Big Changes Likely in EU Data Privacy Laws
The Department of Commerce is not the only entity paying close attention to EU activities with respect to privacy protection. MPA and other affected industries are engaged in a careful review of the proposed European Commission regulation, introduced January 25. Currently, the EU is operating under a data protection directive adopted in 1995, under which each EU member state was required to enact data privacy laws that met the minimum requirements of the directive. Finding that the directive did not achieve its goal of a unified EU data protection regime, the new proposal is set up as a regulation that would apply to all member states. US industries are focused on several elements of the European proposal: the right to be forgotten; right of portability; data breach notification within 24 hours; broad definition of personal data; definition of a child as anyone under 18.