The legal basis for privacy and data security in the EU is set out in Directive 95/46/EC, known as the Data Protection Directive, which was issued in October of 1995. EU member states were required to enact laws to carry out the Directive. The main purpose of the Directive is twofold. First, it aims to protect individuals' personal data. Second, it seeks to ensure that the securities and protections afforded to individuals do not restrict the ability to process or exchange economically critical data between the member states. While the specific laws for each member state differ, the Directive serves as the primary guidance for all the laws. In other words, member states may have more stringent interpretations of the Directive, but they cannot be less stringent than the requirements outlined in the Directive. There are significant differences across the EU member states in their data protection laws and in the practice of their respective national regulators, as not all aspects of data protection law are harmonized. Therefore, when a data protection issue occurs, particularly one which affects several member states, it may be dealt with differently under each national law. This course addresses EU privacy laws at the level of the Directive and provides several examples of the specific approaches taken by certain member states.
This course was developed with subject matter support provided by Gordon Dadds LLP. Please note, however, that the course materials and content are for informational purposes only and do not constitute legal advice and may or may not reflect the most current legal developments. Nothing herein, or in the course materials, shall be construed as professional advice as to any particular situation or constitute a legal opinion with respect to compliance with legal statutes or statutory instruments. Gordon Dadds LLP accepts no responsibility for their contents and the reliance on the contents is prohibited and at the user’s risk. Transmission of the information is not intended to create, and receipt does not constitute, a solicitor-client relationship. Readers should not act upon this information without seeking independent legal advice.Learning Objectives
- Identify types of information that are covered by the Data Protection Directive and which therefore must be protected
- Identify data processing activities that are restricted by the Data Protection Directive
- Identify general rules related to the processing of personal data
- Recognize the rights individuals have related to accessing information about the way their personal data is being used
- Describe the requirements for the transfer of personal information to non-EU countries