September 30, 2020

Volume X, Number 274

September 30, 2020

Subscribe to Latest Legal News and Analysis

September 29, 2020

Subscribe to Latest Legal News and Analysis

September 28, 2020

Subscribe to Latest Legal News and Analysis

EU Poised to Formally Adopt New Data Protection Regulation

After three months of legal-linguistic checks and translations, the European Union is poised to formally adopt the new EU General Data Protection Regulation (GDPR) and its sister law, the EU Policing and Criminal Justice Data Protection Directive (PCJ DPD).

Documents recently released by the Council of the EU (available here and here) suggest that the Council will vote to endorse final texts by the end of this week (Friday April 7, 2016), before passing them on for approval by the European Parliament during next week’s plenary sessions (April 11-14, 2016).

The GDPR will take effect twenty days from its post-vote publication in the Official Journal, triggering a two year transition period before its full entry into force.  At that point it will sweep away the current EU Data Protection Directive (95/46/EU), which has served as the main instrument of EU privacy law for almost two decades.

Unlike the Directive, the GDPR will for the most part have direct effect throughout the EU, without requiring implementation into national laws.  Nevertheless, the next two years are likely to see substantial further legislative and rulemaking activity at EU and national level.

The GDPR allows for substantial national deviations in a number of important areas, so in addition to amending or repealing their existing legislation and guidance in order to comply with the new GDPR, Member States will also be working to finalize their positions on key issues such as workplace privacy, healthcare services and biomedical research.

The European Commission and a new European Data Protection Board, meanwhile, will play important roles as the source of further implementing guidance and rules, and approving certification schemes and industry codes of conduct.  Later this year, the European Commission is also expected to launch a revision of the E-Privacy Directive, which imposes additional privacy rules for telecommunications, marketing and digital services.

© 2020 Covington & Burling LLPNational Law Review, Volume VI, Number 97


About this Author

Philippe Bradley-Schmieg, Covington Burling, Data privacy and cybersecurity attorney

Philippe Bradley-Schmieg's practice covers a range of regulatory and commercial matters affecting the IT, internet media, e-health and telecoms sectors across the world.

Mr. Bradley-Schmieg advises on legislation, enforcement, advocacy and contracts relating to privacy, data protection, consumer protection, intermediary liability, copyright and databases, Big Data, medical confidentiality, cybersecurity, law enforcement data requests, and smart medical devices and apps.