October 22, 2020 – The European Commission will issue a draft for modernized standard contractual clauses “very soon,” said Bruno Gencarelli, head of International Data Flows and Protection for the commission, speaking at Technology Policy Institute event on Monday.
Protecting privacy and data flows go hand in hand, he said. Around the world, people are trying to reconcile these issues.
Of particular interest to the panel was the U.S.-EU-data shield, a framework between the U.S. Commerce Department and the European Commission to allow U.S. compliance with European privacy law. The data shield was invalidated on July 16, harming U.S.-EU trade in data.
Now, a task force of the European Data Protection Board is developing recommendations for data controllers, and they should be ready in about six weeks, said EDPB chair Andrea Jelinek.
But Gencarelli cautioned not to expect that an exhaustive list of prescriptions. They’ll give a toolbox and a non-exhaustive checklist of elements to consider, he said.
Panelists at the event called for a U.S. data privacy law. Such a law is much needed, said Atlantic Council senior fellow Kenneth Propp. It would establish baseline privacy rights and empower an independent regulatory agency to enforce them. It would also raise the credibility of the U.S. in the eyes of the world, he said.
Andrew Smith, director of the Bureau of Consumer Protection at the Federal Trade Commission, argued that the FTC should be the rulemaking body to accompany a U.S. federal privacy law. Former Acting FTC Chairman Maureen Ohlhausen, currently at Baker Botts,and IBM Vice President Christina Montgomery agreed that the FTC was the right institution to have rulemaking authority.
When asked if the U.S. federal privacy law should be like GDPR, Catherine Tucker, chair of the MIT Sloan Ph.D. Program said she was not convinced that the EU had struck the right balance between privacy and data. American should thank Europe going first and experimenting, she said.
COVID-19 has not changed federal privacy law, said Ohlhausen, although it would have been helpful to have a law in place to deal with issues raised by the pandemic.
Jane Bambauer, law professor at the University of Arizona, said she was concerned about public mistrust that that companies make apps that are most effective and protective of privacy.
Even though America don’t have GDPR, the country has privacy protection through FTC action that also strikes a balance with innovation, she said.