We attended the Global Privacy Summit 2018 (March 27-28) organized by the IAPP in Washington, DC.
Global Privacy Summit : the report of our team
The Global Privacy Summit, the data protection profession meeting organized every year by the International Association Privacy Professional (IAPP), was held in a context marked by the implementation on next May 25th of the GDPR in Europe and the scandals of leaks or misappropriation of personal data.
Indeed, 2018 promises to be a landmark year in privacy and Monica Lewinsky, Social Activist and Writer appeared as the appropriate Public Speaker to address privacy rights and digital reputation and share firsthand perspective on private shame with a clear message for attendees: shame cannot survive compassion. A message reinforced by keynote speaker MEP Birgit Sippe recall on The ePrivacy Regulation “is about freedom, justice and equality as basic principles for a free and democratic society”.
The Global Security Summit 2018
Data protection breaches and consequences
Two major data protection breaches were quoted during the Global Privacy Summit and fueled the discussions in the various forums:
- In 2017, the security systems of American credit monitoring agency Equifax were compromised. The names, addresses, Social Security numbers, and in some cases credit card details of approximately 143 million Americans were accessed during the attack — almost half the American population.
- Facebook, who have recently lost over $90 billion in market value, with revelations that personal data of 50 million users was obtained and misused by British data analytics firm Cambridge Analytica, who reportedly helped Donald Trump win the US presidency in 2016 and the choice of the Brexit by Britain.
GDPR: US Businesses are concerned
Having in mind these two major “accident”, we can understand the reasons why the USA is paying attention to the stringent data protection regulations that the European Commission will make effective on the 25th May 2018. By the way, The GDPR is not only about avoiding hefty fines, every and each company dealing with EU personal data must be compliant with the regulation. As can be seen from the above examples, by reinforcing security and improving privacy protection the GDPR is also about avoiding loss of market share and brand image.
As Isabelle Falque-Pierrotin mentioned during one of the break-out sessions; “GDPR is a learning curve, and we will take into account, of course, that this is a learning curve. The role of the regulator, she said, is to be very pragmatic and to be proportionate. However, it’s important that you start today, not tomorrow.”