Tag Archives: E-Privacy Directive

Article 29 Working Party Releases Opinion on EU Data Breach Notification Framework

Posted on April 15, 2011 by Hunton & Williams LLP

On April 5, 2011, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the current EU personal data breach framework and recommendations for future policy developments (the “Opinion”).

In 2009, the revised e-Privacy Directive 2002/58/EC (the “e-Privacy Directive”) introduced a mandatory data breach notification regime for the telecommunications sector.  Pursuant to the e-Privacy Directive, telecommunications and internet service providers are required to report certain data breaches to their national regulator and to affected individuals.

Continue reading…

Tags: , , , , , , ,

Details of UK’s Approach to Implementation of EU Cookie Rule

Posted on March 16, 2011 by Hunton & Williams LLP

On March 16, 2011, UK Information Commissioner Christopher Graham shared details of the government’s proposals for the implementation of the e-Privacy Directive with delegates at the Direct Marketing Association’s Data Protection Conference in London. A letter from the Minister for Culture, Communications and Creative Industries, Ed Vaizey, provides important reassurance to business that “Government is committed to introducing the amended provision in a way that minimises impacts to business and consumers.” Continue reading…

Tags: , , , , ,

UK Information Commissioner Warns Businesses to “Wake Up” to the New EU Law on Cookies

Posted on March 11, 2011 by Hunton & Williams LLP

On March 8, 2011, the UK Information Commissioner’s Office (the “ICO”) issued a warning to UK businesses on the forthcoming amendments to the Privacy and Electronic Communications Directive (2002/58/EC as amended by 2009/136/EC) that will require businesses operating websites in the UK to obtain consent from website visitors to store information on their computers and retrieve that information in the form of cookies. Continue reading…

Tags: , , , , , ,

German Government Adopts Security Breach Notification Requirement in Telecommunications Act

Posted on March 2, 2011 by Hunton & Williams LLP

On March 2, 2011, the German Federal government adopted a draft law revising certain sector-specific data protection provisions in the German Telecommunications Act.  The draft law addresses the implementation of data breach notification requirements in the European e-Privacy Directive by introducing a breach notification obligation for telecommunications companies.

Continue reading…

Tags: , , , ,

European Network and Information Security Agency Publishes Report on Cookies

Posted on February 23, 2011 by Hunton & Williams LLP

On February 18, 2011, the European Network and Information Security Agency (“ENISA”), an advisory body created to enhance information security in the EU, announced the issuance of its report on cookies, entitled “Bittersweet cookies.  Some security and privacy considerations.” Continue reading…

Tags: , , , , , ,

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

Posted on January 17, 2011 by Hunton & Williams LLP

On January 14, 2011, the European Network and Information Security Agency (“ENISA”), which was created to enhance information security within the European Union, published a report entitled “Data breach notifications in the EU” (the “Report”).

Currently, there is wide debate throughout the EU regarding data breach notification requirements.  The debate stems from recent high-profile data breach incidents and the introduction of mandatory data breach notification requirements for telecommunication service providers imposed by EU Directive 2009/136/EC (amending EU Directive 2002/58/EC, the “e-Privacy Directive”), which must be integrated into EU Member States’ national laws by May 25, 2011.  The goal of the Report is to assist Member States, regulatory authorities and private organizations with their implementation of data breach notification policies.

Continue reading…

Tags: , , , , , , , ,

Regulating Privacy Across Borders in the Digital Age

Posted on November 18, 2010 by Hunton & Williams LLP

On November 10, 2010, the American Bar Association’s Section of Antitrust Law’s International Committee and Corporate Counseling Committee hosted a webinar on “Regulating Privacy Across Borders in the Digital Age: An Emerging Global Consensus or Vive la Difference?”.  A panel of senior officials and private sector experts provided insights on emerging cross-border data privacy and security issues.  Hunton & Williams partner Lisa Sotto was tapped to moderate an outstanding panel which included Billy Hawkes, Commissioner, Office of the Data Protection Commissioner, Ireland; Jennifer Stoddart, Commissioner, Office of the Privacy Commissioner, Canada; Hugh Stevenson, Deputy Director, Office of International Affairs, Federal Trade Commission; and Bojana Bellamy, Director of Data Privacy, Accenture (UK) Limited.  The high-profile speakers explored various privacy issues that have raised regulatory concerns around the world, including issues on behavioral advertising, cloud computing and data breaches.

