Political and economic developments over the past few years have strained the transatlantic alliance. The Trump Administration and EU leaders continue to clash over issues that were once common core values, including the NATO alliance, immigration policy, cross Atlantic trade and climate change.
Only a year ago, it seemed as though the cohesion of the digital economy would unravel as Europe introduced the General Data Protection Regulation (GDPR) while the United States continued to cling to sector specific privacy regulation.
In addition, the demise of the EU-US Safe Harbor and legal pressure against the new Privacy Shield seemed to further destabilise the brittle global framework for data flows. But what a difference a year makes.
These days, the US government, leading companies and trade groups, including the powerful US Chamber of Commerce, have embraced the call for federal privacy legislation. The Senate Commerce Committee held hearings about prospective federal privacy law, including testimony from Europe’s lead regulator, Andrea Jelinek, who Chairs the newly formed European Data Protection Board. Senator Richard Blumenthal even suggested that the US should proceed to adopt a local version of GDPR.
To be sure, it remains unlikely that the US will go that far. And the drive for federal legislation is partially motivated by companies seeking to soften California’s new law with more flexible legislation. But the turnaround is dramatic, as only a year ago the majority of US companies were railing about GDPR and arguing that the US model of sector specific legislation, which regulates sensitive data and provides the FTC with overarching authority, was adequate.
Now, global technology companies have taken then lead on GDPR compliance. For example, the Data Transfer Project, a group led by Twitter, Facebook, Google and Microsoft launched the first major standard to advance data portability.
Similarly, academics and start up companies in the US and in Israel are playing an important role in developing techniques that will live up to the GDPR’s high standard of anonymous, privacy protective data processing. These include differential privacy, which permits querying databases without sacrificing the privacy of individual data subjects, and homomorphic encryption, which features computations performed on encrypted data.
Perhaps the most important issue for the future is AI and machine learning. How do we ensure that important decisions about health and finance, education and transportation, are fair and equitable where algorithmic decision making is opaque? How can engineers verify that autonomous vehicles are not only safe but also ethical?
Scholars all around the world are grappling with frameworks to ensure algorithmic due process and trust in AI. This week, at the 2018 International Conference of Data Protection and Privacy Commissioners in Brussels, the Public Voice, which brings together civil society organizations from the US, Europe and the rest of the world, will release a joint set of ethical principles for AI.