DATA ANALYTICS AND DATA PRIVACY

R&C: Could you provide an overview of data privacy trends unfolding across the globe? What have been the overarching developments of the past few years?

Campbell: Countries and their citizens recognise the critical importance of information privacy. Compromised personal data is exploited by malicious actors to victimise individuals through financial and identity fraud and used against countries’ economic and national security interests. Data compromises include breaches such as the 2015 identified cyber penetration of the US Office of Personnel Management. Other noteworthy data breaches include Marriott Starwood Hotels, Quora, Google and T-Mobile. Beyond the European Union’s (EU’s) General Data Protection Regulation (GDPR), approximately 80 countries have instituted data privacy laws, including the US, through laws such as the Health Insurance Portability and Accountability Act and the Driver’s Privacy Protection Act of 1994. Only California has passed a specific consumer privacy law, the 2018 California Consumer Privacy Act (CCPA). Many other states are considering the passage of similar laws. Colorado and Iowa have already strengthened their protection of consumer and student information, respectively.

Meyer: The EU’s adoption of the GDPR exemplifies the trend in data privacy toward more transparency in how businesses use and monetise data and more individual control over the use and exploitation of personal information. The GDPR follows the May 2017 amendment to Japan’s Act on the Protection of Personal Information, which expanded its application to include foreign as well as domestic companies and the Privacy Amendment (Notifiable Data Breaches) to Australia’s Privacy Act, effective in February 2018, which strengthened consequences for exposure of personal information resulting from lax security. Brazil’s General Law of Data Protection, effective February 2020, substantially mirrors the GDPR in scope and fines, and is another example of this growing trend. The CCPA, effective 1 January 2020, is an example of a US state legislature’s effort to increase transparency and individual control over data use.

Jul-Sep 2019 Issue

Navigant Consulting

Pillsbury Winthrop Shaw Pittman LLP