On Demand Library
Created in partnership with
Overview of Major Global Privacy Laws
5:18
Legal Disclaimer 
The information provided in this video does not, and is not intended to, constitute legal advice, instead, all information, content, and materials available on this site are for general informational purposes only. The law changes fast, so information in the video may not constitute the most up-to-date legal or other information. 
General Privacy Law Principles
What Kinds of Companies Need to Worry About Health Data?
Overview of US Privacy Laws
Who Engages in a Data Breach?
GDPR: Basic Overview
Transcript

00:08
Adam Stofsky
Shannon, can you give us an overview of what the major global and U. S. Privacy laws are? What are the laws we actually have to follow as companies with respect to data privacy? 


00:22
Shannon Yavorsky
There's so many laws, Adam, so many. But the main laws in privacy are in Europe. Everybody's heard of the GDPR, the general data Protection Regulation, which is right now post Brexit. There's also the UK GDPR, which is very similar. And it's Europe's omnibus privacy legislation that governs the collection, use, and sharing of personal information. And in the US. You have a lot of federal sectoral privacy laws that govern certain types of data. So you have HIPAA, which is the federal health privacy law. You have the GLBA, the Graham Leach Blyley act, which covers financial data. You have Copa for children's data, the children's online privacy protection act, and then you have FERPA for student data. And against this backdrop of federal legislation in the US. You have a whole raft of US. State privacy laws. 


01:25
Shannon Yavorsky
And now, as of today, there are 13 state privacy laws that are really similar to the GDPR in that they take a consumer rights based approach to privacy. They require privacy notices. They give individuals rights to access data, delete data. They require companies to implement processes for responding to individual rights request. They have some contracting requirements. So that's the US. Is this really complex landscape now. And then you have in Europe, you have the GDPR. And then around the globe, you have a number of really important privacy laws. In Asia, in South America, we have the LGPD in Brazil, which is very similar to the GDPR. Really strong privacy laws in China and in Canada. So most jurisdictions around the globe have some form of privacy law, and all of them are about governing how companies can use personal information. 


02:27
Shannon Yavorsky
So how is the company allowed to collect and use your data? And all the laws are really centered around these really core privacy principles. 


02:36
Adam Stofsky
So it sounds like in Europe things are fairly I'm not going to say simple, but in terms of which law you need to think about, there's one law that's the general data Protection Regulation, right? So one big law covers not everything, but like a lot of stuff, right? 


02:53
Shannon Yavorsky
A lot of stuff. But I hesitate to say that it covers everything because there are all these national laws that supplement the GDPR. So it's not just the GDPR. The GDPR provides the broad principles. But there are also national laws in each of the member states that also apply to the collection and use of personal information. And a good example of that is the Eprivacy directive. And because it's a directive, it's implemented into national laws in slightly different ways. And the E privacy directive governs distance marketing, so email marketing and text marketing. And there are just different laws in every member state across Europe. So those laws have to be looked at alongside the GDPR, which can be pretty complex for companies to comply with. 


03:46
Adam Stofsky
Interesting. But in the US. It's even more of a tangle, right? Because there is no GDPR equivalent in the US. There's no federal law. That's a general data protection law, right? 


03:56
Shannon Yavorsky
Unfortunately not yet. I think, like I said, as of today, there are 13 state privacy laws, and everyone is really clamoring for a federal privacy law to help align legislation because these state privacy laws are while they're very similar, they're slightly different. So organizations operating in multiple states have to look know, do I need to comply with the Virginia privacy law or do I just need to comply with the CCPA, the California consumer privacy act? It's a pretty complex landscape, and in past years, there have been a number of federal privacy laws that have been proposed, but they've never really moved forward. And now I think we're at an inflection point where we have 13 state privacy laws, we have ten or 15 other states that are thinking about state privacy laws. 


04:52
Shannon Yavorsky
So we're going to get to a point where we have this incredibly complex landscape that hopefully is going to push the regulators to provide some omnibus or some harmonization of those laws to help companies comply with the law. Because right now it's a pretty to your point, tangled landscape. 


05:12
Adam Stofsky
Okay, great. Thank you, Shannon. 

PDFs
Audio
Share Video
Embed Video
© 2024 Briefly
Terms of Use
Privacy