Category European Parliament

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More

European Parliament adopt GDPR in the last hour

IJuncke gets it sortedn the last 15 minutes, the European Parliament adopted the EU General Data Protection Regulation (GDPR).

In a news statement issued by the European Parliament at 1.12pm (European Time):

New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also sets minimum standards on use of data for policing and judicial purposes.

Parliament’s vote ends more than four years of work on a complete overhaul of EU data protection rules.

The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a general regulation designed to give citizens more...

Read More

GDPR becomes law next week

Get Ready for GDPRThe Council of Ministers has just published its FINAL TEXT of the EU General Data Protection Regulation (GDPR) and its statement for reasons for the biggest shake up in data protection and privacy for nearly two decades.

In an official communique, dated 4 April 2016, the General Secretariat of the Council said:

At its 3445th meeting on 12 February 2016, the Economic and Financial Affairs Council reached political agreement on the Council’s position at first reading on the (GDPR). After finalisation by the legal/linguistic experts, the text of the Council’s position at first reading (5419/16) will be available in all official languages of the European Union by the end of the day on 6 April 2016...

Read More

This week’s competition is ‘spot the difference’ between DPA 1998 and GDPR

spot the differenceIt’s not as easy as it looks, is it? And that goes for the differences between the Data Protection Act (DPA) 1998 and the forthcoming EU General Data Protection Regulation (GDPR) on course to gain consent from the European Commission, European Parliament and European Council of Ministers in early January2016.

That means it will be fully implemented at the end of 2017 after the 2-year transition period expires.

Once GDPR has achieved agreement, the Data Protection Directive 95/46/EC is repealed and the basis for the DPA 1998 has effectively been removed.

The legal position as to what happens during the transition period is still to be worked out but by far the safest course of action is for organisations to comply fully with the data protection principles enshrined under the GDPR, given t...

Read More

Goodbye to ‘Safe Harbor’ as US companies need to start playing by the same rules

not so safe harborThis week the blogosphere went into overdrive with the news that the non-binding legal opinion of the Advocate General of the European Court of Justice claims that EU user data transferred to the US by various technology companies is a violation of current EU data protection and privacy laws.

Even before this opinion, the European Commission was already attempting to re-negotiate the Safe Harbor Agreement with the US. The Advocate General observed: “If the (European) Commission decided to enter into negotiations with United States, that is because it considered beforehand that the level of protection ensured by that third country, under the safe harbour scheme, was no longer adequate.”

And of course, he’s impeccably right in this regard.

The cornerstone of this highly influential leg...

Read More

GDPR is a top priority for the EC this year – Juncker

JunckerThis morning (Wed 9 September 2015) European Commission President Jean-Claude Juncker has revealed the priorities in the business of the European Commission and this includes reform of Europe’s data protection and privacy laws against the backdrop of a connected single digital market.

Juncker indicated in his speech today as well as in an open letter to European Parliament, co-signed by Frans Timmermans, first Vice President of the European Commission that “over the next few weeks the Commission will engage actively with the European Parliament and the Council to take forward discussions on these issues.”

In a ten-point priority list, Juncker clearly signalled the reform of data protection and privacy and the single digital market as being on the top of priorities that will dominate ...

Read More

EDPS demands Data Protection Officers are compulsory under GDPR

ButtarelliThis week the EU’s independent privacy watchdog, the European Data Protection Supervisor (EDPS) has declared wide ranging support for the European Parliament’s version of the EU General Data Protection Regulation (GDPR) that’s the subject of trilogue negotiations between the European Commission, European Parliament and Council that may be concluded as early as end of October 2015.

However, a notable difference between the EDPS and the European Parliament’s view is the mandatory appointment by organisations and companies of a Data Protection Officer (DPO).

It’s worth noting that 35% of all EU Member States currently require the appointment of a DPO as a compulsory measure, so it would take just 16% of other EU Member States to make this the majority view within the EU.

Under Section...

Read More

DPO is ‘compliance orchestrator’ under GDPR says Working Party 29

Zubin MethaFor Working Party 29 (WP29), the role of the Data Protection Officer (DPO) under the forthcoming EU General Data Protection Regulation (GDPR) is the cornerstone of accountability as well as being a real tool of competitiveness for companies.

Tasked with the implementation of accountability tools that include the policies, procedures documentation, data protection impact assessments as well as internal training for all employees entrusted with handling customer data, the DPO is more like a ‘compliance orchestrator’ in much the same way as a conductor of a symphony orchestra, such as Parsee-born Zubin Mehta, conductor of the Israeli Philharmonic Orchestra.

In its advice note to the European Commission, European Parliament and Council of Ministers, WP29 said: “While recognising the need f...

Read More

What GDPR means for organisations and companies in 2015

Get Ready for GDPRCompanies and organisations that use data at the centre of their sales and marketing activities – and that’s just about everyone reading this blog – will be impacted by the forthcoming EU General Data Protection Regulation (GDPR).

Agreement between the European Parliament, Council of Ministers and European Commission now looks like a distinct possibility in November/December 2015 after which there’ll be a two-year transition period before sanctions begin to bite.

How the GDPR fits into an overall framework of changes within the European Union

EU Charter of Fundamental Rights

The Charter is an important development as it’s the first formal EU document to combine and declare all the values and fundamental rights (economic and social as well as civil and political) to which EU citize...

Read More

Is Google taking the pee out of data protection?

Google taking the pissIt’s no exaggeration to claim but when the history of data protection and privacy is written 10 years from now, one company will be credited with having had the most influence over the shape of data protection and privacy across the European Union (EU).

And it’s Google.

No week goes past without some reference to one of the most powerful digital companies on the planet. And this week just gone has been no exception.

On Thursday 9 July, Google was forced to revise its privacy policy after the Dutch Data Protection Authority (DPA) threatened to fine company €15m. Google will now have to seek new users’ permission to combine their personal data throughout its services...

Read More