1 / 12

EU Privacy Directive

EU Privacy Directive. What is a directive?. A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure that directives are implemented in their legal systems. The EU Privacy Directive. Passed in 1995 Operative 10/24/98

asher
Download Presentation

EU Privacy Directive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EU Privacy Directive

  2. What is a directive? • A piece of European legislation, passed by bureaucrats, addressed to member states • Member states must ensure that directives are implemented in their legal systems

  3. The EU Privacy Directive • Passed in 1995 • Operative 10/24/98 • Does not allow transfer of data outside the EU to countries that lack adequate personal data privacy safeguards

  4. Applies to “Data Controllers” • If you operate a Website the collects any personal information, then you are a data controller • This includes “cookies” • Visible collection of data from online users gives rise to argument that user has given consent

  5. Seven Guiding Principles • Notice – users should know data is being collected • Purpose – data should be used only for stated purpose • Consent – no disclosure without subject’s consent • Security – data should be kept secure from abuses • Disclosure – subjects should know is collecting data • Access – review and correction of data • Accountability – collectors of data should be accountable

  6. The Safe Harbor • Benefits • All 27 EU member states are bound • Deemed adequate by EU and data flows will continue • Requirements for prior approval waived • Claims brought by EU citizens generally heard in the U.S.

  7. How To Join • Must certify compliance annually with Dep’t of Commerce • Must state compliance in privacy policy • Can join a self-regulatory privacy program • Develop own self-regulatory privacy program

  8. What do Safe Harbor Principles Require? • Notice • Must notify individuals as to why data is being collected • Must notify about disclosures to third parties • Must describe choices for limiting use and disclosure • Must provide contact information for complaints

  9. Choice and Onward Transfer • Must give individuals a chance to opt out • For “sensitive” information, must require users to opt in • On transfer, written agreements with 3d parties are permitted so long as they certify to compliance

  10. Access and Security • Individuals must be able to access personal info • Must be able to correct or delete personal info • Organizations required to take reasonable measures to protect data • Must be procedures and contacts to fix any problems stemming from noncompliance • Dispute resolution programs (Truste or BBBonline)

  11. Impact • Relatively few U.S. companies have signed up for the safe harbor • Although many companies are coming close to it in any event • EU not enforcing that much – if at all • Companies that do comply have large European presence and large data collection activities or are in eye of European regulators for other reasons • Sort of like the Venus de Milo – Often discussed, much admired, but rarely embraced • All of this could change very fast

More Related