Bermuda Personal Information Protection Act
When I give a presentation about the Global Data Protection Regulation (GDPR), someone usually asks how long it will be before the United States has a similar regulation?  I really don’t know, but the Senate Facebook hearings last week show that the topic is certainly on the minds of our elected leaders.
Another strong indicator that a US regulation is forthcoming is the emergence of “GDPR-like†regulations in other countries.  For example, the article “A paradise for data privacy advocates – Bermuda’s privacy law now in full effect,†states:
With enactment of the Personal Information Protection Act (PIPA), Bermuda can now count itself among the ever-expanding list of jurisdictions with enhanced privacy protections. PIPA, passed on July 27, 2016, and entered into force in December 2017, shares many of the more stringent requirements and protections with Europe’s impending General Data Protection Regulation (GDPR), which indicates a growing, global trend towards stepped-up privacy regimes.Â
Regulations such as this will put pressure on the US to act, in order to facilitate economic interaction with other countries:
Unless and until the United States passes an overarching privacy statute providing comparable levels of protection over the use of one’s personal information, including for non-US Persons, it is unlikely that the Privacy Commissioner will allow for the free flow of personal information between Bermuda and the United States.
A concluding statement
Ultimately, the trend towards greater privacy protections—and the limitation on cross-border data transfers, especially to the United States—is only picking up steam, as this Bermuda law highlights. And more may still be to come.
How soon do you think the United States will act?