Skip to main content
Policy Forum

Five Years of EU’s General Data Protection Regulation: Impact and Lessons Learned

Watch the Event

Join the conversation on X using #CatoTechnology. Follow @CatoInstitute on X to get future event updates, live streams, and videos from the Cato Institute.

Date and Time
-
Location
Cato Institute, 1000 Massachusetts Ave, NW, Washington, DC
Share This Event
Featuring
Nathan Lindfors
Nathan Lindfors

Policy Director, Engine

Lee Matheson
Lee Matheson

Senior Counsel, Future of Privacy Forum

Brandon Pugh
Brandon Pugh

Policy Director and Senior Resident Fellow, R Street Institute

In May 2018, the European Union’s General Data Protection Regulation (GDPR) became effective. The immediate impact was seen in the millions of dollars and man hours spent on compliance; the loss of certain websites or services from the European Union, such as the Los Angeles Times; and changes to user experiences and privacy choices. Advocates of the GDPR have argued that the tradeoffs are worth it for improved cybersecurity and the increased privacy rights of EU citizens, but critics have pointed to the potential impact on other values, such as speech and innovation, and have questioned if the GDPR has actually led to improvements or just increased red tape.

Five years on, the impact of the GDPR on Americans and American companies as well as their European counterparts continues to be felt. As the United States debates its own potential federal data privacy law and sees an emerging patchwork of state laws, what lessons can we learn from the GDPR about benefits and consequences of data privacy regulation?

Lunch to follow