Unlike in other fields, such as Competition law, there is no pan-European regulator to oversee compliance with
EU data protection rules in multi-jurisdictional investigations.
In addition, ahead of the arrival of the EU's
new data protection rules in May, the data regulator says it has overseen a new «user engagement flow» that Facebook intends to roll - out.
Google argued that it was neither established in Spain nor making use of equipment in Spain and therefore did not fall within the scope of Spanish
data protection rules in this context.
«Sometimes you have large companies that have established relationships with customers for a long time, and
with data protection rules coming in on top of that, the information about that consumer then stays with the large established firm,» she explains.
Among the many provisions of the new
European data protection rules announced Tuesday is one that blocks anyone under 16 from using any service that collects data about them, unless their parents formally agree to it.
Consider whether any protected data is likely to be involved — an estimation of the types and character of the data (whether it falls within the scope of EU
data protection rules as it relates to an «identifiable person»; whether the data concerned is «sensitive data»).
But the wider aim is for the regulation to harmonize as much as possible
data protection rules across all Member States to reduce the regulatory burden on digital businesses trading around the bloc.
The information is typically protected
by data protection rules and is zealously guarded by political parties, who do not like pollsters and journalists sniffing around their membership for changes in mood.
The incoming
data protection rules apply to both data controllers (i.e. entities that determine the purpose and means of processing personal data) and data processors (entities that are responsible for processing data on behalf of a data controller — aka subcontractors).
On 2 April 2013, Data Protection Authorities (DPAs) in six EU Member States (France, Germany, Italy, the Netherlands, Spain and the United Kingdom) announced the launch of an official investigation regarding the compliance of Google's revamped privacy policy with
national data protection rules.
But the wider aim is for the regulation to harmonize as much as
possible data protection rules across all Member States to reduce the regulatory burden on digital businesses trading around the bloc.
Whenever there is this level of customer data collection, there are questions about data privacy, especially with EU GDPR
data protection rules on the horizon.
The EU is preparing to launch tough new
data protection rules next month, under which companies could be fined up to four per cent of their global turnover for breaches.
If data is located in a jurisdiction with
strict data protection rules, such as Switzerland or Germany, it may prove impossible to move that data to another jurisdiction with more relaxed requirements, unless an accepted regulatory framework is in place that addresses those differences.
Under
current data protection rules, users can make a Subject Access Request to individual firms to find out how much information they have on them.
GDPR will
codify data protection rules for all companies that collect data from EU citizens while greatly expanding individuals» control over how and when their personal data is collected and used.
The legal landscape is different in Europe and will be even more different in May, when the European Union's
General Data Protection Rule takes effect.
This includes the impending installment of Data Protection Officers for all enterprises that possess «special categories» of data, including health data, to ensure that personal information is processed in compliance with the
applicable data protection rules.
Health bosses accused of covering up failures at a hospital which led to the deaths of 16 babies were named today, after a protracted battle
over data protection rules.
Its set to replace the DPA, making radical changes to many
existing data protection rules and regulations that schools among other academic and educational establishments currently adhere to under the DPA.
The Bar Council is launching a programme to help barristers comply with new
data protection rules due to take effect next year.
He interpreted this (pragmatic) finding of the Court as a rejection of a «maximalist approach» to data protection rules [79].
Otherwise, while the conclusion reached by the Advocate General is undoubtedly a pragmatic one and might be viewed as
keeping data protection rules within sensible limits, his reasoning may prove to be problematic.
«When it comes to non-digital marketing,
data protection rules still require that anyone processing personal data must have a «legitimate interest» for doing so.
Mark is also known as an expert in the field of electronic disclosure and document review and the related practical and legal issues (including privilege,
cross-border data protection rules and privacy regulations).
EU
data protection rules aim to protect the fundamental rights and freedoms of natural persons, and in particular the right to data protection, as well as the free flow of data.
The EU also has a major update to its data protection framework incoming, the GDPR, which will apply from May 25 — and which ramps up the liabilities for companies
ignoring data protection rules by bringing in a new penalty regime that scales as high as 4 % of a organizations global turnover (for Facebook that could mean fines as large as $ 1.6 BN, based on the ~ $ 40.6 BN it earned last year — per its 2017 full year results).
In analyzing how European privacy and
data protection rules apply to these different situations, how should we think about the example cases of e-discovery in the context of FCPA?