Data Protection & Privacy
US and EU privacy approaches dramatically diverges. While Europe has developed a general data protection law, which comprehensively regulates the collection, processing, transfer, and deletion of data, the U.S. does not. At the federal level, the approach to data protection is “sectorial” and concerns only certain industries, while at a state level, even if most states have enacted some form of privacy legislation, this legislation is generally limited to data breach.
The EU current framework for the protection and processing of personal data is Directive 95/46/EC but from May 2018, data protection will be governed by a new legal framework for the protection of personal data (“Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”), the GDPR, which – for several reasons – contains dramatic innovations (e.g., data breach notification, data portability, impact assessment obligations).
Under the GDPR, any organization (independently from where it is based) “targeting” Europe (i.e., offering products or services to EU citizens through a website) or monitoring EU citizens’ behavior will be subject to EU Data Protection law. Article 3 GDPR.
Our law firm can advise – when appropriate in association with local counsel – on Directive 95/46/EC and on the new GDPR.
We can also advice clients on the “right to be forgotten” coming from ECJ decision’s Google v AEPD and on the Privacy Shield.
Our firm can also advise clients and attorneys on the privacy implications (and problems) of e-discovery. We can advise multi-jurisdictional law firms and other organizations on ethical and privacy aspects of the adoption of cloud (see on this: Nathan M. Crystal & Francesca Giannoni-Crystal, Reconciling US and EU Approaches to Cloud Contracts, 22 PL&B International, October 2014, Issue 131, www.privacylaw.com; Nathan M. Crystal & Francesca Giannoni-Crystal, “Something’s got to give” –Cloud Computing, as Applied to lawyers – Comparative Approach US and EU and practical proposals to Overcome Differences, Opinion Juris in Comparatione, Vol. I, n.I, 2014 (available at http:// opinionjurisincomparatione.org).
As for the privacy law of other countries, we can refer clients to – and then help coordinate with – local counsel.
For more information, contact Francesca Giannoni-Crystal.
For our American privacy and data breach services, read here and contact Allyson Haynes Stuart.