GDPR After 5 Years: Where Does the Regulation Stand?

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

The GDPR journey has not been wonderful.

NOYB has 800 cases out and the enforcement process is difficult because procedural law is different in different countries.

This wasn’t what we expected when GDPR came out, NOYB’s Max Schrems said during IAPP’s International Association of Privacy Professionals Global Privacy Summit.

Andrea Jelinek of the European Data Protection Board said new regulations are expected to come out in the summer streamlining and harmonizing the process.

What’s going well with GDPR:

  • Schrems: GDPR is the least stupid privacy law around, but there is still a long way to go. The law is too vague, and that hurts most small- and medium-sized enterprises that are actually trying to comply.
  • Jelinek: GDPR is working and will continue to work.
  • Former UK Information Commissioner Elizabeth Denham: On day one, 500 million people got new rights and created a new standard. Other countries have used GDPR as an inspiration, but didn’t copy it. Rather, they adapted it to their own culture and preferences.

On international data transfers:

  • Jelinek: The EU-US DPF is an improvement, but the EDPB raised concerns and the European Commission takes our advice seriously.
  • Schrems: The DPF is an improvement, but it isn’t enough. There is an agreement on the level of protection you expect from your own country, but there needs to be agreement on protection of the data of other democratic countries. The U.S. definition of proportionality is not good enough, and neither is the redress.
  • Denham: In the short term I’m pessimistic. In the longer term, G7 countries should agree on government access to data. There should be a common standard, and we will get there eventually. The EU adequacy system is not sustainable.
  • Jelinek: That global standard for transfers should be the GDPR.
  • Schrems: We need a global standard. The fact that GDPR is based on data localization and exceptions. That’s why it the next 10 yers there will be a lot of Roman numerals after my name.

GDPR grades:

  • Schrems: For the law, C. For enforcement, F. Therefore, a school grade of D.
  • Denham: 8/10 because the law raised the benchmarks and changed the conversation
  • Jelinek: 7/10

GDPR at 10 years of age:

  • Denham: The GDPR will be reformed. It’s time.
  • Schrems: With class actions and emotional damages and a harmonized enforcement, GDPR could be a 10. It will be a different ball game.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide