Privacy laws the foundation for economic development

This edition highlights the diversity behind national implementation of the EU Data Protection Regulation. Professor Peter Blume, Denmark’s top expert (p.1), observes that “the GDPR in many ways is not a true regulation but resembles a directive.” In one respect, data protection in Denmark has been reduced compared to the previous EU Data Protection Directive. We will watch to see whether other Member States take advantage of this flexibility option.

Signs of change in the US

While the GDPR’s influence extends across the world, sentiment is growing in the US for stronger legislation not only in California but also in other state legislatures (p.7). At the European Commission’s Conference in Brussels to celebrate GDPR Day, which I attended on 25 May, Brad Smith, President and Chief Legal Officer at Microsoft, announced that his company is adopting the GDPR across the world. He declared that privacy is a fundamental human right and that Microsoft had 1,600 engineers working on its GDPR implementation project. The process is that first lawyers analysed what the GDPR meant for the company and specified what the company must do. The next stage was that the requirements were translated into project specifications which were then passed to coders who wrote computer code. Finally, the team found bugs and fixed them.

He declared that this is “an exercise for good… build it once and use it everywhere.” By extending the benefits of GDR implementation to all Microsoft clients, including Small and Medium Enterprises, it brings down the cost of entry into a market for everyone using his company’s products and services.

When I asked him whether he expects any privacy law developments at the federal level, he replied not in 2018 but there might be some in the 2019/2020 Congress. He expected that the privacy legislative initiative in California is likely to be copied in other states, as was the case for data breach laws. I responded that while Microsoft’s initiative was commendable, it was perhaps easier for his company to take the moral high ground as it offers paid for services and does not rely on targeting individuals for advertising revenue. He agreed that other tech companies which thrive on free services were much less likely to roll out their GDPR programmes across the world. You can see our conversation here.

Join the privacy world’s top table

In just two weeks, the PL&B team will be at Navigating GDPR: The art of the possible, our 31st Annual International Conference, taking place 2-4 July at St. John’s College, Cambridge. We have updated the programme this week. At this late stage, residential and dinner places are filling fast.

If you want to be part of the privacy world’s Top Table, in a magnificent summer school setting, I advise you to register now. Join sessions on an incredible range of privacy law subjects and meet privacy people, currently from 22 countries.

We look forward to following up many of the subjects and themes in this edition and meeting you soon in Cambridge.


Stewart Dresner, Publisher

International Report 153

Lead story:

The Danish transposition of GDPR: A few surprises

Peter Blume of Copenhagen University analyses the national specifics that include extending the scope beyond natural persons.

Contents also include:

  • Comment: The proof of the pudding...
  • California’s GDPR?
  • European Data Protection Board is ready to operate
  • ‘GDPR creep’ for Australian business
  • ABLI issues compilation of 14 Asian country reports
  • The Danish transposition of GDPR
  • Spain awaits GDPR adaptation law
  • Poland’s new DP law now in force
  • Israel adopts breach notification and other security measures
  • Thailand’s draft Bill: Strengths, many uncertainties
  • Small company, big ethics
  • Italy’s DPO group promotes best practice and GDPR
  • Book Review: Handbook on European Data Protection Law
  • LIBE committee calls for EU-US Privacy Shield to be suspended
  • Slovakia adopts GDPR law
  • France’s GDPR law faces constitutional inquiry
  • CNIL consults on DPO certification
  • Italy closer to implementing GDPR
  • EDPB ‘ready from day one’
  • US appoints FTC commissioners
  • Hungary’s GDPR adaptation Bill
  • Germany issues first court decision on GDPR
  • GDPR training practices diverge
  • Guide on GDPR insurability