On January 24, 2018, the European Commission issued a communication to the European Parliament and the Council (the “Communication”) on the direct application of the EU General Data Protection Regulation (“GDPR”). The Communication (1) recounts novel elements of the GDPR that create stronger protections for individuals and new opportunities for organizations, (2) reviews preparatory work undertaken to date for GDPR implementation, (3) outlines remaining steps for successful preparation and (4) outlines measures the European Commission intends to take up until May 25, 2018. Continue Reading EU Commission Releases Communication on Remaining Issues for GDPR Preparation
On October 19, 2017, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) narrowly voted to approve an amended version of the e-Privacy Regulation (“Regulation”). The committee vote is an important step in the process within the European Parliament. This vote will be followed by a vote of the European Parliament in its plenary session on October 23-26. If the plenary also votes in favor, the European Parliament will have a mandate to begin negotiations with the Member States in the Council. If these negotiations (commonly known as “trilogue”) succeed, the Regulation will be adopted.
On September 14, 2017, the UK Government introduced a new Data Protection Bill (the “Bill”) to Parliament. The Bill is intended to replace the UK’s existing Data Protection Act 1998 and enshrine the EU General Data Protection Regulation (the “GDPR”) into UK law once the UK has left the European Union. The GDPR allows EU Member States to enact, via national law, exemptions from the various provisions of the GDPR, which the Bill also seeks to implement.
On September 11, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a white paper on the Proposal for an ePrivacy Regulation (the “White Paper”). The White Paper comments on the European Commission’s proposal to replace and modernize the privacy framework for electronic communications contained in the current ePrivacy Directive and to align it with the EU General Data Protection Regulation (“GDPR”).
On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield (“Privacy Shield”) is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating. On March 31, 2017, the EU Commissioner for Justice, Věra Jourová, announced that the joint review will take place in September 2017. Continue Reading Privacy Shield First Annual Joint Review to Take Place in September 2017
On January 10, 2017, the European Commission announced the final elements of its long-awaited “digital single market” strategy for Europe. The announcement includes two new proposed EU regulations as well as a European Commission Communication, as described below. Continue Reading European Commission Announces Final “Digital Single Market” Strategy for Europe
On September 8, 2016, Advocate General Paolo Mengozzi of the Court of Justice of the European Union (“CJEU”) issued his Opinion on the compatibility of the draft agreement between Canada and the European Union on the transfer of passenger name record data (“PNR Agreement”) with the Charter of Fundamental Rights of the European Union (“EU Charter”). This is the first time that the CJEU has been called upon to issue a ruling on the compatibility of a draft international agreement with the EU Charter. Continue Reading Advocate General Advises Revision of PNR Agreement between EU and Canada
On July 8, 2016, EU representatives on the Article 31 Committee approved the final version of the EU-U.S. Privacy Shield (“Privacy Shield”) to permit transatlantic transfers of personal data from the EU to the U.S.
On June 29, 2016, Politico reported that it has obtained updated EU-U.S. Privacy Shield documents following the latest negotiations between U.S. and EU government authorities. Certain aspects of the prior Privacy Shield framework were criticized by the Article 29 Working Party, the European Parliament and the European Data Protection Supervisor. Continue Reading Revised Privacy Shield Documents Leaked to Politico
According to Bloomberg BNA, the EU-U.S. Privacy Shield framework could be approved by the European Commission in early July. The Privacy Shield is a successor framework to the Safe Harbor, which was invalidated by the European Court of Justice in October 2015. Certain provisions of the Privacy Shield documents, previously released by the European Commission on February 29, 2016, have been subjected to criticism by the Article 29 Working Party, the European Parliament and the European Data Protection Supervisor. According to Bloomberg BNA, the previously released draft adequacy decision, one of the Privacy Shield documents released on February 29, 2016, is expected to be modified. Continue Reading European Commission Could Approve Privacy Shield in Early July