Presentation is loading. Please wait.

Presentation is loading. Please wait.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Published byBrandon Hood Modified over 10 years ago

Similar presentations

Presentation on theme: "EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure."— Presentation transcript:

1 EU Privacy Directive

2 What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure that directives are implemented in their legal systems

3 The EU Privacy Directive Passed in 1995 Operative 10/24/98 Does not allow transfer of data outside the EU to countries that lack adequate personal data privacy safeguards

4 Applies to Data Controllers If you operate a Website the collects any personal information, then you are a data controller This includes cookies Visible collection of data from online users gives rise to argument that user has given consent

5 Seven Guiding Principles Notice – users should know data is being collected Purpose – data should be used only for stated purpose Consent – no disclosure without subjects consent Security – data should be kept secure from abuses Disclosure – subjects should know is collecting data Access – review and correction of data Accountability – collectors of data should be accountable

6 The Safe Harbor Benefits – All 27 EU member states are bound – Deemed adequate by EU and data flows will continue – Requirements for prior approval waived – Claims brought by EU citizens generally heard in the U.S.

7 How To Join Must certify compliance annually with Dept of Commerce Must state compliance in privacy policy Can join a self-regulatory privacy program Develop own self-regulatory privacy program

8 What do Safe Harbor Principles Require? Notice – Must notify individuals as to why data is being collected – Must notify about disclosures to third parties – Must describe choices for limiting use and disclosure – Must provide contact information for complaints

9 Choice and Onward Transfer Must give individuals a chance to opt out For sensitive information, must require users to opt in On transfer, written agreements with 3d parties are permitted so long as they certify to compliance

10 Access and Security Individuals must be able to access personal info Must be able to correct or delete personal info Organizations required to take reasonable measures to protect data Must be procedures and contacts to fix any problems stemming from noncompliance Dispute resolution programs (Truste or BBBonline)

11 Impact Relatively few U.S. companies have signed up for the safe harbor – Although many companies are coming close to it in any event EU not enforcing that much – if at all Companies that do comply have large European presence and large data collection activities or are in eye of European regulators for other reasons Sort of like the Venus de Milo – Often discussed, much admired, but rarely embraced All of this could change very fast

12

Download ppt "EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson

Per Anders Eriksson
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 9-1.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

Similar presentations

Ads by Google