Business Concern Over New EU Consent Requirement to Use Website Cookies
New EU cookie consent requirement
Amendments to the EU’s ePrivacy Directive have meant that since 25 May 2011 the EU has required website operators to obtain the consent of users to the use of cookies. This is a significant development and it is causing considerable concern among businesses. The new consent requirements for use of cookies, which consist of small text files that are used by virtually every website to recognise a user’s computer and collect information on a user’s activities and preferences, has caused a storm of debate as regulators and businesses struggle to find a practical way of obtaining consent.
European Shift to Concrete Cost Analysis of Data Protection
BNA’s Privacy & Security Law Report
Following meetings held Feb. 24-25, the Council of the European Union released its ‘‘Conclusions’’ in response to the EU Commission’s Nov. 4, 2010 ‘‘Communication’’ proposing ‘‘a comprehensive approach on personal data protection in the European Union.’’ The Council is the main decision-making body of the European Union, comprising the ministers of the Member States. Depending on the issue on the agenda, each country is represented by the minister responsible for that subject (foreign affairs, finance, social affairs, transport, agriculture, etc.).
Sarbanes-Oxley Meets EU Data Protection
EU data protection laws are being used by data protection authorities to challenge the legitimacy of whistleblower hotlines established in accordance with the US Sarbanes-Oxley Act of 2002 (SOX).
New Alternative Model Contract for the Transfer of Personal Data from the EEA
The EU Data Protection Directive has onerous restrictions regarding the transfer of personal data from the European Economic Area (EEA), such as to the U.S. One way to transfer personal data is through the use of EU approved model data transfer contracts. The EU has recently approved a new more ‘business friendly’ form of model contract which businesses should now consider when weighing up the different options for the transfer of personal data from the EEA.
New Legal Requirements in Online Marketing
The online environment has led to an increased level of sophistication in marketing activities carried out by businesses. The technology exists for businesses to develop very accurate profiles of the interests and preferences of their users. This information can be exploited to identify potential customers of their products and services. Businesses can then target large numbers of consumers efficiently and cost-effectively in their marketing campaigns.
The UK’s Data Protection Act of 1998
On 23 September 1980, the Organisation for Economic Cooperation and Development (“OECD”) adopted a set of guidelines concerning data protection and transborder dataflows. Following on from those guidelines, the EU enacted the Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data (the “Convention”) in 1981. The UK, in response to the OECD guidelines and the Convention, introduced The Data Protection Act 1984 (the “1984 Act”) which concentrated mainly on Personal Data which were stored and processed ‘automatically’ (i.e. computerised Personal Data). (more…)
EU and UK Regulation of Transborder Data Flows
As markets become more global, data protection awareness and compliance in transborder data flows is becoming increasingly important. There are important issues for companies wishing to send personal data to countries outside the European Economic Area (EEA). This paper considers the restriction on transfer of personal data outside the EEA under Directive 95/46/EC1 (the Directive) and in particular the eighth principle under the UK’s Data Protection Act 1998 (the Act),which implements the Directive in the UK, and the ways in which compliance with it’s requirements may be achieved.
As markets become more global, data protection awareness and compliance in transborder data flows is becoming increasingly important. There are important issues for companies wishing to send personal data to countries outside the European Economic Area (EEA). This paper considers the restriction on transfer of personal data outside the EEA under Directive 95/46/EC1 (the Directive) and in particular the eighth principle under the UK’s Data Protection Act 1998 (the Act),which implements the Directive in the UK, and the ways in which compliance with it’s requirements may be achieved.
EU Data Protection Directive
On 23 September 1980, the Organisation for Economic Co-Operation and Development adopted a set of guidelines concerning data protection and transborder data flows. Following on from those guidelines, the EU enacted the Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data (the “Convention”) in 1981. Within the EU, Member States had divergent laws on data protection and the EU took the view that it would be better to harmonise the laws of all Member States so that people could look to one standard when conducting Processing activity within the EU. At least, that was one of the aspirations. In 1995, after years of discussion the European Data Protection Directive 95/46 EC (the “Directive”) was eventually adopted.
EU and UK Regulation of Privacy Policies
Most organisations that conduct their business online will collect data relating to individuals at some stage during their operations, whether in relation to customers, target clients, or even their own employees. Personal data can be collected on websites by a variety of means: registration pages, requests for details when goods or services are ordered, competitions and surveys, or by the use of various tracking devices such as cookies. Whenever personal data is collected, the organisation responsible for the use of such data (known as the ‘data controller’) will need to comply with various legal requirements, and may be advised to follow certain good practice guidelines, all of which are designed to protect the privacy of the individual whose data is being collected.
EU Data Protection: “Binding Corporate Rules” as an Alternative to the “Safe Harbor” for Multinationals that Transfer Data to the U.S.
Global corporations with offices or customers in the European Union should be aware of the latest European Union proposal for compliance with its Data Protection Directive 95/46/EC with respect to internal transfers of information among members of the same corporate group. Interested parties will be submitting comments through September 30, 2003.