Out-Law News 1 min. read
31 May 2018, 3:01 pm
Writing in the Financial Times, Wilbur Ross criticised the guidance produced to-date on the General Data Protection Regulation (GDPR) as being "too vague" and made an urgent call to EU authorities for "clearer rules and a more predictable regulatory environment to support investment and innovation".
"As currently envisioned, GDPR’s implementation could significantly interrupt transatlantic co-operation and create unnecessary barriers to trade, not only for the US, but for everyone outside the EU," Ross said.
"GDPR creates serious, unclear legal obligations for both private and public sector entities, including the US government. We do not have a clear understanding of what is required to comply. That could disrupt transatlantic co-operation on financial regulation, medical research, emergency management co-ordination, and important commerce," he said.
According to Ross, there will be "a significant cost" for SMEs in complying with the GDPR, and the new rules could also reduce consumers' "access and choice" to digital services.
He also raised concern about the impact the GDPR could have on the operation of 'WHOIS' databases which are relied upon by law enforcement agencies to police the internet and by owners of intellectual property to enforce their rights.
The GDPR began to apply on 25 May. It contains rules that govern the processing of personal data, from its collection to its use and disclosure. It applies to processing undertaken in the context of the establishment of a controller or processor in the EU, regardless of where the processing takes place, as well as to those based outside of the trading bloc where they direct services to EU citizens or monitor the behaviour of EU citizens and such activity involves the processing of their personal data.
Despite the US criticism, UK chancellor Philip Hammond said the UK's data protection regime would remain "closely aligned" to the EU's post-Brexit, according to a Financial Times report. Hammond said such alignment of UK data protection laws post-Brexit with the GDPR would facilitate continued free flow of data between businesses based in the UK and EU.
The GDPR applies directly in the UK at the moment, while provisions set out in the UK's new Data Protection Act will allow for continued application of the GDPR's rules in the country after the UK formally exits the EU.
Earlier this week, however, the EU's chief Brexit negotiator Michel Barnier dismissed proposals outlined by the UK government for a special agreement on data protection to be put in place between the UK and remaining 27 EU countries.