InfoBytes Blog
EU Commission Officially Releases Proposed Replacement for Data Protection Directive
On January 25, the European Union Commission officially released a proposed Regulation designed to update and replace the 1995 Data Protection Directive and national laws issued under that directive. This proposal is designed as a regulation rather than a directive, allowing it to take effect without national implementing legislation. Instead, the proposal will be submitted to the European Parliament and member states for adoption and would become effective two years after adoption. Notably, the proposed Regulation contains a "right to be forgotten" provision, which provides individuals the right, under certain circumstances, to seek the erasure of personal data and a halt to further dissemination of such data. Other provisions of the Regulation would (i) require explicit data subject consent for processing, where previously consent could be inferred in some cases; (ii) require data breaches to be reported to the national supervisory authority and, in certain cases, to the data subject; and (iii) provide data subjects the right to file complaints with national data protection authorities and seek judicial remedies, including damages, for violations of the Regulation. An earlier unofficial draft of this regulation was reported in InfoBytes, December 23, 2011. The two proposals are substantially similar, though the officially released version does lower the limits for penalties under the Regulation.