European Commission's Proposed Change to the EU Data Protection Laws: Detailed Analysis

more+
less-

Introduction

In advance of formal publication, the European Commission sent the proposed Data Protection Framework for the EU for inter-service consultation with the Directorates-General, which consists of a Data Protection Regulation and a new Police and Criminal Justice Data Protection Directive. Following this period of consultation, the European Commission's final draft will be submitted to the European Parliament, with the timing estimated during the latter part of January 2012. These documents were first leaked to the press, and highlighted in our recent blog. Originals can be obtained at Statewatch.

Objective

The European Commission has sought to fulfil its long-stated ambitions of harmonising the data protection regime across Europe, and of enhancing individual's rights. While one of the stated objectives is also "cutting red tape for businesses", it is difficult to see how this objective has been met in the draft documents, given the increased burdens on industry. Another stated objective of the Commission was to give individuals more control over their data, to address issues related to children's use of the Internet. The Commission will seek to have European Parliamentary approval of the Framework by the end of 2012, which, if met, means a new Data Protection Framework may be in force sometime in 2013.

Scope

If there was ever any doubt as to whether European data protection law applied outside the EU, then this draft regulation should remove it. Article 2 explicitly extends the scope of the regulation to any controller, established inside or outside of the EU, who processes personal data of EU citizens. Where an organisation is outside the EU, it must appoint an EU representative.

More surprising is that the Regulation will apply to individual persons who make the "personal data of other natural persons [sic] accessible to an indefinite number of individuals"; in other words, the regulation applies to individuals who post others' personal data on the Internet.

Please see full Alert below for further information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Administrative Agency Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Reed Smith | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »