The Law Reviews

The Privacy, Data Protection and Cybersecurity Law Review - 4th Edition

The Privacy, Data Protection and Cybersecurity Law Review - 4th Edition


Alan Charles Raul
Sidley Austin LLP

For 2017, the world’s principal privacy and data protection issues centred once again on the challenges of transferring personal data between the European Union and the United States. As of October 2017, over 2,500 organisations had already certified compliance with the standards of the transatlantic Privacy Shield. While both sides expect the Privacy Shield to survive the EU’s first annual review of the Privacy Shield’s operation, the fate of this limited ‘adequacy’ decision for the United States will ultimately be decided by the Court of Justice of the European Union (CJEU). This is the same tribunal that previously invalidated the US–EU Safe Harbor Framework in a case brought by Austrian student Max Schrems.

In 2017, the EU has also focused intensely on itself. The new General Data Protection Regulation (GDPR), which will enter into effect in May 2018, has captured the fevered attention of businesses inside and outside Europe because of its potential for imposing very significant penalties. Violations could result in payments of €20 million or 4 per cent of global turnover, whichever is higher

The year ahead is likely to bring increased attention to connected devices, autonomous vehicles, artificial intelligence, machine learning, big-data analytics and predictive algorithms. These novel areas hold serious implications for security (as in hacking cars or medical devices), as well as uncertain and abstract or ethereal impacts on personal autonomy, privacy and profiling. Data transfer disputes, data localisation trends, aggressive government demands for decryption and access to underlying software code and algorithms, election hacking and fake news will roil digital trade and even affect political stability. The intersection of cybersecurity, counter-terrorism, privacy and human rights remains fraught and subject to abuse, hypocrisy and checks and balances in different jurisdictions. The field of privacy, data protection and cybersecurity will thus continue to eschew equilibrium for the foreseeable future.