The General Data Protection Regulation (GDPR) was recently approved by the 28 member states of the Council of European Union. By plenary vote, the European Parliament approved GDPR on April 14.

The GDPR will take effect two years after publication in the E.U. Official Journal, which is expected to be in May.

The GDPR, which strengthens and updates privacy protections for E.U. citizens has been three years in the making.  Many hope it will create a standard for privacy protection across the E.U. rather than the patchwork of member state law that exists today even beyond the existing E.U. privacy directive, known as Directive 95/46/EC. For the two-year period until the GDPR takes effect, the E.U. would transition from Directive 95/46/EC into GDPR.

Meanwhile, although the European Commission issued an initial decision finding the U.S. Privacy Shield adequate to protect the privacy of E.U. citizens, more recently, a group of E.U. privacy regulators known as the Article 29 group recently expressed their opinion that Privacy Shield failed to adequately protect the mass collection of E.U. citizens’ data from US government surveillance. The Article 29 working group also expressed concerns about whether U.S. ombudsman, will have the power and independence from the U.S. government to hear and manage complaints from European officials, businesses and individuals.

The Article 29 Working Group’s opinion is expected to be considered by national data regulators within each member state and by the European Commission.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.