After a first read through of the leaked Commission proposal for a new data protection regulation (Draft Regulation) that was published by statewatch.org (it is not meant to be officially published until the end of January), I remembered a speech by Viviane Reding's Chief of Cabinet who said that the Commissioner for Justice was very impressed by German data protection rules. This might help in explaining several provisions of the Draft Regulation. Take for example the rules on data processing. After some scandals on data leakages at data processors,Germanytightened the requirements for the contract on data processing to cover several specific details of data security. Article 27 of the  Draft Regulation takes up this idea and requires controller and processor to stipulate several rules and precautionary measures in their agreement, as that the controller may only act on instructions from the controller and that its staff must have committed themselves to … Continue Reading ››
The ICO has today  published its promised "half term report" on organisations' compliance with the new cookie consent rules, along with updated practical guidance.   On third party cookies, which the ICO acknowledges is "one of the most challenging areas" for compliance, the ICO states that it is still working with industry and other DP regulators to find the right answers on this complex issue. The new version of the guidance replaces  and expands on the 10 page version published back in May.   As well as providing more practical illustrations of the various possible consent options(pop ups, footer bars, terms and conditions, settings led and feature led consent) it  sets out the ICO's likely enforcement stance when the "amnesty" period ends in May 2012.  In line with the ICO's Regulatory Action Strategy,  any formal action taken for cookie breaches would need to be proportionate - but the tone of the guidance and the … Continue Reading ››
The Statewatch website has published what appears to be a draft of the Proposal for a Regulation to replace the current Data Protection Directive.  The   draft for the proposal is still at the inter-service consultation stage, i.e. doing the rounds of the different DGs with a potential interest in the proposal.  So, the final draft of the proposal (not due to make its official appearance until January)  might differ from the version currently on the Statewatch site - and of course, assuming this version is authentic.... However, with those caveats in mind, following the FT's teaser at the weekend, those eager for a preview of the content may not be able to resist taking a look.  There are 116 pages to trawl through, but notably:
  • the proposal is for a Regulation, not a Directive, therefore directly applicable in and binding on Member States
  • for proposals on sanctions, see Chapter 8 (and for … Continue Reading ››
FT readers will have already seen FT's report (4/12/11) that it  has had a sneak preview of the eagerly awaited  draft Data Protection Directive.  The most headline grabbing issue is the possible introduction of fines of up to 5 % of global turnover for privacy breaches.   If that doesn't make data protection exciting, nothing will! Remember that the new Directive still has a long way to go.  When the proposal is published officially and in full - expected to be in January - there will be much for data protection practitioners (in every sector and every practice area)  to analyse. The likely headline issues and broad areas for reform were well signposted in the Commission's Communication of November 2010.  Just how these broad proposals translate into the detail of the first draft remains to be seen - but if "stronger sanctions" in the Communication translates into "fines of 5% of global … Continue Reading ››