Printed from the Field Fisher Waterhouse web site
Web address: http://www.ffw.com/publications/all/articles/tech-bytes-data-reliant-world.aspx

Find a publication

Click on one, or a combination of menus below to locate the publications you are looking for.




Cancel Search


RSS publication feeds

Contacts

Related practices

Related sectors

Related offices

Icons Key

<global:term runat=server TermName='icons_alerts' />Alerts

<global:term runat=server TermName='icons_articles' />Articles

<global:term runat=server TermName='icons_books' />Books

<global:term runat=server TermName='icons_papers' />Briefing papers

<global:term runat=server TermName='icons_newsletters' />Newsletters

<global:term runat=server TermName='icons_podcasts' />Podcasts

Practices

An ambitious new framework for a data reliant world

07 February 2012

The most radical global attempt ever to regulate the exploitation of personal information is now in the public domain.  Following several weeks of increasing expectation about the content of the proposals, the European Commission published on 25 January 2012 two legislative documents: a Regulation setting out a general EU framework for data protection and a Directive on protecting on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities. 

Looking at the Regulation, the immediate reaction is that after many years of a principles-based approach, the new law will go much further than that and establish a new system of powerful rights and very prescriptive and uniform obligations across the EU.

The draft Regulation sets out very clearly its extra-territorial reach, which as Viviane Reding put it, will apply to companies that are active in the EU market and offer their services to EU citizens – although it is really ‘EU residents’.  What is also obvious is that the new law is targeted at companies operating on the internet and aims to shake up the way they tackle privacy issues.

The bulk of the proposed Regulation brings with it a whole new set of practical obligations for organisations – from data protection by default and the appointment of representatives by non-EU companies to the production of compliance policies and privacy impact assessments, and the compulsory designation of data protection officers.  Plus of course, nearly immediate data breach notification.  These obligations are a trade off for the overall reduction in regulator-facing administrative requirements, but also the basis for a new way of demanding practical compliance in the black letter of the law.

  

Tech Bytes contents

An ambitious new framework for a data reliant world

European Commission ecommerce action plan

European framework for "notice-and-take-down" procedures

Creating an integrated card, e-payments and mobile payments market for Europe

Commission consults on technology transfer agreements

Public sector information:  EU open data proposals

Public sector – UK government advocates new strategic approach to procurement

Let's call the whole thing off – outsourcing exits

The prospect of substantial monetary fines based on the annual worldwide turnover of a company (up to 2%) may contribute to get the attention of some decision makers, but the real test for the proposed framework will be its viability in an ever-changing data reliant world.

This is by no means the end of the road.  My expectation is that 2012 will be a crucial year to influence the outcome of the new law and policy makers will be looking for input from all key stakeholders.

Field Fisher Waterhouse will be holding a briefing to discuss the proposed EU Data Protection Regulation on Monday 13 February 2012.  Click here for further details

For more information please contact Eduardo Ustaran, Partner and head of the Privacy and Information Law Group at Field Fisher Waterhouse LLP.