EU Passes Sweeping New Privacy and Data Security Laws
European Parliament today voted into law a new General Data Protection Regulation (“GDPR”) that will replace the EU’s all-encompassing Data Protection Directive as of mid-2018.
Today’s vote brings to a close a legislative process that has lasted nearly five years; the law’s official publication, which should be forthcoming, will start the clock on a two-year transition period until the new rules take effect.
The GDPR was approved by the European Parliament today as part of a contentious package of laws that also includes a new Passenger Name Records (“PNR”) Directive, aimed at wider collection and sharing of traveler data for counter-terrorism and crime prevention purposes; and a Policing and Criminal Justice Data Protection Directive (“PCJ DPD”) that will regulate law enforcement agencies’ use of personally identifying information.
The Parliament’s approval of the PCJ DPD enshrines it into law, while the PNR Directive still requires, as a mere formality, approval by the Council of the EU. Both laws are also scheduled to take effect in mid-2018.