2. PRIVACY LAWS IN EUROPE
www.seersco.com
1. Data Protection Directive 1998 95/46/EC
2. ePrivacy Directive 2002/58/EC
3. General Data Protection Regulation 2016/679
4. ePrivacy Regulation (proposed)
5. The Police Directive 2016/680
6. ISHPP - International Safe Harbor Privacy
Principles
7. EU-US Privacy Shield
3. 1. Data Protection Directive 1998 95/46/EC
www.seersco.com
It was Adopted in 1995 and transposed into National laws before 24 October 1998.
Under Data Protection Directive:
• Each Member State is required to set up a supervisory authority.
• Organisations processing personal data will register themselves with the
supervisory authority of their Member State.
4. Conditions of Data Protection Directive
www.seersco.com
• Transparency
• Legitimate Purpose
• Proportionality
5. Transparency
www.seersco.com
1. The data controllers must inform the data subjects about their data being processed.
2. They also have to provide their identity and contact details.
6. Legitimate purpose
www.seersco.com
Organisations can process personal data only for purposes that are:
• Specified, Legitimate and explicit.
• Ensure the integrity and confidentiality of personal data.
• Give protection from misuse.
8. General Data Protection Regulation
www.seersco.com
• GDPR stands for Generation Data Protection Regulation. it was promulgated in 2016 and enforced on 25
May 2018.
• The purpose of GDPR is to harmonise of data protection law and free movement of data across EU.
• Non-compliance with GDPR will result in fines of up to € 20 Million or 4% of annual global turnover.
9. General Data Protection Regulation
www.seersco.com
• GDPR has seven principles of data protection:
Lawfulness, fairness, and transparency of processing
Purpose Limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
10. 2. ePrivacy Directive 2002/58/EC
www.seersco.com
The ePrivacy Directive addresses the requirements of new digital technologies.
Issues:-
• Confidentiality of information
• Treatment of traffic data
• Spam and Cookies
11. 3. ePrivacy Regulation proposal
www.seersco.com
It was published in January 2017. The ePrivacy regulation deals with the protection of
personal data in electronic communications:
• Web
• Internet (email, apps, you name it)
• Telephone
• Instant Messaging
• OTT service (Skype, Whatsapp)
• IoT
12. 3. ePrivacy Regulation proposal (Continued…)
www.seersco.com
It Covers:
1. Spam
2. Direct marketing
3. Telecommunication firms
4. Mobile app developers
5. Online advertising networks
6. The IoT (Internet of Things)
13. 4. The Police Directive 2016/680
www.seersco.com
It Deals with the protection of personal data.
The police directive ensures that the personal data of following are protected:
1. Victims
2. Witnesses
3. Suspects of the crime
14. 5. International Safe Harbor Privacy Principles
www.seersco.com
EU privacy laws do not allow to transfer the data outside of the EU unless
destination have that level of privacy protection.
Safe Harbor established in 2000 was an agreement between:
1. The United States Department of Commerce
2. The European Union
15. Principles of ISHPP
www.seersco.com
1. Enable the tech giants like such as Facebook to self-certify.
2. In 2015,the European Court of Justice rescinded the Safe Harbor agreement
and ruled that this agreement "was invalid in light of what the court deemed
insufficient U.S. privacy protections.“
3. Now tech giants want to transfer Europeans’ personal data to U.S.(EU data
protection rules have that level of protection)
16. 6. EU-US Privacy Shield
www.seersco.com
Adopted on 12 July 2016 to replace Safe Harbor and became operational on 1st August 2016
The agreement represents cooperation between:
1. E.U. DPA
2. The U.S. Department of Commerce
3. The Federal Trade Commission (FTC)
17. Provisions of EU-US Privacy Shield
www.seersco.com
1. Time frames for responding to individual and E.U. Data Protection Authority complaints.
2. Assistance with privacy policies for companies in either country handling private data of E.U.
citizens.
3. Legal remedies for E.U. citizens’ privacy complaints.
4. The members submitting to the framework must provide an independent system for complaint
and dispute resolution and present links to Data Protection Authorities (DPA) and the U.S.
Department of Commerce and include these complaint processes in their online privacy
statements.
5. It also includes safeguards on US government access to the data of EU individuals.
6. US companies dealing with data from E.U. individuals must apply to the U.S. Department of
Commerce for self-certification. Members of the EU-US privacy shield framework are required
to state their adherence to the Privacy Shield Principles, making the commitment enforceable
under law.