US companies scramble toward GDPR compliance
More than half of U.S. multinational companies list the GDPR as their top data privacy compliance priority, said PwC. R Street Institute Director-Innovation Policy and General Counsel Mike Godwin said the GDPR — which EU Delegation to the U.S. Counsellor Aymeric Dupont called a new baseline on the protection of consumer data in the EU — will result in the emergence of the data protection officer (DPO). The demand for that position is growing rapidly, as companies need to keep abreast of technology and algorithm strategy. Tech lawyers will be in high demand under this new regime, Godwin said. The International Association of Privacy Professionals said the GDPR will require at least 28,000 DPOs to achieve compliance in Europe alone.
The panelists discussed the EU’s “right to be forgotten,” a practice allowing European citizens to request that online platforms remove content they consider outdated or irrelevant, such as news about crime or other detrimental information from a person’s past. Godwin said the EU is trying to establish a consumer’s right to control data, which is an “interesting change,” since in the U.S., the presumption has been that once information is public, it remains in the public domain. The focus of right to be forgotten is on Google, which has fielded lawsuits from users seeking to clear their past from the internet. The GDPR creates the expectation that online platforms adhere to certain requests, Godwin said. He called the right to be forgotten “a cost of doing business.” That means the incumbents, large companies like Google, will have the resources to determine which takedowns are warranted, but smaller firms will need to take down content that hasn’t been fully vetted, in order to avoid costly penalties.