May 24, 2012

Overhaul of European Data Protection Law Announced

Morgan, Lewis & Bockius LLP.
Labor & Employment Practice
Morgan, Lewis & Bockius LLP
Saturday, February 4, 2012
Administrative & Regulatory / Communications, Media & Internet / Intellectual Property
European Union
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

European Commission proposal for a new General Data Protection Regulation aims to strengthen and harmonise data protection law across Europe.

On 25 January, the European Commission published its proposal for a General Data Protection Regulation. The extensive proposals would significantly increase data protection across Europe. 

The key proposals are as follows:

  • Harmonisation: A single set of rules will apply across Europe. It has been suggested that introducing a collective set of rules to replace the current assortment of European data protection legislation will save businesses around €2.3 billion a year. 

  • Scope of the Regulation: The new rules will apply to businesses based in Europe as well as to businesses based outside the European Union that process European citizens’ personal data for the sale of goods or services, or the monitoring of their behaviour. The new rules will therefore affect a large number of US and other international businesses. 

  • Fines: The penalties for noncompliance will be significant, with businesses facing proposed fines of up to €1 million or up to 2% of their annual worldwide turnover (depending on whether the organisation is an ‘enterprise’). 

  • Explicit consent: The new definition of ‘consent’ under the proposed Regulation includes a requirement that consent must be explicitly obtained. Businesses will not, therefore, be able to assume an individual’s consent. 

  • Right of portability: Accessibility to data will be improved, and individuals will have the right to freely transfer data from one electronic processing system to another. 

  • Notification requirements: Organisations will be required to notify their supervisory authority of a security breach without undue delay, which means within 24 hours if that is feasible. If the notification is not made with 24 hours, it will need to be accompanied by a reasoned justification. 

  • Right to be forgotten: Individuals will have the right, at their request, to be forgotten by a specific organisation and their data deleted from its files unless there is a legitimate ground for keeping it. 

  • Data protection officers: Organisations that employ more than 250 people will be required to have a designated data protection officer. The data protection officer will have specific duties in relation to advising and monitoring the organisation and ensuring compliance. 

Speaking at a press conference, the Vice President of the European Commission, Viviane Reding, explained that the changes would increase individuals’ trust and confidence in how their data is being processed. However, preparing for the changes and ensuring compliance is likely to place a large administrative and financial burden on businesses with a European presence, and the penalties for noncompliance will be significant. 

The next step for the implementation of the changes is for the proposed General Data Protection Regulation to be considered by the European Parliament and the Council of the European Union, during which time it is expected that there will be a widespread debate on the proposals, and that the proposed Regulation will be subject to amendment. Once the final Regulation is approved, it is likely that it will not come into force for a further two years. 

Copyright © 2012 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

About the Author

Labor & Employment Practice

The Morgan Lewis Labor and Employment Practice strives for excellence in client service. For more than half a century, our lawyers have helped clients negotiate the ever-changing landscape of federal, state, and local laws that govern the workplace. We get to know you, your business, and your industry, and assist you in devising solutions to employment problems that affect the efficiency and productivity of your workforce.

www.MorganLewis.com
215.963.5000
www.MorganLewis.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.