Extract from Kristy Esparza’s article “Navigating the Privacy Patchwork: Lessons from Relativity Fest”
As if the changing shape of data wasn’t enough, corporate legal teams across the US are now grappling with an evolving—and increasingly complex—set of privacy laws for how they collect and use personal information. Of course, greater protection of consumer privacy is ultimately a good thing, but new and shifting regulations do create quite a few headaches for in-house counsel.
At Relativity Fest 2023, four industry experts shared their insights and advice for the challenges that in-house counsel face with this patchwork of state laws. Let’s dig in.
Several States, Several Laws, One Big Headache
The sheer variation in privacy laws across different American states has opened the door to questions for corporate counsel. Justine Young Gottshall, co-managing partner of the InfoLawGroup, shed light on the complexities.
“How do you operationalize a privacy program when we have multiple laws that use different definitions and nuance that have a lot of import?” she asked the audience.
Justine went on to explain how things can be lost in translation because different states tend to use different terminology, causing more challenges—and questions—for legal. As an example, she pointed out how many in-house counsels are accustomed to the terms “controller” and “processor” from the GDPR. However, California law—as just one example—uses the terms “company,” “service provider,” and “other.”
