No CrossRef data available.
Article contents
Remarks by Kirk J. Nahra
Published online by Cambridge University Press: 24 March 2023
Extract
U.S. privacy law often is criticized in comparison with international privacy regimes, particularly the European Union's General Data Protection Regulation. Parts of this criticism are fair, but, at the same time, U.S. privacy law provides meaningful protections in a substantial set of circumstances, and, on occasion, provides either “better” privacy protection than the GDPR or presents a more targeted approach to balancing appropriate privacy protections with other important public policy concerns. This balancing often is not a question of “consumers vs. industry” (although it certainly can be). In some situations—particularly in the health care settings that I will focus on—it often is a question of providing an appropriate balance between privacy interests and other policy interests that benefit both industry and consumers.
- Type
- Seventh Annual Detlev F. Vagts Roundtable on Transnational Law: Transnational Regulation of the Platform Economy
- Information
- Copyright
- Copyright © The Author(s), 2023. Published by Cambridge University Press on behalf of The American Society of International Law
Footnotes
11
Kirk J. Nahra is a partner with WilmerHale in Washington, D.C., where he co-chairs the firm's Cybersecurity and Privacy Practice as well as the Big Data Practice. He teaches privacy law at the Washington College of Law at American University.
References
12 GDPR does provide “special categories” of personal data, where additional obligations apply—with these special categories including data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.” GDPR, Art. 9.
13 See, e.g., the Health Insurance Portability and Accountability Act privacy and security regulations for the health care industry, the Gramm-Leach-Bliley Act for financial institutions, and the Family Educational Rights and Privacy Act for education.
14 See, e.g., Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM) for email marketing and the Telephone Consumer Protection Act (TCPA) for telemarketing.
15 Examples include: genetic data; biometric data; data about children; and even a specific law for video rental records.
16 See Kirk Nahra, A Public Service Announcement About the HIPAA Privacy Rule, IAPP (June 18, 2021), at https://iapp.org/news/a/a-public-service-announcement-about-the-hipaa-privacy-rule/?mkt_tok=MTM4LUVaTS0wNDIAAAF9vwpQ5J6owEywaEB1Li1TO4b9svqYwNyX-naHSZYm-6qIK9So0uZt_UHYthr2MuDbwco1LDwS1ZsTet8TjnA4-26BuYX49G9I-6atGnn1kv_H.
17 See generally Kirk Nahra & Lydia Lichlyter, Federal Privacy Legislation Should Be Context-Sensitive, Law360 (Feb. 27, 2020), at https://www.law360.com/articles/1248149.
18 See, e.g., Woodrow Hartzog & Neil M. Richards, Legislating Data Loyalty, 97 Notre Dame L. Rev. Refl. 356 (2022).
19 See Kirk Nahra, Healthcare in the National Privacy Law Debate, 16 ABA Health eSource (Dec. 2019), at https://www.wilmerhale.com/en/insights/publications/20200114-healthcare-in-the-national-privacy-law-debate.