This session will provide an update on EU data protection law. In particular, we’ll discuss the status of the draft EU Data Protection Regulation and recent developments related to data transfers to the U.S., with a focus on the U.S.-EU Safe Harbor Framework.
In early 2012, the European Commission proposed a new legal framework for EU data protection called the EU Data Protection Regulation. This landmark proposal aims to replace the existing EU Data Protection Directive 95/46/EC. If adopted, it will affect companies in all sectors, including non-EU companies doing business in Europe. The Regulation has been in the legislative process for two years now and has experienced substantial delay. The last few months have seen many interesting developments.
In parallel, following the recent revelations about law enforcement access to private companies’ data, EU institutions and EU data protection authorities have focused on data transfers to the U.S. and have been challenging the U.S.-EU Safe Harbor Framework. The EU Parliament is about to adopt a resolution calling for the suspension of the Framework and the European Commission has recently issued 13 recommendations to improve the functioning of the Safe Harbor scheme. The lack of certainty around the future of the Safe Harbor Framework and, more generally, the climate regarding data transfers to the U.S. raise uncertainty for companies transferring personal data globally.
Our attorneys will provide a summary of the debate in the EU and an overview of the current trends. We will also provide insight on what we can expect over the next few months.
Our experts will focus on the following topics:
- Where are we regarding the draft EU Data Protection Regulation? What's the expected timeline and outlook? What are the likely trends, why should we care about them, and how will they affect business globally?
- What is currently at the center of the debates in the EU? A focus on data transfer, the U.S.-EU Safe Harbor Framework, and a few select topics of particular importance for businesses (e.g., pseudonymisation, profiling, and one-stop shop principle).
- How can we prepare for the future? What happens if the Regulation is adopted? What if it isn’t adopted? What is the future of data transfers and the U.S.-EU Safe Harbor Framework?