Second in a Two-Part Series
European Data Protection Regulation
In contrast to the White House’s proposal, which is limited to consumer transactions online and seeks adoption of a voluntary code of conduct in the first instance, the Data Protection Regulation (EU Regulation) proposed by the European Commission is detailed, comprehensive and, if passed by the European Parliament and Council, binding on all EU member states. Indeed, the proposed regulation, which replaces the current EU data protection directives, would likely have a much greater effect on companies operating outside the EU than is currently the case with the existing EU laws.
The proposed EU Regulation, which is 82 pages in length and contains 139 recitals, is a complex and multi-faceted proposal. Given the complexity of the proposed regulation and the divergent viewpoints in the EU member states, it is likely that the regulation will be modified in the coming months. Moreover, the regulation will only come into force two years after it is adopted by the European Parliament and Council. It is nonetheless important for companies to consider the salient features of the proposed law well before it is enacted and goes into effect because the proposed law will affect not only the collection and processing of data in the EU, but also the transfer of such data outside the EU. The law may also affect the internal structure of many companies’ data protection efforts.
Please see full publication below for more information.