U.S. consumer privacy law, in large part, relies on notice and consent, which is, in turn, enforced by the unfair and deceptive trade principles laid out in the Federal Trade Commission Act and state consumer protection laws. "For the most part, being explicit in a privacy statement about how consumer data is used, shared, and kept secure, and then living up to those promises while not acting in a way that would surprise or be unfair to a consumer, sums up the basic of U.S. consumer privacy law (nuance notwithstanding)," writes IAPP Research Director and DPO Rita Heimes, CIPP/E, CIPP/US, CIPM. But the broad jurisdictional scope of the EU General Data Protection Regulation challenges traditional notions found in U.S. privacy law. In this new DPO Confessional installment, Heimes shares her "letter to the staff" to help U.S. audiences better understand and implement the paradigm-shifting principles found in the GDPR.
If you want to comment on this post, you need to login.