Last week the General Data Protection Regulation (GDPR) came in to force. We previously shared the view that while the GDPR is not quite right for the United States, there are important aspects that should be incorporated into the ongoing discussion about privacy legislation. This post addresses other aspects of GDPR, which have created some uncertainty around ongoing efforts to improve cybersecurity and support public safety. Two such efforts are cybersecurity information sharing and access to WHOIS data.
Today, the European Union’s General Data Protection Regulation goes into effect. The GDPR seeks to give European consumers control of their personal data in the digital era. It creates stringent rules for the collection, processing, and transfer of personal data of European residents. It also emphasizes the importance of explicit consent as a basis for data collection and processing, lists users’ rights, and encourages companies to adopt more privacy and security-oriented approaches to the collection and processing of personal data.
Europe’s new privacy law, the General Data Protection Regulation (GDPR) will enter into force in May 2018. Understandably, given that data breaches and privacy violations have been in the headlines lately -- and given that the GDPR will reshuffle privacy protection in Europe and beyond -- many in the United States are looking to the GDPR for ideas of what to do - and what not to do. We think that it would be impractical and ineffective to copy and paste the GDPR to U.S. law -- the institutions and legal systems are just too different.