EU Data Protection Directive

Subscribe to EU Data Protection Directive

UK Government Proposes Cybersecurity Law with Serious Fines

By Mark Young on August 31, 2017

Posted in Data Security, European Union, United Kingdom

Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive). The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or 4% of global turnover (whichever is greater).

We summarise the UK Government’s plans below, including which organisations may be in scope — for example, in the energy, transport and other sectors, as well as online marketplaces, online search engines, and cloud computing service providers — and the proposed security and incident reporting obligations.

Organisations that are interested in responding to the consultation have until September 30, 2017 to do so. The UK Government will issue a formal response within 10 weeks of this closing date, and publish further security guidance later this year and next. A further consultation on incident reporting for digital service providers will be run later this year; the Government invites organisations that are interested in taking part to provide appropriate contact details.
Continue Reading UK Government Proposes Cybersecurity Law with Serious Fines

The General Data Protection Regulation – Council is Moving Forward in Great Strides

By Inside Privacy on March 17, 2015

Posted in European Union

Last Friday, the Council, which represents the 28 EU Member States, reached a partial general approach on the so-called “one stop shop” mechanism (Chapters VI and VII) and principles for protecting the personal data (Chapter II) (see the press release here, which also contains links to the latest draft texts as prepared by the…

Belgian Government Calls for EU Data Protection Authority

By Kristof Van Quathem on January 29, 2015

Posted in European Union, International

On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority. He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia). The…

The EU data protection regulation after 3 years of negotiation

By Covington & Burling LLP on January 5, 2015

Posted in European Union

By Jean de Ruyt and Sebastian Vos

On January 25, 2012, the European Commission presented a proposal for a “Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “Data Protection Regulation” (DPR). The Commissioner in charge of justice at the time, Viviane Reding, aware of the complexity of the matter, stated jokingly that she hoped a decision on this proposal would at least be reached by the end of her term, i.e. in October 2014.

Reding is now gone, a new EU Commission is in place, but the Council of Ministers has only agreed very recently on a few chapters of the ninety page proposal; “Trilogue” negotiations between the European Parliament, the Council, and the Commission have not even started. When, recently, the new Commissioner, Vera Jourova, claimed that a final agreement will be reached before the end of 2015, this deadline was seen by experts as wishful thinking, just as all those announced previously by her predecessor.

The Parliament cannot be blamed: on 12 March 2014, just before being dissolved in preparation for the May elections, it endorsed with 621 votes in favor, 10 against and 22 abstentions, the position on the regulation adopted by the LIBE (Civil Liberties, Justice and Home Affairs) Committee. But this vote was seen more as a political move (in the context of the NSA scandal) than a nuanced and balanced approach to the difficult issues at stake. The stronger safeguards inserted, the increased level of fines, and some radical definitions are light years away from the compromises currently discussed in the Council. So even when the Council will have reached a common position (or “general approach”) on the whole text, reconciling this position with the Parliament’s might take a long time – or end up in a deadlock.…

Continue Reading The EU data protection regulation after 3 years of negotiation

The EU’s Highest Court Rules That The EU’s Data Protection Directive Applies To Home Security Surveillance Cameras

By Inside Privacy on December 15, 2014

Posted in Electronic Surveillance and Law Enforcement Access, European Union, International

By Fredericka Argent

Last week, the Court of Justice of the European Union (CJEU) ruled that owners of home surveillance cameras could be breaching the EU Data Protection Directive 95/46/EU (the Directive), when those cameras are used to monitor public spaces. The ruling was made following a request from the Nejvyšší správní soud (The Supreme Administrative Court of the Czech Republic) for interpretive guidance.

According to the facts, Mr Ryneš, from the Czech Republic, had set up a camera to monitor the footpath outside of his home in response to a series of break-ins that he and his family had suffered. One of the suspects of a break-in was subsequently caught on camera, and the video recording was used as evidence in the criminal proceedings that followed. However, the suspect separately made a complaint to the Czech Data Protection Office that the surveillance system used by Mr Ryneš was unlawful. The Czech Data Protection Office agreed. Mr Ryneš then brought an action challenging that decision, which was appealed to the Czech Supreme Court.
Continue Reading The EU’s Highest Court Rules That The EU’s Data Protection Directive Applies To Home Security Surveillance Cameras