Written by Luke Dixon

The European Parliament has voted emphatically in support of a report produced by its Civil Liberties, Justice and Home Affairs Committee (LIBE) on the mass surveillance undertaken by the U.S. National Security Agency (NSA) and EU Member States.Big Data In doing so, the Parliament has called for the immediate suspension of the EU-U.S. Safe Harbor scheme, pending a review of how the scheme is conducted.

The scheme allows businesses to self-certify compliance with EU data protection law, thereby legitimizing exports of personal data from the EU to locations in the U.S., where such exports would otherwise be illegal under EU data privacy legislation. The Federal Trade Commission administers and enforces the scheme.
Continue Reading

Written By Luke Dixon, CIPP/E

The UK Information Commissioner (ICO) and Ofcom have published an update on their Joint Action Plan for tackling nuisance calls and messages.

They have identified a number of priority areas for 2014, including: (i) ongoing, targeted enforcement action; (ii) improving the tracing and technical assessment of nuisance calls; (iii) working better with Government to ensure effective coordinated action; and (iv) improving consumer information on how to reduce and report complaints about nuisance calls and messages.

A wide range of sectors generate nuisance calls. Calls regarding Payment Protection Insurance (PPI) claims caused the largest number of complaints (22%), followed by debt management and energy/green energy issues. The updated Joint Action Plan indicates that complaints to the ICO and Ofcom reached a peak in 2013. The number of complaints received in 2014 so far has dropped slightly, but is still quite high.
Continue Reading

Written by Luke Dixon

Recent news on both sides of the Atlantic has included considerable commentary on the issues of data privacy and international data flows. With an important vote on the issue due to take place in the EU Parliament next month, now seems like a good time to bring readers up to date with progress on the proposed draft General Data Protection Regulation (the “Regulation”). This legislation (once adopted by the EU) will provide the superstructure to its approach to the challenges of data privacy in the 21st Century.

The European Commission published its reform proposals for EU data protection law in January 2012. These reforms are intended to replace the current Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “Data Protection Directive” or the “Directive”).

The reforms are chiefly embodied in a draft Regulation which is currently making its way through the EU’s legislative process (albeit not at a breakneck pace). The Regulation is aimed at harmonizing the data protection procedures and enforcement across the whole EU. This should provide a “one-stop shop” for non-EU companies who want to understand their compliance obligations. Under the current Directive, the EU Member States have more scope for interpretation in their national laws, and their implementation of EU law has been more uneven. This note highlights some of the key changes to the present regime that will be introduced if the draft Regulation is adopted in its current form.
Continue Reading