I’m thrilled to interview K Royal, Senior Director, Western Region, Privacy, at TrustArc. K has had a long career in privacy law, having served as privacy counsel for several companies. She’s also an adjunct professor at Arizona State University.
Prof Solove: What is the need for a multi-jurisdictional approach to privacy laws?
K Royal: With the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other laws such as the Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), businesses must be prepared to comply with a variety of laws around the world.
Privacy is a complex, multi-level, comprehensive concept which is now being regulated in more than 130 countries with more than 500 privacy laws. To be successful in complying with so many laws, businesses must develop a multi-jurisdictional approach to privacy laws that is consistent and predictable yet also not one-size-fits-all.
Prof Solove: Can a company just set one high bar and just treat all personal data the same?