BSA, CDT Execs Agree on Need for US, International Privacy Regimes
Executives from the Center for Democracy and Technology and BSA|The Software Alliance agreed this week the U.S. needs federal privacy regulation. They said the ultimate goal should be international harmonization of privacy rules. Europe took an important step implementing the general data protection regulation, and now partners need to work toward international consensus on privacy, said BSA CEO Victoria Espinel on a scheduled weekend telecast of C-SPAN’s The Communicators.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
CDT CEO Nuala O’Connor said the EU is the most powerful regulator on data, as has been true for a while. “Absent U.S. leadership, absent other regional leadership, the EU is occupying the field for compliance for multinational companies,” said O’Connor. She said the U.S. needs to “come to the table” to discuss what data rights individuals have.
Espinel said the patchwork of inconsistent laws developing with the GDPR, California’s new privacy law (see 1807120043) and rules from other countries and jurisdictions “is not helpful for business.” BSA is hoping to move the conversation forward in the U.S., she said, citing Japan’s new data privacy law as balancing strong consumer protections with flexibility for evolving technology. She questioned how quickly the U.S. can pass federal privacy regulation but agreed talks are progressing.
O’Connor had believed for some time the U.S. would adopt a federal privacy law, despite a lot of skepticism, even just six months ago. She described the Facebook-Cambridge Analytica privacy breach (see 1804100054 and 1804110065) as a “major milestone,” saying Americans are now asking for U.S. privacy protections, given EU developments.
The GDPR gives BSA members enough flexibility to continue to offer services, said Espinel, but there's a lot of room for interpretation. How implementation moves forward will impact how it affects business, she said. If the U.S. wants to continue to lead innovation, it needs to have the right privacy rules, she said. Companies need data for security purposes, she said, like to avoid credit card fraud. Cybersecurity is “impossible to do unless data can move around the world in a relatively seamless way,” she said. On rules generally, the chief noted, BSA wants to make sure companies and customers can use data to support various “enterprise functions” anywhere.