Publications

Data Protection Directive reform: EU Commissioner promises less bureaucracy

19 May 2011

Viviane Reding, VP of the European Commission has provided further insight into what European businesses can expect from the upcoming refresh of Data Protection Directive.  Highlights from a key note speech delivered to the European Business Summit in Brussels on 18 May included the following:

  • In tacit recognition that data protection law compliance has become mired in bureaucracy and disharmonised country by country laws, Reding indicated that rules would be introduced to encourage self accreditation, particularly in respect of data transfer compliance.  Welcome news for international businesses which operate across multiple EU Member States.  We would expect an ability to self audit compliance (and the ability to  demonstrate that audits have been run) are likely to feature in Europe's refreshed data protection laws. This will make the role of Data Protection Officer critical to European businesses in the future;
  • The concept of 'privacy by design' - the notion that businesses deliberately design and build practices and procedures to ensure data protection compliance - was again specifically mentioned. This makes it a short odds favourite for the amendment most likely to be mentioned in the refresh to the current Directive that will be published later this year;
  • A specific statement that the revised laws will confirm a requirement for companies which are located outside the EU to comply fully with EU data protection law if they target their activities at Europe.  The possibility of expanding the safe harbor system to other parts of the world was mentioned.  Quite how this will be run and enforced remains another matter (no details on this were provided);
  • Another clear indication that mandatory security breach notification laws would be introduced in the EU in addition to those which currently apply to communications companies; and
  • An ambitious statement that a uniform European approach towards cloud computing should be achieved.

For full details of the speech click here.

Please contact James Mullock for further information.

Next publication

 

Contacts

If you want to find out more about any of the issues in this publication please get in touch with one of our experts.

Subscribe here for updates

These materials are written and provided for general information purposes only. They are not intended and should not be used as a substitute for taking legal advice. Specific legal advice should be taken before acting on any of the topics covered.