Data privacy regulators debate at IAPP Summit in the States

Regulators from around the world met at the International Association of Privacy Professionals’ (IAPP) Global Privacy Summit recently to discuss evolving privacy laws and organisational compliance strategies.

The Summit opened this week with the UK’s Information Commissioner, Elizabeth Denham speaking with Irish and Austrian counterparts, Helen Dixon and Andrea Jelinek, in a conversation moderated by Bird & Bird partner, Ruth Boardman.

One year on from the implementation of the EU’s General Data Protection Regulation (GDPR), Jelinek said that the importance attached to the role of the DPO “can’t be overstated.”

Jelinek, who is also chairwoman of the European Data Protection Board, said that the GDPR’s application across the EU “makes it easier” for organisations to comply, because there exists one set of rules for all involved. Her comments at the summit in Washington DC came as the law makers debate whether a federal privacy would forestall state laws, including California’s Consumer Privacy Act.

Helen Dixon expressed her interest in US policy makers’ approach to privacy law, and whether such a law “would regulate very specific uses as well” as having “high-level principles and rules,” as per the GDPR.

Joseph Simons, Federal Trade Commission chairman spoke with IAPP president and chief knowledge officer, Omer Tene regarding the future of a federal data privacy law and strategies the agency might embrace.

Simons did not speculate greatly on whether a federal law would include pre-emption, but guessed that a “narrow pre-emption” would focus on laws similar in appearance to the California Consumer Protection Act.

Consumer supporters argued for the FTC to have greater resources, citing the strength of Ireland’s Data Protection Commission, which has around 140 employees. Simons criticised this comparison, highlighting the greater authority of the IDPC and its capacity to oversee the GDPR.

Simons said:

“One thing we do not have which the EU has is fining authority. The only way we can get money from folks in these privacy cases is we have to get them under order and we have to have them seek civil penalties and we can’t do that ourselves, we have to go to court.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.