Big Changes Coming in EU Privacy Law

The European Union is about to make major changes in its privacy law that will have a significant impact on U.S. companies that do even modest amounts of business in Europe. On January 25, 2011, the European Commission (the EU’s executive branch) released a long-awaited Draft Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (pdf).

While it will likely be a year or more before a final regulation takes effect, and there will almost certainly be amendments along the way, American companies – including those involved in the field of personalized medicine, where personal data is paramount by definition – should start paying attention now, since they may have to change the way that they do business in Europe.

We will provide a more detailed analysis of the Draft Regulation at a later date. In the meantime, here are some of the key issues we are examining:

These are just a few of the more important features of the 96-page, 91-Article Regulation.

Elsewhere, the Draft Regulation would create other new rights and responsibilities and reaffirm and/or strengthen many provisions of existing law, including the current restrictions on transferring data outside of the EU. Ironically, the Draft Regulation notes that the “practical challenges to enforcing data protection legislation” across boundaries and the “risk of different levels of protection…creat[ing] restrictions on cross-border flows of personal data” between jurisdictions. While the Draft Regulation may ease some of these concerns within the EU, global companies seeking to move personal data in and out of the EU face a different calculus.

The draft must now be reviewed by several Directorates of the EU Commission before being submitted for review and approval by the Parliament and Council. But while full implementation will take some time—more than a year in most estimates—the proposed changes are so dramatic and far-reaching that U.S. companies doing business in Europe will require at least that much lead time to plan their compliance.

Filed under: General Interest, Industry News, International Developments, International News, Legal & Regulatory, Pending Regulation, Privacy
Tags: , , , , , ,

Comments

2 Responses to “Big Changes Coming in EU Privacy Law”