What is it about?

The concept of personal data is at the heart of EU data protection, and it is much broader than the U.S. concept of personally-identifiable information or PII. Many U.S. companies are now bound to protect this broad category of data because of the long reach of the EU law, including those that sign up for the self-certifying Privacy Shield, but to do so they need to understand its scope. As part of their compliance strategy, they need to take this into account by mapping the data they collect and keeping record of data processing activities, and this article will help by explaining the concept. Furthermore, U.S. companies may find that for strategic reasons it is best to provide European-style protections to their consumers worldwide, as this article discusses.

Featured Image

Why is it important?

We believe that this article is the first to look at compliance with Europe's new General Data Protection Regulation through the lens of legal strategy theory. Furthermore, this article tackles the differences between the information/data protected by U.S. and European law, respectively, as this is the basis for compliance. As a result, the article provides an updated and perhaps more compliance-oriented view of these differences than previous scholarship, which should be helpful for those struggling with the differences, whether they be scholars, students, or in companies.


I think that the dual unique aspects of this article--its treatment of the scope of personal data and PII, from their definitions, to their interpretation by courts or advisory agencies, to sensitive-data, and the legal strategy pathways viewpoint, make this an important piece of scholarship in one of America's top double blind peer reviewed law reviews. American readers should come away from it with a much greater understanding of the issues involved.

W. Gregory Voss
Toulouse Business School

There are many conflicting viewpoints on how the GDPR is impacting U.S. companies. This article points out how the differences in the ideologies on what types of data need to be protected between the EU and U.S. has created much confusion. In this article, we explain how companies may gain a competitive advantage by working within the GDPR rather than around it.

Assistant Professor Kimberly Houser
Oklahoma State University System

Read the Original

This page is a summary of: Personal Data and the GDPR: Providing a Competitive Advantage for U.S. Companies, American Business Law Journal, May 2019, Wiley, DOI: 10.1111/ablj.12139.
You can read the full text:




The following have contributed to this page