1 / 17

Data Protection Masterclass: The New Draft EU Data Protection Regulation

Data Protection Masterclass: The New Draft EU Data Protection Regulation. 19 September 2012. EU Data Protection Proposals: Where we are with the Draft Regulation. Data Protection Masterclass London, September 19, 2012 Ann Bevitt & Karin Retzer. How did we get here?.

Download Presentation

Data Protection Masterclass: The New Draft EU Data Protection Regulation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Data Protection Masterclass:The New Draft EU DataProtection Regulation 19 September 2012

  2. EU Data Protection Proposals: Where we are with the Draft Regulation Data Protection Masterclass London, September 19, 2012 Ann Bevitt & Karin Retzer

  3. How did we get here? • Current framework governed by 1995 EU Data Protection Directive • Amendments required to address challenges resulting from globalization and technical advances • Need for greater harmonization across Member States • January 25, 2012 the Commission proposed two new draft laws • Draft Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) • Draft Directive on the protection of individuals with regard to processing of personal data for the purpose of crime prevention and investigation

  4. The Key Players • The European Commission (Commission) • Composed of 27 Commissioners and administrative staff • Proposes draft laws • The Council of the European Union (Council) • Composed of ministerial-level representatives from each EU Member State • Adopts laws, sometimes alone and sometimes jointly with the European Parliament • The European Parliament (EP) • Composed of directly elected members • Adopts EU laws together with the Council

  5. How does it work? • How is the Draft Regulation going to be adopted? • Commission published Draft Regulation and sent it to the EP and the Council • The EP and the Council may propose amendments and work on their own versions of the text • Institutions have regular exchanges to align their position; Commission assists the process • To be adopted Regulation must be jointly approved by the Council and the EP – both must agree on the same text • Will there be any changes to the Draft Regulation before it is adopted? • Changes are very likely because the EP and the Council must achieve compromise

  6. Council’s Position • Formal note from July 2012 includes comments from 20 Member States • Preference for Directive over Regulation – Member States want more for flexibility in their law-making • Call for more clarification on application to organizations established outside the EU and on the place of main establishment • Call for clearer definitions • Criticism of high administrative burdens and unrealistic obligations, in particular breach notification obligations, documentation of processing, mandatory DPOs • Call for revision of mandatory imposition of sanctions

  7. Council’s next steps • Experts from Member States are discussing the Draft Regulation in a dedicated working group • First exchange between ministers due December 6-7, 2012 • Ministers to discuss outstanding issues where the working group cannot reach a common position • Several Member States demand more discussions; adoption of the Regulation (or a Directive) may be a long way off

  8. Parliament’s Position • LIBE • Responsible Committee • Jan Philipp Albrecht • MEP responsible for leading discussions in the EP and preparing EP’s position • Supports Regulation as legislative instrument • Calls for strong rules on DPOs, impact assessments, general data breach notification, DPA powers, and severe sanctions for breaches • Calls for clarification of rules on discovery requests from foreign authorities, profiling of individuals, and technology-neutral rules for data protection by design and by default • Calls for adoption of Draft Regulation and Draft Directive on data protection in criminal investigations in parallel

  9. Parliament’s next steps

  10. Entry into Force • When is the Draft Regulation going to enter into force? • Once adopted, Regulation will not require implementation and will be directly applicable • Regulation provides for transition period of 2 years following publication

  11. Reading Materials • Commission’s proposal for a Regulation • http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf • Commission’s proposal for a Directive • http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52012PC0010:en:NOT • Albrecht’s Working Document • http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&reference=PE-491.322&format=PDF&language=EN&secondRef=01 • Formal Note from the Council July 18, 2012 • http://www.statewatch.org/news/2012/jul/eu-council-dp-reg-ms-positions-9897-rev2-12.pdf • Parliament’s procedure file • http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2012/0011(COD)

  12. EU Data Protection Proposals: The Business Perspective Data Protection Masterclass London, September 19, 2012 Ann Bevitt & Karin Retzer LN/207999

  13. The global dimension • How will the new Draft Regulation affect companies based outside the EU? • Will cross border transfers be easier? • Will BCRs replace the Model Clauses? • Will the Regulation have positive implications for cloud computing? • What about compliance with foreign law obligations, like SOX or FCPA?  What about the foreign discovery process?

  14. Improvements for companies • How might the Regulation improve things for companies? • What about the concept of main establishment? How does it work, and will it apply to non-EU companies? • Will the legal interpretations be more consistent across Member States?

  15. Challenges for companies • So, what challenges and problematic issues does the Regulation raise? • What about the cost of compliance? Will companies have to allocate more resources? • Will companies have to appoint DPOs? • How would the Regulation affect data processors?

  16. Challenges for companies (2) • How about handling HR data? Will it be easier for employers? • Will there be any specific implications for certain sectors? • What does data protection “by design” and “by default” mean in practice? • Will all data security breaches need to be notified? What about breaches by non-EU companies?

  17. Contacts Ann Bevitt Partner, London 44 20 7920 4041 abevitt@mofo.com Karin Retzer Partner, Brussels 32 2 340 7364 kretzer@mofo.com

More Related