This week, we examine the evolution of the European Union’s General Data Protection Regulation (GDPR). As we consider the issues surrounding potential adoption of national privacy legislation in the U.S., we will explore what knowledge might be derived from the evolution of data protection legislation in the EU – why it happened and how. Starting with the 1980 with Guidelines Governing the Protection of Privacy and Trans-Border Data Flows, the EU gradually moved to a Union-wide law, which proved necessary to avoid the confusion created by varying member nation privacy policies.

 Our guest, John Bowman, now a Senior Principal at Promontory, served as the U.K. government’s lead negotiator as GDPR was being drafted. In this episode, we explore with John the rationale that led to adoption of the GDPR as well as what has worked and what hasn't. Of particular relevance to the American experience is how the nation states that make up the EU arrived at a common framework, but also the role each member country plays when it comes to interpretation and enforcement of the GDPR.