ANALYSIS OF THE US PRIVACY MODEL - IMPLICATIONS OF THE GDPR IN THE US Francisco García Martínez Illinois Institute of Technology Contact: Francisco García Martínez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez
OUTLINE 02 What is the GDPR 1 2 GDPR most significant updates 3 GDPR vs US privacy 4 California Consumer Privacy Act Chicago Personal Data Collection 5 and Protection Ordinance 6 The Consumer Data Protection Act 1 Adapting to the GDPR 7 Conclusions 8 1 1
03 The General Data Protection Regulation WHAT IS 2016/679 is a regulation in EU law on data THE GDPR protection and privacy for all individuals within the European Union and the European Economic Area. General Data Protection Regulation 25 TH 14 TH APR, 2016 MAY, 2018 ADOPTED ENFORCEABLE
GDPR MOST SIGNIFICANT UPDATES 04 MINIMISATION PRINCIPLE PRIVACY IMPACT ASSESSMENTS THRILLING FINES (PIA) ACCOUNTABILITY, PRIVACY-BY- EXPLICIT AND INFORMED CONSENT AFFECTS NON-EU ORGANIZATIONS DESIGN & PRIVACY-BY-DEFAULT INTERNATIONAL DATA DATA PROTECTION OFFICER NOTIFICIATION OF DATA BREACHES TRANSFERS POLICY (DPO)
GDPR vs US PRIVACY 05 GDPR US Appropriate technical and Encrypt data in storage and SECURITY MEASURES organizational measures in transit Affected individuals and DATA BREACHES Mostly inexistent Supervisory Authority without NOTIFICATIONS No timely restriction unreasonable delay Complete ignorance of Explicit opt-in consent CONSUMERS’ POWER what is collected INTERNATIONAL DATA Certain conditions are met No restrictions TRANSFERS
06 01 ST 28 TH JUN, 2018 JAN, 2020 SIGNED EFFECTIVE 5 RIGHTS TO CALIFORNIANS 1) To know what personal information is being collected 2) To know whether their personal information is sold and disclosed and to whom 3) To say no to the sale of personal information 4) To access their personal information 5) To equal service and price
CALIFORNIA CONSUMER PRIVACY ACT 07 CCPA GDPR Outside California State borders Outside EU borders Disclosures, international data transfers, Consumers’ privacy disclosures notifications, security measures… General privacy policy. Layered information. More specifics upon request Additional requirements to present info to users Explicit consent Opt-out consent Cross-border data transfers not restricted Restricted international data transfers Fines up to $7,500. Higher of 4% or €20 M For certain breaches, $100-750 per data subject Legal children’s age to process data: 16 Children’s (16) data prohibited, unless opt -in Other EU countries may set a lower age >=13
18 TH Title 4 08 APR, 2018 Chapter 402 Amendment of ADDED THE CHICAGO Municipal Code PERSONAL DATA COLLECTION PURPOSE AND PROTECTION ORDINANCE Provide regulation for operators that collect sensitive personal data of individuals in Chicago SIMILARITIES WITH GDPR Prior opt-in consent, but not informed ✓ Notifications of data breaches ✓ Apply to business outside borders of territory ✓
THE CONSUMER 01 ST SENATOR NOV, 2018 DATA PROTECTION WYDEN ACT DISCUSSION DRAFT PURPOSE Proposes that the US as a nation should establish minimum privacy and cybersecurity standards to protect consumers’ privacy. Empower Federal Trade Commission (FTC) SIMILARITIES WITH GDPR Fines up to 4% annual revenue and 10-20 years ✓ criminal penalties 09 More information to consumers ✓
CONCLUSIONS ADAPTING TO THE GDPR 10 Records of processing Adhere to the Privacy Shield Become proactive activities INFORM and obtain explicit Notify data breaches PIA and/or DPO consent GOOD FAITH! www.floraladdress.com
CONCLUSIONS CONCLUSIONS 11 GDPR is not a problem GDPR is not a revolution It is a solution It is an evolution US MOVING TOWARDS PRIVACY National level State level Consumer Data Protection California Consumer Act Discussion Draft Privacy Act www.floraladdress.com
QUESTIONS ANALYSIS OF THE US PRIVACY MODEL – IMPLICATIONS OF THE GDPR IN US Contact: Francisco García Martínez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez
Recommend
More recommend