GDPR Predictions For 2019: Expect fines on U.S. companies, increased enforcement and U.S new u.s privacy law possible and regulatory pushback
While Europe’s sweeping data protection law, the General Data Protection Regulation (GDPR) has been in effect for over six months, some U.S. companies are still struggling to understand its ramifications. Laura Sallstrom, Head of Global Public Policy at technology policy consultancy Access Partnership, notes:
The Bedford Park Opportunities Fund returned 13.5% net of all fees and expenses in the second quarter of 2021, bringing its year-to-date return to 27.6%. Q2 2021 hedge fund letters, conferences and more In the fund's second-quarter investor letter, which ValueWalk has been able to review, Jordan Zinberg, the President and CEO of Bedford Read More
- While to date, there haven’t been any fines levied against U.S. companies for breach of GDPR, we don’t expect this to be the case for long. We expect more frequent enforcement and fines. With the prospect of fines of up to €20 million or 4 percent of annual global turnover (whichever is the higher), U.S. companies cannot lightly brush off this risk.
- GDPR compliance has so far been largely taken on big technology companies — smaller companies are still struggling with the cost of compliance and the interpretation of rules and it’s difficult to know who is sufficiently prepared.
- On the U.S. side, with the newly-elected members of the House of Representatives taking office in January 2019, it’s likely that a Democratic-led House will reinvigorate a push for a federal data privacy regime. But it’s unlikely that such a big piece of legislation will have an easy path through Congress.
- Any federal legislation on data privacy will likely be shaped by a combination of the GDPR, California’s Consumer Privacy Act, and already proposed bills like the one proposed by Senator Ron Wyden (D-OR).
- Any U.S. privacy law is as likely to push back on the GDPR as to be inspired by it. Privacy reform in the U.S. would therefore be more about taking the opportunity to create a counterweight model to the GDPR. On the other hand, getting it wrong in the US, could trigger more political backlash in Europe and greater problems for US industry outside the country.
- We expect that a key feature of a U.S. privacy law such as this would be the protection of cross-border data flows and promotion of world engagement, and it’s critical U.S. policymakers get this right.
Laura Sallstrom is Head of Global Public Policy at Access Partnership, a global public policy consultancy for the tech sector