IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois - - PowerPoint PPT Presentation
ANALYSIS OF THE US PRIVACY MODEL - IMPLICATIONS OF THE GDPR IN THE US Francisco Garca Martnez Illinois Institute of Technology Contact: Francisco Garca Martnez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez
Francisco García Martínez
Illinois Institute of Technology
Contact:
Francisco García Martínez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez
02
What is the GDPR
1 2 3 7 5 4 6 1 8 1 1
GDPR most significant updates GDPR vs US privacy California Consumer Privacy Act
Chicago Personal Data Collection and Protection Ordinance
The Consumer Data Protection Act Adapting to the GDPR Conclusions
03
General Data Protection Regulation
ADOPTED
APR, 2016
ENFORCEABLE
MAY, 2018
04
AFFECTS NON-EU ORGANIZATIONS DATA PROTECTION OFFICER (DPO) THRILLING FINES EXPLICIT AND INFORMED CONSENT NOTIFICIATION OF DATA BREACHES PRIVACY IMPACT ASSESSMENTS (PIA) MINIMISATION PRINCIPLE INTERNATIONAL DATA TRANSFERS POLICY ACCOUNTABILITY, PRIVACY-BY- DESIGN & PRIVACY-BY-DEFAULT
05
Appropriate technical and
Affected individuals and Supervisory Authority without unreasonable delay
Explicit opt-in consent Certain conditions are met Encrypt data in storage and in transit Mostly inexistent No timely restriction Complete ignorance of what is collected No restrictions SECURITY MEASURES DATA BREACHES NOTIFICATIONS CONSUMERS’ POWER INTERNATIONAL DATA TRANSFERS
06
1) To know what personal information is being collected 2) To know whether their personal information is sold and disclosed and to whom 3) To say no to the sale of personal information 4) To access their personal information 5) To equal service and price SIGNED
JUN, 2018
EFFECTIVE
JAN, 2020
07
Outside California State borders
Consumers’ privacy disclosures General privacy policy. More specifics upon request Opt-out consent Cross-border data transfers not restricted Fines up to $7,500. For certain breaches, $100-750 per data subject Children’s (16) data prohibited, unless opt-in Outside EU borders Disclosures, international data transfers, notifications, security measures… Layered information. Additional requirements to present info to users Explicit consent Restricted international data transfers Higher of 4% or €20 M Legal children’s age to process data: 16 Other EU countries may set a lower age >=13
08
✓ Prior opt-in consent, but not informed ✓ Notifications of data breaches ✓ Apply to business outside borders of territory
Amendment of Municipal Code
Chapter 402
APR, 2018
THE CHICAGO
AND
Provide regulation for operators that collect sensitive personal data of individuals in Chicago
ADDED
09
WYDEN
NOV, 2018
✓ Fines up to 4% annual revenue and 10-20 years criminal penalties ✓ More information to consumers
Proposes that the US as a nation should establish minimum privacy and cybersecurity standards to protect consumers’ privacy. Empower Federal Trade Commission (FTC)
www.floraladdress.com
10
Adhere to the Privacy Shield Become proactive Records of processing activities Notify data breaches PIA and/or DPO INFORM and obtain explicit consent
www.floraladdress.com
11
GDPR is not a problem
It is a solution
GDPR is not a revolution
It is an evolution
State level
California Consumer Privacy Act
National level
Consumer Data Protection Act Discussion Draft
ANALYSIS OF THE US PRIVACY MODEL – IMPLICATIONS OF THE GDPR IN US
Contact:
Francisco García Martínez fgarciamartinez@hawk.iit.edu linkedin.com/in/francisco-g-martinez