Vera Jourová, the European Union Commissioner for Justice, Consumers and Gender Equality, rounded off a recent three-day visit to the US with a speech at Berkeley School of Law on the current state of online privacy and consumer protection. Members of our Silicon Valley Privacy and Security team were there in person to hear Mrs Jourová address various topics, including the first joint annual review of Privacy Shield (which she co-launched on 18 September), the progress made for GDPR readiness to date and the ongoing issues of online hate speech and radicalisation.
We were there to hear her thoughts.
Privacy Shield - the Commission remains committed to Privacy Shield and Mrs Jourová expressed "positive reflections" after the launch of the framework's first annual review with her US counterpart, Commerce Secretary Wilbur Ross. The Commissioner did, however, acknowledge a number of "ongoing challenges" both legal and political. In particular, she cited concerns over mass surveillance in the US, the increasing use of profiling and automated decision making (especially in relation to credit scoring) and the Trump administration's failure to appoint a permanent US ombudsmen and other vacancies within a number of US agencies, including the Federal Trade Commission and the Privacy and Civil Liberties Oversight Boards. Despite her upbeat mood, Mrs Jourová did state in a recent interview that "the option of suspending the Privacy Shield is real".
GDPR - having spent a day visiting a number of tech companies in the Bay area, including Facebook and Google, the Commissioner expressed confidence at current progress on GDPR readiness. She also sensed a shift in attitude since her last visit to the US in Spring, with some companies perhaps beginning to view the GDPR as an opportunity to "put their house in order" in terms of data management. She does accept, however, that smaller companies may be less equipped to deal with the upcoming changes and said data protection authorities will need to issue further concrete and practical guidance, in particular for higher-risk sectors such as health and banking. Come May 2018, the Commission hopes that data protection authorities will take a balanced and measured approach to enforcement. Mrs Jourová also mentioned that she expects the Commission to issue guidance on how data protection rules will apply to AI and machine learning at some point next year.
Content regulation - the Commissioner expressed deep concerns over the rising issues of online radicalisation, copyright violation and - in particular - hate speech and discussed the differences in attitude between the US and Europe toward free speech and the responsibility of online platforms to moderate content. While there is growing legislative fragmentation across Europe on the duty of online platforms to remove hate speech, the Commission does not currently intend to introduce hard regulation. Instead, the Commissioner referred to platforms taking voluntary action and its Code of Conduct on countering illegal online hate speech which was agreed with some of the tech giants last year. In addition, the Commission will be issuing guidance on notice and takedown next week.
Since this meeting, of course we also have the Irish High Court preparing to make a reference to the CJEU after Max Schrems' persistence with his challenge to Facebook's use of the EU Standard Contractual Clauses. So data exports are under scrutiny this October as results from the Privacy Shield review are also due to be presented in October. The Fieldfisher team, both in Europe and Silicon Valley, will be watching closely for any indications ahead of publication - make sure to check in with us regularly for further news!
With thanks to: Richard Lawne, Trainee Solicitor (UK) - Silicon Valley