publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/973671
65 WWW.ILTANET.ORG | ILTA WHITE PAPER LITIGATION AND PRACTICE SUPPORT GDPR and Privacy Law Evolution in the EU Privacy by Design Privacy by design will be one of the most challenging parts of the GDPR to achieve. Privacy by design and by default calls for all data controllers/data processors who deal with information of EU data subjects to proactively build privacy into policies, procedures and technology instead of being reactive to EU data privacy regulations in the GDPR. When companies have data complaints from EU data subjects, the GDPR's supervising authorities in the EU have the power to investigate the mechanisms companies have developed to comply with the GDPR as part of their business processes. The challenges with GDPR privacy by design was highlighted in a January 2018 German court ruling in a case brought by The Federation of German Consumer Organisations (VZBV) against Facebook. The German court found, among other things, that the design of Facebook's pre-ticked checkboxes in their privacy center violated the privacy by design and by default concepts under current German law. The same privacy by design and by default requirements are also found in the GDPR. Although the GDPR will not be fully enforced until May 2018, the privacy by design concept, as seen in the German Facebook case, will require some navigation from companies when they must manage data of EU data subjects. The GDPR has been developed to create a cohesive data privacy framework governing the use of data belonging to persons in EU countries; once in full effect, it will be one of the most comprehensive data privacy laws in the world. GDPR readiness is a massive undertaking for any organization, and it remains to be seen how companies worldwide will manage compliance with the GDPR on May 25th, 2018 and beyond. ILTA DEBBIE REYNOLDS Debbie Reynolds advises Fortune 500 companies on data privacy and the management of electronic evidence in high- stakes litigation. Ms. Reynolds is also an adjunct professor at Georgetown University, guest lecturer at various law schools, published author and speaker on the impact of global data privacy in legal matters.