Privacy law expands into new areas: Harmonisation is elusive

The Global Privacy Assembly in Bermuda in October provided us, the PL&B Editorial Team, with non-stop immersion into privacy law trends around the world.

Laura Linkomies, Editor, and I were honoured to organise and moderate the introductory session on Privacy law developments in the Caribbean Community. The session brought together the speakers from Bermuda, Bahamas, Barbados and Jamaica for the first time. It showed the dilemma of bringing these new laws into force with minimal resources, in legal and business cultures not accustomed to them, and at the same time, not wanting to scare away investors.

Some in the audience asked about the possibility of bringing these small island jurisdictions into the same legal framework. It would make business decisions easier for companies working across the region and for the regulators so they could more easily provide mutual support for themselves and interpretation of the common data protection principles. The speakers agreed that although this would be a good idea in theory, it was unlikely to happen for at least 10 years. The panel’s opinion related only to the English speaking jurisdictions which they represented. Achieving legal unity with the Caribbean islands where Dutch, French and Spanish is spoken would be an even more distant prospect.

Harmonisation is elusive everywhere due to strong national legal and cultural traditions. The gold standard EU GDPR entered into force in 2018 which was 23 years after the European Community Data Protection Directive entered into force in 1995. 50 years after Sweden adopted the world’s first national Data Act in 1973, the common legal framework of this directly applicable Regulation for the European Economic Area is now established. But the aspiration to achieve common legal practice and a high level of predictability for companies may never be achieved.

On the positive side, the regulators from a growing number of countries did agree in Bermuda on resolutions including those on AI and employment; Health Data and Scientific Research, Achieving global DP standards, and Generative AI Systems.

Italy an active AI regulator: As AI models scrape the Internet to train their data sets and algorithms, there are inevitable questions on the legality of this process. Italy’s Garante is currently running a consultation on this subject and was the first in Europe to take the initiative to tackle OpenAI’s ChatGPT. The Garante is now taking a leading role in the European Data Protection Board’s (EDPB) Task Force on Artificial Intelligence. Guido Scorza, Board Member of the Garante, will address this and related AI issues at PL&B's 37th International Conference, 1-3 July 2024.

Bermuda provided the ideal setting for us to meet for the first time both Guido Scorza and Che Chang - General Counsel, OpenAI and reunite with longstanding contacts among regulators, companies and law firms. Such contacts enable you, the subscribers, to gain advantage from such links which refresh and strengthen our knowledge base and insights.

Other privacy law areas: While this edition has six articles and news items on various aspects of Artificial Intelligence, it is clear that there is a full agenda of other privacy law areas which demand attention including privacy law reform in Australia and international transfers as part of Nigeria’s new data protection law.

Even in Germany which has one of the world’s longest established data protection laws, first adopted in 1977, there is plenty of litigation in the courts at all levels to settle disputes and claims. In some cases, disputes in regional (Land) courts are appealed to Federal courts.

Data protection law has an ecosystem which frequently expands into new areas, such as the EU’s green strategies which will require companies to collect and process personal data in order to report on environmental, social and governance issues.

PL&B Events

If you want to take an active part in the world’s longest established and favourite privacy law conference, now is the time to submit your speaker offer in the first half of December for PL&B’s 37th International Conference 1-3 July 2024 at St. John’s College, Cambridge.

We will soon provide you with details of other PL&B in-person events:

  • 23 January in London on Ensuring fair and lawful AI implementation – to be hosted by Macquarie Group, and
  • 20 February in London on The ICO’s Monitoring at Work Guidance: Time for action – to be hosted by Lewis Silkin.

On behalf of Laura Linkomies, Editor, and the rest of the PL&B Team, I thank you for subscribing to PL&B Reports, wish you a refreshing holiday and we look forward to keeping you informed about international privacy laws and their impact on your business in 2024.

Best regards,

Stewart Dresner
Publisher, Privacy Laws & Business

December 2023

News & Blogs

December 2023 Report Contents