GDPR: the emergence of a global standard on privacy?
We are still far from seeing one global standard across all markets and this raises a number of challenges for companies.
Share this post
In May 2018, the EU’s General Data Protection Regulation (GDPR) required companies to make major changes to the way they collect and process consumer data.
Since then, new (and revised) privacy laws have been emerging in many countries across the world including in Brazil, China and Chile. Many of these laws are evidently inspired by GDPR, pointing to a trend towards a ‘GDPR standard’ emerging globally.
However, the picture is not that simple. Although some laws borrow heavily from GDPR, in many countries significant differences remain.
WFA's Global Privacy Map available in the here
In Brazil, for instance, the privacy law is very similar to GDPR, mirroring the EU regulation in key areas such as transparency, consent, legal bases, definition of personal data and DPOs. And at a recent WFA event in Malaysia, the Minister of Communications announced the government’s plans to review and update Malaysia’s privacy law to be more in line with GDPR.
The recent law passed in California, on the other hand, appears to focus more on the buying and selling of personal data than the GDPR’s broader approach which encompasses all processing of personal data. And the California law only requires an opt out for consumers, rather than GDPR’s stricter ‘specific, informed, unambiguous and freely-given’ consent.
So, although many countries are looking to GDPR for inspiration as they develop (and revise) national privacy rules, the regulatory landscape remains fragmented.
We are still far from seeing one global standard emerging across all markets. This raises a number of challenges for companies. Closely tracking and analysing the development of privacy rules across different countries will be crucial in order to understand what kind of common trends seem to be emerging but also, importantly, how they differ. This will have a major impact on compliance approaches across markets. Can you take a global approach or does the fragmented regulatory landscape require a more local strategy? Where are there common trends across all markets which can be implemented globally (e.g. data subject rights)?
Over the next few months, WFA will be running a series of webinars, such as the recent one on Brazil’s new privacy law, and developing resources to help global companies address some of these challenges. Starting with WFA’s Global Privacy Map, which aims to identify and track some of the privacy trends emerging across a number of key markets for advertisers and how they compare to the ‘GDPR standard’.
