Category Archives: EU Legislation

With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
  • The regime for electronic communications, based on the EU's Privacy and E-communications Directive (PECD), which dates back to 2002, is being overhauled as part of the Commission's Digital Single Market package.
  • Since the last review of the PECD in 2009, a new … Continue Reading ››
Yesterday, 10 January, the European Commission (EC) presented its formal proposals for the new ePrivacy Regulation. On initial analysis, the first official draft of the Regulation appears broadly similar to last month's leaked version, explored by Datonomy here. Datonomy will be providing a fuller analysis, however in the meantime the EC's Fact Sheet provides a useful starting point. The Commission's aim is to have the new Regulation adopted by 25 May 2018 when the GDPR takes effect. Olswang's Head of Digital and Data, Elle Todd, and Alex Dixie, the firm's Head of Adtech, will be taking a first look at the practical impacts of the new proposals in a webinar at 15:00 UK time on Thursday 19 January. Follow this link to register. In particular the webinar will examine:
 ‘If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself'. James Madison, 1788 (highlighted in the AG's opinion) Enabling a government to control the governed, whilst obliging it to control itself, is the dilemma with which the European Court of Justice (ECJ) has been faced in its preliminary ruling on the appeal decisions of Tele2 and Watson. In today's ruling against the UK Government, the ECJ has clarified that national governments need to respect EU standards on data retention in their domestic legislation. The ruling is a potentially embarrassing setback for Theresa May, as … Continue Reading ››
Yesterday (13 December) in time-honoured tradition, a draft proposal of the European Commission's (EC) new ePrivacy Regulation was leaked. The official draft of the proposal is not expected to be published by the EC until January 2017, and it is possible some of the detail will change before then. Datonomy will be providing fuller analysis of the real thing in the near future, but an initial look at the leaked draft – which (typos aside) gives a good indication of what to expect - reveals the following:
  1. It's a Regulation rather than a Directive (as predicted by Datonomy here)
As with the GDPR, this is intended to provide additional harmonisation and simplification. However, there are a number of areas where Member States can nuance provisions.
  1. A fining regime similar to GDPR
Offenders can expect turnover based fines. For example, fines of up to 2% of turnover, or up to 10,000,000 … Continue Reading ››
Recently Datonomy attended the second of two conferences held by Exeter University addressing the UK's place in the Digital Single Market. The day, hosted at Portcullis House, focused on data protection and privacy policy with viewpoints provided by both practitioners and stakeholders. Of particular relevance to Datonomy readers were the panels' opinions on the ePrivacy Directive review, the GDPR, and the new Investigatory Powers Act (recently explored by Datonomy here). Draft ePrivacy Regulation on the horizon Perhaps the headline news from the day was the strong support for the review of the ePrivacy Directive to result in the implementation of a new ePrivacy Regulation (therefore directly effective). It was argued the Regulation should extend the scope of the current ePrivacy Directive to cover new tech including, for example, OTT Providers, publically used private networks and the Internet of Things. According to the European Commission the draft proposal … Continue Reading ››
Last week, as part of Olswang's GDPR readiness and Talking Retail webinar series', lawyers from the firm's data protection and retail sector teams hosted a webinar looking at the implications of the GDPR on the use of data by the retail industry during an online transaction.  In this session our speakers looked at the following:
  • Targeted and non-targeted advertising
  • Privacy policies
  • Processing customer payment details
  • Post purchase analysis
  • Data breaches
  • GDPR implementation
The webinar was hosted by Katie Nagy de Nagybaczon, a partner in the Corporate Team, who focuses on the retail, eCommerce and technology sectors. The two speakers were:
  • Sven Schonhofen, an associate in the Commercial Team of the Munich office. He specializes in advising clients in all areas of IT law, in particular on data protection law.
  • Emily Dorotheou, an associate in the Commercial Team who has experience of working on procurement, technology and logistics contracts for a variety of retail and technology clients.
Please follow this … Continue Reading ››
The General Data Protection Regulation ("GDPR") comes into force on 25 May 2018. It is binding for all member states and provides for a harmonisation of the data protection regime throughout the EU. However, various opening clauses provide member states with discretion to introduce additional national provisions to further specify the application of the GDPR. The German legislator has been among the first to draft such provisions supplementing the GDPR. What areas does the General Federal Data Protection Act cover? Recently a draft of the German Federal Ministry of the Interior for a General Federal Data Protection Act (Allgemeines Bundesdatenschutzgesetz, "GFDPA") has been leaked. This is meant to replace the current Federal Data Protection Act (Bundesdatenschutzgesetz, "FDPA"). The draft includes new provisions in areas that are subject to the opening clauses of the GDPR. For example: