About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (April 14, 2020)

handle is hein.crs/govclzz0001 and id is 1 raw text is: xa S 1,k EU Data Protection Rules and U.S. Implications U~-e S Sa {'a-W Euwopse U.S. and European Union (EU) policymakers are focused on protection ofpers onal dataonline with recent and proposed legislation and enforcement actions. Data breaches at companies such as Facebook, Google, and Marriott have contributed to heightened public awareness. The EU's General Data Protection Regulation (GDPR)- which tookeffect on May25, 2018-has drawn the attention of Congress, U.S. businesses and other s takeholders, prompting debate on U.S. federal and state data privacy and protection policies. Both the United States andthe 27-member EU assert that they are committed to upholding individualprivacy rights and ensuring the protection of personaldata, including electronic data. Differences in U.S. and EU approaches to data privacy and protection, however, have long been sticking points in U.S.-EU economic and security relations. The GDPR highlights some of those differences and poses challenges for U.S. companies doing business in the EU. Althoughno longer a member of the EU, the United Kingdom(UK) remains boundby GDPRthrough 2020 and intends to incorporate GDPR into UK data protection law. The United States does not broadly restrict cross-border data flows and has traditionally regulated privacy at a sectoral levelto cover certain types of data. The EU considers the privacy of conmunications and theprotection of personal data to be fundamental rights, which are codified in EU law. Europe's history with fascist and totalitarian regimes informs the EU's views on data protection and contributes to the demand for strict data privacy controls. The EU regards current U.S. data protection safeguards as inadequate; this has complicated the conclusion ofU.S.-EU information-sharing agreements and raised concerns about U.S.-EU data flows. Figure I. U.S.-EU Trade of ICT and Potentially ICT- Enabled (PICTE) Services, 2017 .i :............ : U.S. n Exp to EU ::::: iiiii! .................. Source: Bureau of Economic Analysis interactive dataTable 3.3. The trans atlantic economy is the largest in the world, with goods and services trade of $1.3 trillion in 2019; the UK accounted for 20%. U.S.-EU trade o finformation and conmurnications technology (ICT) services and potentially ICT-enabled services was over $307 billion in 2017 (see Figure 1). The GDPR establishes a set of rules for the protection of personal datathroughout the EU. It seeks to strengthen individual fundamental rights and facilitate business by ensuring more consistent implementation of data protection rules EU-wide. The EU hopes the GDPR will further develop the EU's Digital Single Market (DSM), aimed at increasing harmonization across the blocon digital policies. The EU also views the GDPR as underpinning efforts to fosterthe EU's digital transformation and bolsterthe EU's technology sector vis - -vis Chinese and U.S. competitors, while protecting privacyrights and European values. The GDPR identifies legitimate bases for data processing and sets outcommon rules for data retention, storage limitation, and record keeping. The GDPR applies to (1) all businesses and organizations with an EU establishment that process (performoperations on) personal data of individuals (or data subjects) in the EU, regardless of where the actual processing of the datatakes place; and (2) entities outside the EU that offer goods or services (for payment or for free) to individuals in the EU or monitor the behavior ofindividuals in the EU. Processing certain sensitive personaldatais generally prohibited. Stronger and new dataprotection requirements in the GDPR grant individuals theright to: * Receive clear and understandable information about who is proces sing one's personal dataandwhy; * Consent affirmatively to any dataprocessing; * Access any personal data collected; * Rectify inaccuratepersonal data; * Erase one's personaldata, cease further disseminationof the data, and potentially have third parties halt processing of the data (the rightto be forgotten); * Restrict or object to certain processing of one's data; * Be notified without undue delayof a data breach if there is ahigh riskof harm to the data subject; and * Require the transmis sion ofone's data to another controller (data portability). The potential high penalties for noncompliance have attracted significant attention, since a company or organization canbe fined upto 4% of its annualglobal turnover or€20 million (whichever is greater). Fines are as s essed by the national supervis ory authority (a Data Protection Authority, or DPA) in each member state and subject to appealin national courts. The GDPR also requires some companies to hire data protection officers. A A '2 Updated April 14, 2020

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most