Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: EU Data Protection Directive

Posted in International/EU Privacy

Spanish Supreme Court Annuls Limitation on Processing of Personal Data

Following the advice of the Court of Justice of the European Union in its November 2011 ruling, the Spanish Supreme Court struck down certain provisions of Spain’s data protection law that it said went beyond the requirements of the EU Data Protection Directive (95/46/EC), in a ruling made public February 13, 2012.

Posted in International/EU Privacy

European Commission Releases Official Draft of Groundbreaking Data Protection Regulation

The European Commission today published its proposal for a new Data Protection Regulation. The Regulation, which is not likely to come into force before 2014, is intended to harmonise data protection law in all 27 EU Member States and thus remove current differences which have proved problematic for business and individuals.

Posted in International/EU Privacy

Pending Revision of EU Directive Prompts Questions About Safe Harbor

The pending proposal from the European Commission for revision of the EU Directive (expected in early 2012) raises questions about the efficacy under a revised Directive of the EU-US Safe Harbor framework, which permits the legal cross-border transfer of personal data from the EU to the US for companies enrolled in the Safe Harbor and committed to the requisite privacy protections. That’s the recent observation in Europolitics, the European Affairs daily, quoted in this blog entry, along with the rousing defense of the Safe Harbor offered by Google’s Global Privacy Counsel Peter Fleischer.

Posted in International/EU Privacy

France Implements EU Requirements for Data Breach Notification, Audits and Cookies Applicable to Electronic Communications Service Providers

On August 26, 2011 France implemented new EU provisions on data breach notifications for electronic communications providers, as well as new provisions requiring prior consent for cookies. The French measure also gives the government power to order security audits for electronic communications providers.

Posted in International/EU Privacy

Article 29 Working Party to OBA Industry on Meeting Cookie Consent Requirement: “Nice try, but…”

The Article 29 Working Party in the EU has thrown cold water on proposals by the OBA industry to avoid the literal application of the so-called Cookie Directive for specific opt-in consent to the placement of tracking cookies, whether personal data is tracked or not. In a letter sent in advance of a September meeting between the parties, the Working Party rejects a range of proposals from the OBA industry.

Posted in International/EU Privacy

Article 29 Working Party Guidelines on Consent will Lead to More Pop-ups

Article 29 WP has issued guidelines in which it recommends separate pop-ups and affirmative “check the box” consent options. Consent clauses buried in terms of use are not specific enough to meet European requirements, according to tthe guidelines. Consent requires an affirmative ‘click’ by the consumer. Browser settings alone may not be sufficient, which raises questions under new EU cookie regulations. Details are contained in this blog posting.

Posted in International/EU Privacy

Europe’s Article 29 Working Party issues smart meter guidelines

Europe’s group of data protection authorities, the Article 29 Working Party, issued an opinion on smart meters, which goes into surprising detail on points such as the size of the display for the user interface, the need for a ‘push button’ consent module for consumers, the need to keep load graph data stored locally whenever possible. The Art 29 WP stresses the need for energy suppliers and third party energy service companies to develop detailed data retention policies to ensure smart meter data are deleted as soon as no longer needed.

Posted in International/EU Privacy

EU Article 29 Working Party Decrees Strict Opt-In Standards for Behavioral Advertising Data Collection

On June 22, the Article 29 Working Party published an opinion clarifying the EU legal framework for those involved in online behavioral advertising. While it put forth strict guidelines for behavioral advertising in the EU, the working partypraised certain privacy-enhancing practices incorporated into behavioral advertising today and specifically encouraged industry to develop technical means to comply with the framework and “to exchange views” with the working party regarding such means.

Posted in International/EU Privacy

Article 29 Working Party Provides Guidance On Data Controller/Processor Concepts

On 16 February 2010, the Article 29 Working Party adopted an opinion on the concepts of data “controller and “processor”, which are crucial for determining who is responsible for compliance with EU data protection rules. The opinion provides a comprehensive analysis as well as practical examples and rules of thumb on how to approach the concepts pragmatically.

Posted in International/EU Privacy

Uruguay Close To Receiving EU Adequacy Recognition?

Uruguay may be on its way to become the second Latin-American country recognized by the European Commission as offering an adequate level of data protection. Last month, the Uruguayan government adopted a set of regulations implementing the country’s 2008 Personal Data Protection Act (Law 18331). The implementation of this new law, as well as the […]