The European Parliament’s Civil Liberties Committee has published its draft report on the proposed EU Data Protection Regulation that is causing concern for many corporations. http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf.
The report sets out amendments to the draft EU data protection regulation published by the European Commission last January (the “Regulation”)
Despite being one of the most lobbied pieces of European legislation, many will be disappointed that as amended the draft Regulation still imposes very significant burdens on businesses that are in the EU, or which are outside the EU but offer goods or services to EU customers, with fines of up to 2% of annual worldwide turnover.
The European data protection authorities (DPAs), represented by the Article 29 Working Party, have launched a Binding Corporate Rules (BCRs) regime for processors. Processors can implement these BCRs from 1 January 2013. BCRs are internal codes of conduct that are legally enforceable for data protection and security and, once approved by DPAs, provide a legal basis for transfer of personal data from the EU.
The deadline of 26 May 2012 for businesses to comply with new EU website cookie consent requirements in the UK has now passed. Under the EU’s amended e-Privacy Directive 2002/58/EC new rules were introduced last year for businesses to obtain the consent of website users to place cookies on a user’s computer. Although EU Member States were required to implement the consent requirements by 25 May 2011, the UK’s Information Commissioner’s Office (“ICO”) gave businesses a 12 month grace period to become compliant with the new law which ended on 26 May 2012. Many other EU Member States have still to implement the cookie consent requirements with only 20 of the 27 Member States having so far implemented the requirements into their national laws.1
Scrip Regulatory Affairs
The EU Data Protection Regulation proposed by the European Commission in January will – if adopted in its current form – require pharmaceutical and medical device companies to adopt a new approach to data processing and data protection.
This article was published in the March 2012 issue of Scrip Regulatory Affairs.
The official proposal for an EU Regulation on Data Protection was released in Brussels on Wednesday 25 January 2012 (the “Regulation”). The Regulation, which will replace the existing EU data protection regime, will have a significant impact on almost every business either established in the EU or that has EU customers. The proposed Regulation will now be discussed in detail over the next few months as it goes through the European legislative process and is set to be adopted in 2014. The main implications of the proposed Regulation are summarised below.
A draft of a new EU Regulation on Data Protection to replace the existing EU Data Protection Directive was released un-officially earlier this week. The draft Regulation once adopted will have a significant impact on virtually all businesses established in the EU, or who carry on business with the EU, introducing significant internal compliance requirements and fines that range up to 5% of worldwide turnover.
In an article published by the Bureau of National Affairs, John Casanova and William Long of the London office of Sidley Austin and Alan Raul and Ed McNicholas of the Sidley Washington office provide their initial analysis of this significant new EU development. For further information on this development and other EU data protection requirements please contact John Casanova or William Long and for counseling in relation to US privacy issues please contact Alan Raul.
Reproduced with permission from Privacy & Security Law Report, Vol. 10 PVLR No. 48, 12/12/2011. Copyright 2011 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
New EU cookie consent requirement
BNA’s Privacy & Security Law Report
Following meetings held Feb. 24-25, the Council of the European Union released its ‘‘Conclusions’’ in response to the EU Commission’s Nov. 4, 2010 ‘‘Communication’’ proposing ‘‘a comprehensive approach on personal data protection in the European Union.’’ The Council is the main decision-making body of the European Union, comprising the ministers of the Member States. Depending on the issue on the agenda, each country is represented by the minister responsible for that subject (foreign affairs, finance, social affairs, transport, agriculture, etc.).