Login | October 16, 2018

Who’d believe it? Problems implementing GDPR

RICHARD WEINER
Technology for Lawyers

Published: July 20, 2018

It came as quite the shock to me, but not everyone was ready for the GDPR implementation that came May 25th. (Actually, just about nobody was because everyone was fixated on where LeBron was going to go).

Here are several noticeable problems that came along with the implementation of EU’s new privacy laws:

Un: Clash of laws Pt. 1: US. GDPR allows anyone to demand an erasure of personal data at any time. However, there are US laws that require data retention, from the finance sector to litigation and evidence holds and more. There is an out for some of this in GDPR, but it’ll be a proof and bureaucratic nightmare.

Dos: Big data compliance. There is already a lawsuit in four EU countries by an Australian against Facebook and Google for GDPR violations. They say they’ve changed, but they also have pulled back from serving some countries, seemingly because of the new strictures. Fun will ensue.

Drei: Decentralized storage, like the blockchain. Not gonna do another blockchain explainer, but it’s possible that every contributor to a blockchain or other decentralized database could be determined to be a data holder. GDPR doesn’t address this specifically. Chaos.

Four: Not ready for prime time. The last large-scale survey found that 80 percent of affected businesses were not GDPR compliant before May 25. That’s in the EU. Fewer than half of law firms were ready. My guess is that the US figure would be closer to 90 or more, and other countries would be even worse. So when everyone is breaking the law, how do the cops keep up?

Pet: Clash of laws Pt. 2: EU states. The GDPR clashes with the laws of some of the EU member states. Also, some of the member states are as far behind on compliance ans corporations and law firms. And the general GDPR office is allowing some local leeway to the member states in enforcement.

Seks: Deleting personal data can block law enforcement from investigating intellectual property theft, particularly regarding domain names. At least one expert is calling for a separate set of laws around this issue.


[Back]