The Data Protection Directive 95/46/EC (“Data Directive”) has formed the basis for the EU’s data protection framework since 1995 (the same year that Amazon.com first went live) and over the subsequent 20 years, a number of industries have been born and new corporate giants have emerged (most notably Google which was founded in 1998 and Facebook which was founded in 2004) where the currency of business is information and the intelligent use of data.
Although the Data Directive has been the data protection vehicle of choice for the EU, its chassis is no longer seen as suitably roadworthy for today’s information superhighway. Likewise, the use of a directive as a legislative mechanism for imposing robust data protection law across EU member states has its critics. Technological advances in e-commerce; social media, mobile, big data and cloud computing show no sign of abating and with these advances comes an increasing demand to better facilitate the free flow of data across jurisdictions.
One Continent, One Law
The EU’s solution takes the form of the new EU General Data Protection Regulation (“Data Regulation”) which is to be finalised before end of the year will transpose a European wide law on data protection and privacy. This Data Regulation will essentially unify the 28 member states approach to data protection without the need for individual member states to implement the Data Regulation into their own laws (a far more powerful approach than implementing another directive as the Data Regulation will have general application and will be directly binding on all member states).
Although immediately applicable to the EU member states and EEA member countries, it is anticipated that jurisdictions currently recognised in the Directive as being equivalent “third countries” (e.g. Switzerland, Isle of Man, Jersey and Guernsey where personal data can flow between the EU member state/ EEA member countries to listed third countries without any further safeguard being necessary) will likely make changes to their respective laws to help ensure that the flow of personal data to those jurisdictions without additional safeguards continues under the Data Regulation…
To read more of this article please access the following website: http://www.pdp.ie/journals/compliance-and-risk-back-issues