Since the 2009 amendments to Article 5(3) of the ePrivacy Directive (2002/58/EC) regarding cookies and consent, there has been considerable debate over what web sites and ad networks must do in order to deploy cookies lawfully, and over what constitutes informed consent from users (e.g., opt-in versus opt-out).  For a flavour, see the Article 29 Working Party Opinion 2/2010 on online

The EU’s ‘cyber security’ agency ENISA has issued a report on data breach notifications in the EU.  The report is in response to the 2009 amendments to the ePrivacy Directive requiring telecom and Internet service providers to issue notifications for personal data breaches, which Member States must transpose into national legislation by May 2011. 

The ENISA report reviews best practices in countries where data breaches already are required or are expected to be notified (e.g., Germany, Spain and Ireland), highlights concerns of providers and regulatory authorities regarding the new EU-wide mandatory notification regime, and identifies areas where further EU level or local guidance is needed. 

Continue Reading ENISA report on data breach notifications in the EU