Presentation on theme: "EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure."— Presentation transcript:
What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure that directives are implemented in their legal systems
The EU Privacy Directive Passed in 1995 Operative 10/24/98 Does not allow transfer of data outside the EU to countries that lack adequate personal data privacy safeguards
Applies to Data Controllers If you operate a Website the collects any personal information, then you are a data controller This includes cookies Visible collection of data from online users gives rise to argument that user has given consent
Seven Guiding Principles Notice – users should know data is being collected Purpose – data should be used only for stated purpose Consent – no disclosure without subjects consent Security – data should be kept secure from abuses Disclosure – subjects should know is collecting data Access – review and correction of data Accountability – collectors of data should be accountable
The Safe Harbor Benefits – All 27 EU member states are bound – Deemed adequate by EU and data flows will continue – Requirements for prior approval waived – Claims brought by EU citizens generally heard in the U.S.
What do Safe Harbor Principles Require? Notice – Must notify individuals as to why data is being collected – Must notify about disclosures to third parties – Must describe choices for limiting use and disclosure – Must provide contact information for complaints
Choice and Onward Transfer Must give individuals a chance to opt out For sensitive information, must require users to opt in On transfer, written agreements with 3d parties are permitted so long as they certify to compliance
Access and Security Individuals must be able to access personal info Must be able to correct or delete personal info Organizations required to take reasonable measures to protect data Must be procedures and contacts to fix any problems stemming from noncompliance Dispute resolution programs (Truste or BBBonline)
Impact Relatively few U.S. companies have signed up for the safe harbor – Although many companies are coming close to it in any event EU not enforcing that much – if at all Companies that do comply have large European presence and large data collection activities or are in eye of European regulators for other reasons Sort of like the Venus de Milo – Often discussed, much admired, but rarely embraced All of this could change very fast
Your consent to our cookies if you continue to use this website.