E-Commerce Law Week, Issue 693February 4, 2012
EU Seeks To Pump Up Data Protection
The European Commission officially released draft data protection rules that would overhaul the 16-year-old data protection framework currently in place throughout the European Union. As we reported last month when working versions of the rules were leaked, the proposed framework comprises two new instruments – the General Data Protection Regulation and the Police and Criminal Justice Data Protection Directive – designed to address data protection challenges posed by new technologies. If adopted, the General Data Protection Regulation would replace the current Data Protection Directive and would harmonize the data protection laws of all 27 EU member nations, as the new Regulation would be directly applicable throughout the EU. That sounds like a good objective. The problem for businesses is that the new Regulation would impose significant new burdens on them, such as requiring that data subjects “opt-in” to most data processing and mandating that data subjects and regulators be notified of a breach within 24 hours. The Commission’s proposals have now been passed on to the European Parliament and individual EU Member States for discussion. The rules would take effect two years after they have been adopted.
French Court Narrows The Scope Of Immunity For Websites
A French court of appeals has ruled, in Jean-Marc D. vs. JFG Networks, that a blog site was not immune from liability for violations of France’s data privacy statute. Although EU and French law provide immunity to websites that host third-party content, the court held that the immunity was not applicable to the blog site because the site was not a passive, technical service but actively collected and processed bloggers’ personal information. The decision, if sustained, could have significant repercussions for websites that rely on third-party content and greatly narrow the scope of immunity provided under French law, and possibly under EU law generally if the French approach is adopted elsewhere.
U.S. Government Wants To Secure The Cloud
The National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, last month released its finalized set of working guidelines for managing security and privacy issues in cloud computing. The 80-page special publication, Guidelines on Security and Privacy in Public Cloud Computing, outlines considerations government organizations should take when outsourcing data, applications, and infrastructure to cloud providers. Though the guidelines were prepared for use by federal agencies, NIST’s guidance may prove useful for companies that want to move some of their data operations to the cloud.
Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.