First self-certifications accepted under Privacy Shield; EU Commission considers extension of telecommunication rules to apps.

U.S. Department of Commerce accepts first bunch of self-certifications under Privacy Shield

About 2 weeks after the announced start of the certification procedure under the “EU-U.S. Privacy Shield” (‘Privacy Shield’) on August 1, 2016, the U.S. Department of Commerce (‘DoC’) has officially granted certification status to a first set of approximately 40 U.S.-based multinational companies. According to a DoC spokesperson, “nearly 200 additional certifications” are still pending and hundreds more are expected in the next few weeks.

According to the publicly accessible Privacy Shield list, companies already approved under the new framework are predominantly major U.S. tech companies, such as i.a. Microsoft Corporation and Salesforce.

Companies which have not yet registered, but plan to do so, should consider signing up within the next 1 ½ months: for those submitting their certification until September 30, the DoC grants a grace period of 9 months from the date of certification to meet the necessary compliance requirements.


Continue Reading

EU Commission publishes first results of consultation of e-Privacy Directive; Irish DPA issues Guidance on Location Data.

European Commission publishes summary report on consultation of e-Privacy Directive

On August 4, 2016, the European Commission has published a first summary report on the public consultation on the evaluation and review of the e-Privacy Directive (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), also known as ‘e-Privacy’ or ‘Cookie’ Directive.

Two weeks ago, on July 19, 2016, the Article 29 Working Party, an EU advisory body comprised by representatives of the national Data Protection Authorities, had also published a detailed opinion on this issue.

The ‘e-Privacy Directive’, which contains specific rules relating to the processing of personal data in the e-Communications sector, needs to be adapted to the new European General Data Protection Regulation (‘GDPR’), which will replace the former EU Directive 95/46/EC as from May 25, 2016. The GDPR aims to ensure modernized rules and increased harmonization for Privacy in Europe and is part of the European Commission’s Digital Single Market (DSM) Strategy.

The 421 stakeholders in the consultation, of whom more than ¼ are situated in Germany, agree with a vast majority of 83% that specific privacy rules for e-Communication are useful to ensure the confidentiality of communications. In addition, 76% of respondents believe that the Directive should as well apply to so-called ‘over-the-top’ service providers (OTT), when offering VoIP services or instant messaging. However, more than ¾ of the respondents also said that until now, the Directive has achieved its aims only to a limited extent, due to – among others – too little enforcement and compliance pressure.

The Commission’s conclusions drawn from the consultation, as well as proposals on how to adapt the Directive are expected to be released later this year.


Continue Reading