In all the excitement last week over  the European Parliament's approval of the General Data Protection Regulation (GDPR) and the US Privacy Shield, you may have missed that the European Commission published a consultation on Monday  11 April  regarding the ePrivacy Directive. Don't worry though, here is what you need to know: What is the purpose of the consultation? The consultation forms part of the Commission's Digital Single Market (DSM) Strategy and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent requirement,  so many people are likely to want to input. It also contains rules on breach notification, consents for marketing by electronic means and use of traffic and location data. The Commission … Continue Reading ››
After years of drafting and debating, the EU General Data Protection Regulation (GDPR) was approved by the European Parliament yesterday (14 April). It is expected to be published in the EU Official Journal in the coming weeks. What? The GDPR sets the new EU-rules for handling of personal data. It will substitute local EU data protection laws. However, the GDPR contains over 50 “door openers” for local member state laws (see this nice graphic which illustrates the point: https://www.flickr.com/photos/winfried-veil/24134840885/in/dateposted/). Life for international companies, therefore, will not get easier as they will not avoid the need to assess local member state laws. When? The GDPR will enter into force 20 days after its official publication, estimated to be between May and July 2016. Companies will then have two years to prepare until the GDPR actually applies (two years after entering into force – i.e. May – July 2018).  Who? All businesses in … Continue Reading ››
Datonomy summarises the latest developments in the ongoing saga of US data transfers. What's new? On 13 April, the Article 29 Working Party announced their eagerly awaited – but as it turned out,  somewhat inconclusive - conclusions on the proposed new EU-US Privacy Shield data transfer mechanism. A lunchtime press conference led by Article 29 Working Party Chairman Isabelle Falque-Pierrotin was followed by the publication in the late afternoon of two new documents: The documents analyse the Privacy Shield from two angles:
  • the commercial aspects
  • derogations for national security purposes.
See below ("What are the regulators' concerns") for a bit more detail on the content of these documents and the key concerns raised. As Datonomy readers … Continue Reading ››