Relations, Trade, and Spying
Yes, these all go together! Can’t transfer data from EU to another country unless it/companies adequately protect data. Schrems case said NSA spying means illegal to transfer data to US -- under some legal mechanisms, maybe all. (Schrems II is coming...) International businesses and deals in disarray. In principle, US having GDPR-like law (and spying less) could help. Presentation Name-Change in Slide Master

10 GDPR: Policy Trade-Offs: Innovation and Privacy
“Big data” technologies Compliance cost of going to market with a new idea Getting regulators’ permission before launch for new ideas Limits on using legally acquired data for new features or technologies Presentation Name-Change in Slide Master

11 GDPR Policy Trade-Offs: Competition
This one is huge and poorly understood. By which I mean, you might want to write about it. Who benefits if: No one can develop apps that run on top of Facebook’s data... Or if those apps are so limited they pose no competitive threat to Facebook... Data portability doesn’t include enough friends’ data to make a competing platform attractive... Meaning you can leave, but you can’t take (a) adequate contact/social graph data or (b) both sides of your chats, comments on posts, etc... A company that got to data hoard under old rules competes w newcomers operating under new rules... Presentation Name-Change in Slide Master

12 GDPR Policy Trade-Offs: Speech and Information
Questions about public speech and information that are now governed by Data Protection law If I tweet “Riana Pfefferkorn’s party last night was a bust, we all got sick including her,” is my tweet Riana’s personal data? “Right to Be Forgotten” ruling says YES, when that tweet is indexed by Google, so she can demand partial removal. MAYBE she can also make Twitter take it down. MAYBE she could also make me take it off my own website. Presentation Name-Change in Slide Master

13 GDPR Policy Trade-Offs: Speech and Information
Unintended consequences of applying data protection law to public speech: Substantive rules for balancing speech and privacy/reputation under longstanding defamation or civil privacy laws are lost. In their place are untested new standards, originally developed for databases. GDPR references and expands consideration of expression/info rights But all detail is left to EU Member States, who historically have not all bothered to legislate well or in detail on this So private tech companies will decide what the law is, and public authorities will review only in cases where the claimant – not the speaker – objects. Presentation Name-Change in Slide Master

14 GDPR Policy Trade-Offs: Speech and Information
Unintended consequences of applying data protection law to public speech: Procedural rules for private platforms’ notice and takedown operations. Intermediary liability “gold standard” of Manila Principles not applied, and even EU eCommerce Directive law may not apply Example: Per DPAs, it is usually illegal to tell the speaker when her online expression has been erased or delisted. No opportunity to correct for removals based on malicious or mistaken claims. Which are over 50% of claims received by Google and Bing so far. Note conflicting Mexican ruling based on Constitutional Due Process and Expression rights. Presentation Name-Change in Slide Master

15 GDPR Policy Trade-Offs: Speech and Information
If you want to know more about “Right to Be Forgotten” under Data Protection law in EU and globally Check out the World Intermediary Liability Map, If you really want to nerd out, read my article – The Right Tools: Europe’s Intermediary Liability Laws and the 2016 General Data Protection Regulation, Or for a quicker take try this Presentation Name-Change in Slide Master

16 Where we Started: US Privacy Law in Response to CA?
Does the US need better privacy laws? Almost certainly. Do we need the GDPR? This question is almost meaningless. It is massive. It has (IMO) good things and (IMO) bad things. Some of it would be unconstitutional here. It involves major policy trade-offs, each deserving separate assessment. Presentation Name-Change in Slide Master

17 Thanks. http://cyberlaw.stanford.edu/about/people/daphne-keller
Presentation Name-Change in Slide Master

Download ppt "The Good, The Bad, and the GDPR"

Similar presentations

Google Confidential and Proprietary Trademarks on the Internet: Problems and Solutions Terri Chen September 2012.

Google Confidential and Proprietary Trademarks on the Internet: Problems and Solutions Terri Chen September 2012.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
COPYRIGHT, LEGAL ISSUES & TAKEDOWN. 2 Work priorities 2014-15 Orphan Works ALRC review Copyright and the Digital Economy Creative Commons licenses Legal.

COPYRIGHT, LEGAL ISSUES & TAKEDOWN. 2 Work priorities Orphan Works ALRC review Copyright and the Digital Economy Creative Commons licenses Legal.
The New Legal Landscape for Event Industry Social Media Kathryn Carrier, Esq. © 2011 Katy Carrier.

The New Legal Landscape for Event Industry Social Media Kathryn Carrier, Esq. © 2011 Katy Carrier.
Chapter 17 Objectives: 6.04, 6.05, 10.05, 10.06. Using the Internet Web sites: pages on the World Wide Web that contain text, images, audio, and video.

Chapter 17 Objectives: 6.04, 6.05, 10.05, Using the Internet Web sites: pages on the World Wide Web that contain text, images, audio, and video.
Technology in Focus: Information Technology Ethics

Technology in Focus: Information Technology Ethics
ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.

ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.
Doc.JUDr.Soňa Skulová, Ph.D. Principles of Good Governance.

Doc.JUDr.Soňa Skulová, Ph.D. Principles of Good Governance.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
How Prepared are Nordic CIOs for GDPR Compliance?

How Prepared are Nordic CIOs for GDPR Compliance?
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Surveillance around the world

Surveillance around the world
What Does GDPR mean for you

What Does GDPR mean for you
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)

Similar presentations

Ads by Google