Tag Archives: European Union

The EU-U.S. Privacy Shield: feedback, and potential EU recognition of privacy laws of California and other U.S. states?

Background On October 23, 2019, the European Commission (EC) released its report on a third annual review of the EU-U.S. Privacy Shield. While the report confirms that the U.S. continues to provide an adequate level of protection for personal data transfers in the context of the Privacy Shield, there are some gaps between the expectations … Continue Reading

EU Cybersecurity Act gets the green light!

On 7 June 2019, Regulation (EU) 2019/881 on ENISA (the European Union Agency for Network and Information Security) and on information and communications technology cybersecurity certification, also known as the Cybersecurity Act, was given the final go-ahead and published in the Official Journal of the European Union.  The Cybersecurity Act will come into force on 27 … Continue Reading

The European Parliament adopts first stance to proposed EU Cybersecurity Act

On 12 March 2019, the European Parliament issued its first position on the text proposed by the European Commission for a Regulation of the European Parliament and of the Council on ENISA (the European Union Agency for Network and Information Security), also known as the EU Cybersecurity Act. Initiatives to build strong EU-wide cybersecurity The … Continue Reading

Informal agreement reached on EU cybersecurity proposal

On 10 December 2018, the European Parliament, the Council of the European Union, and the European Commission reached agreement on the cybersecurity proposal put forward by the Commission. The aim of the Commission’s proposal is to build strong cybersecurity standards in the EU, allowing the EU to become a global leader in cybersecurity. The proposal … Continue Reading

A new deal for consumers: EDPS publishes Opinion

The European Data Protection Supervisor (EDPS) published an Opinion on 5 October 2018 regarding the European Commission’s legislative package “A New Deal for Consumers”. In the Opinion, the EDPS calls for closer alignment between consumer and data protection rules in the EU. Background The Commission’s package, adopted earlier this year, includes two legislative proposals: (1) … Continue Reading

The Data Protection Directive Is Dead! Long Live the General Data Protection Regulation!

After four years of protracted discussions and negotiations, the General Data Protection Regulation (the “GDPR”) gained final approval from the European Parliament 14 April. It will enter into force 20 days after publication in the Official Journal of the European Union (expected imminently), and it comes into force two years after that date – i.e., … Continue Reading

European Union harmonizes the approach to sentencing cybercriminals

This post was written by Cynthia O’Donoghue. In early July, the European Parliament adopted a new directive harmonizing the criminal laws relating to cyberattacks (Directive). It will replace the current nonbinding agreement between EU countries from 2005 (Framework Decision 2005/222/JHA). The Directive aims to harmonise the approach to cybercrime, by requiring all Member States to … Continue Reading

ENISA Cybersecurity Annual Report

ENISA, the European Union Agency for Network and Information Security, issued its Annual Incidents Report 2012. The report has been issued under Article 13a of the Common Regulatory Framework Directive (1009/140/EC) for electronic communications networks and services. The report highlights that 18 European Union countries reported 79 significant incidents during 2012. Only 9 countries reported … Continue Reading

UK Court of Appeal upholds two-year sentence for cybercriminal

This post was written by Cynthia O’Donoghue. The UK Court of Appeal, R v Martin [2013] EWCA Crim 1420, dismissed an appeal against a two-year prison sentence for various cybercrimes by the appellant, Lewys Martin. Martin previously pleaded guilty to various breaches of the Computer Misuse Act 1990. Martin was then convicted and sentenced to … Continue Reading

U.S.-EU Safe Harbor Under Fire

As part of an on-going debate on the European data protection reform, doubts were cast over the adequacy of the Safe Harbor arrangements with the United States. Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, called the 13-year-old data-sharing agreement between the EU and the United States a potential “loophole for data … Continue Reading

EU Article 29 A29WP publishes new BCR guidance for processors

The European Union (EU) data protection body, the Article 29 Working Party (A29WP), in April adopted new guidance on Binding Corporate Rules for Processors (BCPRs). The document supplements the opinion from June 2012, which listed elements required for valid BCPRs, by further clarifying what provisions and mechanisms must be included before BCPRs can be authorised. … Continue Reading

EU Article 29 Working Party criticises the proposed Data Protection Impact Assessment templates for smart-meters

This post was written by Cynthia O’Donoghue. The Article 29 Working Party (A29WP) adopted the Opinion on Data Protection Impact Template Assessment for Smart Grid and Smart Metering Systems (Opinion), which evaluates the Privacy Impact Assessment (PIA) template that the member states intend to adopt. The PIA, which was prepared by industry representatives, seeks to … Continue Reading

