"A company may feel that they need to comply with the highest standard because then at least they can apply that consistently across the board and not worry about different obligations," Groman says in an interview with Information Security Media Group. "It's a challenging environment; it is at least one of the reasons why the European Union is proposing a regulation in this space, which would lead to more consistency for companies, although it will probably result in higher standards and more obligations."
Groman, in the interview, discusses the:
- Evolving legal environment in the United States and Europe as it pertains to online privacy;
- Privacy initiatives being considered by the European Union;
- U.S. federal government's approach to bridge the gap between American and European privacy regulation.
"If you're a global business, you need to understand the laws of the United States at the federal level, you need to appreciate the nuances of state laws that may be implicated," says Groman, who served as the first chief privacy officer of the Federal Trade Commission.
"And," he says, "different states in Europe have interpreted laws differently. ... It's really challenging to try to implement or comply with standards that are not only different but in some cases actually be inconsistent, and [that] presents the company with competing obligations."
Groman is executive director and general counsel of the Network Advertising Initiative, a coalition of more than 90 online advertising companies committed to shaping and enforcing responsible privacy practices. Before becoming the FTC's chief privacy officer, Groman served as counsel on the House Energy and Commerce Committee, where he drafted consumer privacy legislation and helped shepherd data security and breach notification bills through the House.
Tufts University awarded Groman a bachelor degree in international relations; he earned his law degree from Harvard Law School. Groman also holds Certified Information Privacy Professional certification.