In May 2018, the European Union’s General Data Protection Regulation (GDPR) became effective. The immediate impact was seen in the millions of dollars and man hours spent on compliance; the loss of certain websites or services from the European Union, such as the Los Angeles Times; and changes to user experiences and privacy choices. Advocates of the GDPR have argued that the tradeoffs are worth it for improved cybersecurity and the increased privacy rights of EU citizens, but critics have pointed to the potential impact on other values, such as speech and innovation, and have questioned if the GDPR has actually led to improvements or just increased red tape.

Five years on, the impact of the GDPR on Americans and American companies as well as their European counterparts continues to be felt. As the United States debates its own potential federal data privacy law and sees an emerging patchwork of state laws, what lessons can we learn from the GDPR about benefits and consequences of data privacy regulation?

Lunch to follow