C is for Cookie: Is the EU's New 'Cookie Law' Good Enough to Protect My Data?
| Author | William A. Meyers |
| Pages | 491-514 |
C is for Cookie: Is the EU’s New “Cookie Law”
Good Enough to Protect My Data?
W
ILLIAM
A. M
EYERS
I. Introduction
During the summer of 2017, Equifax, one of the three major credit
reporting agencies in the United States suffered a data breach that exposed
143 million Americans to potential theft.
1
During the months of May
through July, “sensitive personal information” including names, Social
Security numbers, addresses, dates of birth, driver’s license numbers, and
credit card numbers were stolen by hackers with malicious intent.
2
In March
of 2018, Reuters proposed that the cost of this breach could reach as high as
439 million dollars, making it the most expensive data breach in history.
3
Interestingly, that breach only affected 147 million consumers, but in 2018 it
was topped by another devastating hack.
4
When Marriot asked its guests to
check in, they would often require name, address, credit card information,
and passport numbers.
5
In November of 2018, Marriot revealed that this
personal information had been stolen in a data breach affecting up to 500
million guests.
6
This specific assault on personal data had been going on
since 2014, and it galvanized lawmakers within the United States to publicly
recommend data privacy laws that can discipline companies who fail in their
cyber protection.
7
Senator Mark Warner, a Virginia Democrat, stated, “It is
past time we enact data security laws that ensure companies account for
security costs rather than making their consumers shoulder the burden and
harms resulting from these lapses.”
8
As devastating as these attacks were,
neither of these data breaches were the largest in history. In 2013, Yahoo
1. Seena Gressin, The Equifax Data Breach: What to Do,
F
ED
. T
RADE
C
OMMISSION
:
C
ONSUMER
I
NFO
.
(Sept. 8, 2017), https://www.consumer.ftc.gov/blog/2017/09/equifax-data-
breach-what-do.
2. Id.
3. John McCrank & Jim Finkle, Equifax Breach Could be Most Costly in Corporate History,
R
EUTERS
(Mar. 2, 2018, 9:05 AM), https://www.reuters.com/article/us-equifax-cyber/equifax-
breach-could-be-most-costly-in-corporate-history-idUSKCN1GE257.
4. Id.
5. Nicole Perlroth et al., Marriot Hacking Exposes Data of Up to 500 Million Guests,
N.Y.
T
IMES
(Nov. 30, 2018), https://www.nytimes.com/2018/11/30/business/marriott-data-breach
.html.
6. Id.
7. Id.
8. Id.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
492 THE INTERNATIONAL LAWYER [VOL. 52, NO. 3
suffered a far more extensive data breach.
9
Yahoo initially believed this
breach affected one billion users when it was discovered in 2016, but in 2017
they found the breach actually affected three billion users.
10
This is an
astronomical number of individuals who were affected by a single data event.
But as our world gets more dependent on technology and the Internet, and
as long as companies make money collecting the data of users and
monetizing it, this will become more frequent in the future. In fact, data
breaches have consistently increased in recent years, with almost 1,300
breaches in 2017 and over 600 as of July 24, 2018.
11
This is obviously a
problem that affects millions of people across the globe each year and is
expected to continually increase as the global economy becomes ever more
digital, forcing some to call for action.
While, according to Senator Warner, American citizens must shoulder the
burden of these and the thousands of other data breaches that have occurred
in the past few years, European citizens have a level of protection not
enjoyed by those in the United States.
12
This is because of the General Data
Protection Regulation (“GDPR”), also known as the “Cookie Law,” which
was passed in 2016 by the European Union (“EU”) and effectuated May 25,
2018.
13
The GDPR is a sweeping regulatory reform regarding how
organizations collect and store personal data and ushered in a new era of
privacy protection in our online world.
14
On May 25, 2018—the day the
GDPR was implemented—Facebook and Google were hit with an 8.8
billion dollar lawsuit, which just shows the seriousness of the GDPR.
15
This comment will first dive into the history of data privacy in the
European Union, as well as the history of the GDPR and its policies,
ramifications, and effects on both the European marketplace and the global
marketplace as a whole. Next, this comment will address if and how other
nations will follow the European Union’s lead when it comes to data
protection and privacy or how their existing privacy laws compare with the
GDPR. Lastly, the comment will speculate as to any potential legal
developments as a result of the GDPR’s implementation in the European
Union and ways that it may evolve over time to affect not only the European
Union but also other nations that do business in the European Union and
9. Robert McMillan & Ryan Knutson, Yahoo Triples Estimate of Breached Accounts to 3 Billion,
W
ALL
S
TREET
J.
(Oct. 3, 2017, 9:23 PM), https://www.wsj.com/articles/yahoo-triples-estimate-
of-breached-accounts-to-3-billion-1507062804.
10. Id.
11. Axel, Enough is Enough: 2018 Has Seen 600 Too Many Data Breaches,
M
EDIUM
(July 24,
2018), https://medium.com/@AxelUnlimited/enough-is-enough-2018-has-seen-600-too-many-
data-breaches-9e3e5cd8ff78.
12. Nicole Perlroth et al., supra note 5.
13. Andrew Rossow, The Birth of GDPR: What Is It And What You Need to Know,
F
ORBES
(May
25, 2018, 7:32 AM), https://www.forbes.com/sites/andrewrossow/2018/05/25/the-birth-of-
gdpr-what-is-it-and-what-you-need-to-know/#3c917d7855e5.
14. Rhiannon Williams, Why 2018 Will be Remembered as a Turning Point for Tech,
I
N
EWS
(Jan.
1, 2019), https://inews.co.uk/news/technology/2018-turning-point-tech-facebook-google/.
15. Rossow, supra note 13.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
To continue reading
Request your trial