APEC’s Cross-Border Privacy Rules begin to gain momentum

This post was written by Cynthia O’Donoghue. In February 2013, Mexico became the second approved participant in the Cross-Border Privacy Rules (CBPR) programme – a system for convenient cross-border data transfers introduced in 2011 by the Asia-Pacific Economic Cooperation (APEC). At the same time, APEC and EU Data Protection Authorities (DPAs) plan to create a … Continue Reading

The Article 29 Working Party tackles the most contested elements of the new Data Protection Regulation

This post was written by Cynthia O’Donoghue. The Article 29 Working Party (“Art. 29 WP”), which has already released two opinions (WP191 and WP199) regarding the draft General Data Protection Regulation (“Regulation”), issued a statement and two accompanying annexes addressing some of the most heavily debated elements. This statement addresses relaxation of rules for the … Continue Reading

ECJ to weigh in on Spanish contest with Google over the application of data protection laws

As Google continues its legal battle with the Spanish Data Protection Authority (DPA), the Spanish High Court (Audiencia Nacional) has referred several questions to the European Court of Justice (ECJ). The questions cover whether individuals have the right to demand the removal and blocking of information contained within Internet search results, even though that information … Continue Reading

EU member states argue for watering down the proposed Data Protection Regulation

The proposed new EU General Data Protection Regulation may need to be watered down. The far-reaching proposed draft, which was published in January 2012, aims to unify and strengthen the data protection laws across the 27 EU countries. However, the Financial Times reports that a memo drafted by the Irish presidency admits that “several member … Continue Reading

European Parliament Committee on Industry, Research and Energy publish opinion on the proposed General Data Protection Regulation

This post was written by Cynthia O’Donoghue. Following the lead of the Committee on Civil Liberties, Justice and Home Affairs (LIBE), which already released its draft report (see our prior blog) 20 February, the European Parliament Committee on Industry, Research and Energy (ITRE Committee) published its Draft Opinion on the proposed General Data Protection Regulation. … Continue Reading

UK Information Commissioners Office presents article-by-article analysis of the proposed new General Data Protection Regulation

Following the publication of its “further thoughts” on the European Commission’s proposed new data protection framework, the ICO has now published an in-depth, article-by-article analysis of the proposed General Data Protection Regulation (the Regulation). The ICO pointed out that this is an important opportunity to get the framework correct, as it is likely to remain … Continue Reading

EU and U.S. sign joint declaration to make Internet safer for children

EU Commission Vice-President Neelie Kroes, responsible for the Digital Agenda for Europe, and U.S. Secretary of Homeland Security Janet Napolitano, have signed a joint Declaration to “work collectively and in partnership to reduce the risks and maximise the benefits of the Internet for children.” The declaration demonstrates a mutual recognition by the United States and … Continue Reading

Rapporteur Jan Philipp Albrecht presents report on the European Commission’s proposed Data Protection Regulation

On January 10, 2013, Jan Philipp Albrecht, the rapporteur to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”), presented his draft report (the “Report”) proposing amendments to the European Commission’s proposed Data Protection Regulation (the “Proposed Regulation”). Albrecht’s amendments to what was already a complex and prescriptive piece of draft legislation … Continue Reading

The European Network and Information Security Agency (ENISA) publishes report on the ‘Right To Be Forgotten’

The “right to be forgotten” as contained in the EU Commission’s Proposed Data Protection Regulation (Proposed Regulation), enhances the existing right to data erasure obligation by including an obligation on data controllers that have personal data public, to inform third parties on the data subject’s request to erase any links to, or copy or replicate … Continue Reading

The Council of the European Union issues suggested amendments to the Proposed EU Data Protection Regulation

This post was written by Cynthia O’Donoghue. The Council of the European Union has published a new review detailing comments on the draft proposal for a General Data Protection Regulation (“Draft Regulation” or “Regulation”). Building on comments made in the DAPIX document, the review contains comments from each EU Member State with suggested changes to … Continue Reading

US wades into debate on revision to EU Data Protection Directive

This post was also written by Nick Tyler.  The U.S. Federal Trade Commission (FTC) has waded into the political debate with an Informal Note on the draft EU Data Protection Regulation as reported by Statewatch. In addition, Digital Civil Rights in Europe has reported that the U.S. Department of Commerce engaged in significant lobbying of the European … Continue Reading