){kind=logo}
Planned changes to the European Union's Data Protection Directive (EU Directive), some of which are directed at non-EU companies, may significantly impact how U.S.-based entities that interact with EU consumers can collect, store and use consumer data.
In a statement Justice Commissioner Viviane Reding, Vice President of the European Commission, advised that the European Commission plans to reveal its proposal for revising the EU Directive by the end of January 2012. Following a meeting with German Federal Minister for Consumer Protection, Ilse Aigner, in Brussels to discuss strengthening the EU's data protection rules, Reding and Aigner issued a joint statement about the proposed revisions - including provisions explicitly requiring compliance from non-EU companies.
The revised EU Directive will give consumers more control over their personal data, including requiring explicit user consent before companies can use data and giving consumers the right to delete data, especially data they posted themselves, otherwise known as the "right to be forgotten." The proposed changes also will likely include increased transparency for data processing - providing greater information about when and how data is collected, stored and used, and making it easier for consumers to indicate their privacy preferences.
In their joint statement, Reding and Aigner indicated that the revised EU Directive will contain provisions requiring non-EU companies to abide by the EU's stricter rules on data collection, or face fines and prosecution. "We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a 'cloud'." In the past, Reding has been critical of the data collection and protection practices of non-EU-based social networking companies.
The European Parliament and the Council of Ministers must approve any changes to the EU Directive, including any new penalties for violations, that the Commission proposes.
This client alert is a publication of Loeb & Loeb LLP and is intended to provide information on recent legal developments. This client alert does not create or continue an attorney client relationship nor should it be construed as legal advice or an opinion on specific situations.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.