Taken from a portion of the webinar, each panelist addressed their thoughts on the major issues that will dramatically change the privacy landscape over the next year.  In addition, they further discussed the revisions proposed in the EU Directive on Privacy and Electronic Communications.  Listen to the audio clip now.

Tags: , , , , , , , ,

Dutch Bill Proposes Data Breach Notification Requirements and Revised Cookie Regime

Posted on November 16, 2010 by Hunton & Williams LLP

In a move toward implementation of the EU e-Privacy Directive, on November 3, 2010, the Dutch Minister of Economic Affairs submitted a bill to the Dutch Parliament that would amend the Dutch Telecommunications Act to obligate telecom and internet service providers to provide notification of data security breaches, and require consent for the use of cookies (the “Bill”).

The proposed Bill would require telecom and internet service providers to notify the Dutch Telecom Authority (the “OPTA”) without delay in the event of a security breach involving personal data.  They also would be required to notify affected individuals without delay if the breach is likely to have an adverse effect on the protection of their personal data.  The Bill does not affect initiatives to introduce a broader data breach notification regime applicable to other industries outside the telecom sector.  The Dutch Minister of Justice recently stated that he expects to issue a proposal to implement a more general data breach notification law in 2011. Continue reading…

Tags: , , ,

Article 29 Working Party Issues Opinion on Online Behavioral Advertising

Posted on June 24, 2010 by Hunton & Williams LLP

On June 24, 2010, the Article 29 Working Party adopted Opinion 2/2010 (the “Opinion”) providing further clarification on online behavioral advertising.  The Working Party also issued a press release on this topic.  Although the scope of the Opinion is limited to online profiling, its interpretation of Article 5(3) of the amended e-Privacy Directive provides some useful clarifications regarding the legal framework applicable to online behavioral advertising and the use of cookies.  We provide a short analysis of the Opinion below.

Opt-in?  Browser setting as opt-in?  Opt-out?  The Opinion clarifies the Working Party’s interpretation of the new Article 5(3) and Recital 66 of the e-Privacy Directive.  According to the Working Party, Article 5(3) and Recital 66, along with the General Data Protection Directive (“Directive 95/46/EC”), require prior opt-in consent since “prior opt-in consent mechanisms are better suited to deliver informed consent.”

Continue reading…

Tags: , , ,

Viviane Reding Appointed New EU Commissioner for Fundamental Rights

Posted on December 1, 2009 by Hunton & Williams LLP

Commissioner Viviane Reding has been chosen as Commissioner for Justice, Fundamental Rights, and Citizenship in the new European Commission that is set to take office in early 2010 (assuming approval by the European Parliament).  Ms. Reding’s responsibilities will thus include data protection, including the Commission’s ongoing review of the EU framework for data protection.  She is currently EU Commissioner for Information Society & Media, where she oversaw review of the e-Privacy Directive and the EU legislative framework for telecommunications.  Commission President Barroso appointed a separate commissioner for fundamental rights as part of a commitment he made to the European Parliament to give greater profile to such issues.  Commissioner Reding will share a Directorate-General with Commissioner Cecilia Malmström, who is in charge of Home Affairs (i.e., law enforcement).  It remains to be seen how appointing a separate commissioner in charge of fundamental rights (rather than having a single commissioner in charge of both law enforcement and fundamental rights, as is the case in the current DG Justice, Liberty and Security) will affect the data protection portfolio.

Tags: , , ,