Download
eu privacy directive n.
Skip this Video
Loading SlideShow in 5 Seconds..
EU Privacy Directive PowerPoint Presentation
Download Presentation
EU Privacy Directive

EU Privacy Directive

167 Vues Download Presentation
Télécharger la présentation

EU Privacy Directive

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. EU Privacy Directive

  2. What is a directive? • A piece of European legislation, passed by bureaucrats, addressed to member states • Member states must ensure that directives are implemented in their legal systems

  3. The EU Privacy Directive • Passed in 1995 • Operative 10/24/98 • Does not allow transfer of data outside the EU to countries that lack adequate personal data privacy safeguards

  4. Applies to “Data Controllers” • If you operate a Website the collects any personal information, then you are a data controller • This includes “cookies” • Visible collection of data from online users gives rise to argument that user has given consent

  5. Seven Guiding Principles • Notice – users should know data is being collected • Purpose – data should be used only for stated purpose • Consent – no disclosure without subject’s consent • Security – data should be kept secure from abuses • Disclosure – subjects should know is collecting data • Access – review and correction of data • Accountability – collectors of data should be accountable

  6. The Safe Harbor • Benefits • All 27 EU member states are bound • Deemed adequate by EU and data flows will continue • Requirements for prior approval waived • Claims brought by EU citizens generally heard in the U.S.

  7. How To Join • Must certify compliance annually with Dep’t of Commerce • Must state compliance in privacy policy • Can join a self-regulatory privacy program • Develop own self-regulatory privacy program

  8. What do Safe Harbor Principles Require? • Notice • Must notify individuals as to why data is being collected • Must notify about disclosures to third parties • Must describe choices for limiting use and disclosure • Must provide contact information for complaints

  9. Choice and Onward Transfer • Must give individuals a chance to opt out • For “sensitive” information, must require users to opt in • On transfer, written agreements with 3d parties are permitted so long as they certify to compliance

  10. Access and Security • Individuals must be able to access personal info • Must be able to correct or delete personal info • Organizations required to take reasonable measures to protect data • Must be procedures and contacts to fix any problems stemming from noncompliance • Dispute resolution programs (Truste or BBBonline)

  11. Impact • Relatively few U.S. companies have signed up for the safe harbor • Although many companies are coming close to it in any event • EU not enforcing that much – if at all • Companies that do comply have large European presence and large data collection activities or are in eye of European regulators for other reasons • Sort of like the Venus de Milo – Often discussed, much admired, but rarely embraced • All of this could change very fast