|November 6, 2013|
Previously published on November 1, 2013
The European Parliament’s Civil Liberties Committee (“LIBE Committee”) has finally voted on the European Commission’s proposed EU Data Protection Regulation, approving all of the proposed amendments and adding further, more restrictive provisions.
The main aim of the proposed regulation was to harmonise the existing and differing laws applicable in the various member states such that a company operating in multiple member states could easily ensure compliance. However, this latest approval with additional provisions may make it even more difficult for such a company to achieve the required compliance.
Certain of these additional restrictive provisions are likely to be the subject of further debate and industry objections/lobbying, particularly from US-based companies, such as the prohibition such as the prohibition on multinational companies passing users’ personal data to authorities based outside the EU, unless they receive permission from the relevant authorities in the jurisdiction or satisfy other specified criteria. This provision in particular is clearly evidence of a cautious reaction to the Snowden leaks earlier this year.
The replacement of the “right to be forgotten” with the “right of erasure” which goes further than its predecessor (giving data subjects the right to have their personal data erased where the data is no longer necessary or where they withdraw consent) provides another example of a move towards more stringent regulation of data protection in the EU and is also likely to cause much debate.
A decision on the final text of the Regulation is expected before the end of the current Commission’s term in May 2014.
The Advertising, Marketing and Promotions and Privacy & Data Protection a practices of Edwards Wildman regularly advise clients on advertising and privacy issues.