Meet the expert: Petruta Pirvan to speak at PrivSec Global

Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today. 

Petruta Pirvan is a Lawyer and Data Protection professional with expertise in data protection implementation, management, and educational programs. She appears exclusively at PrivSec Global to discuss US Data Privacy law and how 2023 marks a momentous period in the country’s Data Privacy journey.

Below, Petruta answers questions on her professional pathway and the themes of her PrivSec Global session.

Could you briefly outline your career journey so far?

I’m a lawyer specialising in interpreting data protection international legislation with more than 15 years of practice in my profession. I’m a member of the International Association of Privacy Professionals, a Fellow of International Privacy (FIP) and a Certified Data Privacy Manager (CIPM) and Professional for Europe and US (CIPP/E & CIPP/US). 

I hold course certifications in AI Ethics and Digital Policies from, among others, University of Helsinki. 

I have been long acting as an in-house data privacy counsel for top multinational companies such as Oracle and Accenture focusing on conduct privacy by design reviews for client facing services, offerings, projects, products, or initiatives, and incorporating data privacy principles into those initiatives. While working in Denmark as a Data Privacy Compliance Office for the giant shipping company A.P. Moller-Maersk I have led the Global Data Privacy Compliance Program by setting up the group data privacy practices, guidance, and policies. 

My work in privacy compliance led me to live in different countries, respectively in Denmark, Ireland, the Netherlands, and Romania and currently I’m established in Bucharest working as Legal Counsel, Data Privacy and Digital Law for global companies under my own brand which is EU Digital Partners (https://eudigitalpartners.com/).  

At the same time, I act as a Data Privacy Consultant/Head of Privacy and Compliance at the Dutch company Wrangu B.V. 

As GDPR-inspired frameworks continue to evolve in more States, are organisations in the US getting better at protecting users’ privacy data and keeping users safe online?

There are multiple events which over the past years contributed to raising individuals’ awareness over the risks they incur and exposure they submit themselves to when sharing their personal data with third parties. 

Since a new economic paradigm has emerged with the growth of e-commerce, we have witness extensive reporting about high profile data breaches and revelations about invasions into computer networks. 

In this context, as you rightly point out, the General Data Protection Regulation set precedence as the world’s first comprehensive data protection legislation providing individuals with easier access to their data, a right to portability, a right to be forgotten, and a right to learn when their personal data have been part of a breach compromising their privacy and security. 

Comparatively, the United States does not have a comprehensive law at the federal level and instead has a patchwork of laws enacted by the states. Nevertheless, shortly after the GDPR took effect, California passed the California Consumer Privacy Act one of the first U.S. laws to provide comprehensive consumer protection regulation for California residents. And then, as the individuals’ awareness regarding the importance of their right to privacy grew, a multitude of other US states followed suit to the point that today we are talking about 12 states that have already passed privacy legislation. 

Inevitably, these laws are imposing rules and restrictions conducive of submitting organisations to standards of protecting individuals’ privacy and keeping them safe not only online but also offline. 

Will we one day see a national data protection regulation across the US? 

There is a lot of pressure on Congress to pass acomprehensive federal data privacy legislation to benefit both the industry and the public. Government agencies such as the US Chamber of Commerce and Government Accountability Office have recommended Congress pass such a law.  

President Biden’s administration’s latest Executive Order on Trustworthy AI calls for a bipartisan comprehensive federal privacy law. In a 2019 op-ed for The New York Times Google’s CEO Sundar Pichai wrote that he and others at Google “think the United States would benefit from adopting its own comprehensive privacy legislation and have urged Congress to pass a federal law.”

While there have been multiple attempts by both Democrats and Republicans to pass an overarching federal law, the United States remains without one. 

Nevertheless, I’m hopeful that we will have a federal data privacy law in the US given that this has been long advocated for and overwhelmingly supported by both the industry and the President Administration.

There are two reasons why a federal privacy reform is required. First, the industry would benefit from a uniform standard because it would provide a more predictableapproach to data privacy. Second, a comprehensive data privacy legislation would give individuals uniform rights over the protection of their personal data.