Partner Aaron Tantleff was quoted in a Law360
article, “5 Common Myths About EU’s New Data Protection Regime
,” about some of the misconceptions that surround the European Union’s looming new General Data Protection Regulation.
Tantleff said most companies have business operations that touch the EU in some way and are therefore caught up by the regulation’s wide net, even if no one from the company has ever set foot in Europe. “Generally speaking, GDPR is extraterritorial and applies to companies all over, and while that may be concerning and frustrating to companies that don’t think EU data protection authorities should be able to come after them, they still have to comply,” he said.
He also said moving data processing operations out of Europe or leaving the EU market altogether may not be practical for many companies and could end up causing additional headaches. “Offering differential privacy and security where certain protections are offered in one location but not the other is dangerous territory,” he said. “It has the potential to raise the ire of regulators, who may want to know why their citizens’ data is being treated differently and their people are deemed to have less rights than those in the EU,” he said.