From Europe’s Privacy Regulators, Big Penalties But No Rules
June 16, 2016
With the current state of European privacy regulations, American firms must make additional efforts with their contracts and guarantees of personal data protections to satisfy their European customers. Most previous deals were completed within the context of the Safe Harbor, but last October a European high court invalidated this long-standing agreement that allowed U.S. businesses to self-certify their protocols for handling Europeans’ personal data. That sent U.S. and European officials scrambling to hammer out a replacement agreement. The now proposed E.U.-U.S. Privacy Shield was submitted in February.
As currently written, the Privacy Shield would require companies to have an established policy that commits to the principles of the agreement. It would also require modifying, updating or creating contracts with any third-party that will come into contact with a European’s data. The contracts must stipulate how the data will be protected under the provisions of the Privacy Shield, and summaries of those contracts must be made available to regulators.
The problem is that the agreement has yet to be ratified by each of Europe’s 28 data-protection agencies, and these regulators don’t seem inclined to agree with many of the Privacy Shield’s provisions.
In April, the European Parliament approved a new General Data Protection Regulation that will go into force in 2018. These laws include even more stringent protections for Europeans’ data. They also include the so-called “right to be forgotten” provision, requiring companies to delete data of Europeans who request anonymity.
Read full article at:
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.