Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018.
Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming to comply with European law just as many headaches as before because it gives individual countries leeway to set their own rules on key issues. Van Quathem adds that regulators might think twice before bringing a case because companies are likely to fight the first GDPR enforcement actions. "I expect them to be cautious and to be careful about how they use their new powers. Because the laws are new, I think it's more likely that those fines will be challenged in court. Regulators are well aware of that."
Discussing China's new Cybersecurity Law, Luo says that businesses could get some clarity on the scope of the new law in the coming year. "In the first half of 2018, we expect to see important guidance issued by regulators regarding controversial issues such as the protection of critical information infrastructure and cross border data transfers," she says. But it is unlikely that the Chinese government will immediately enforce the new law, as Beijing is likely to offer companies a grace period to comply, Luo adds.