Thu, Sep. 28, 2017
Privacy: Data Collection, Storage, Use, Sharing and Loss
CK - Washington. The continued Equifax data breaches that by now affect half the American population puzzle consumers who do not know if their financial and personal data are lost. By contrast, Germans and most Europeans benefit from data transparency laws designed to protect their privacy and guide all who commercially collect, store, massage and share data. A new European data directive, effective May 25, 2018, governs rights and obligations relating comprehensively to such data activities.
Consumers will receive detailed information on the intended activities when granting companies access to their data. They will receive additional disclosures after a company stores data and intends to use it for other than the original purposes. Disclosures to consumers must be clear and intellible for a lay person. Technical or legal jargon incomprehensible to average consumers will be outlawed: The binding regulation even suggests 15 words per sentence, separated by not more than one comma. Information must be provided free of charge to the person who owns it. That alone is a far cry from the practices of some American data hoarders who persistently ignore what a Secret Service director advised more than a decade ago: Don't hoard data because they leave you and all Americans vulnerable.
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known in German as Datenschutz-Grundverordnung, lists information and reporting requirements and may increase burdens on entities that process personal data in any way. The above disclosure requirements may be more difficult than some of the other obligations, but entities with prior exposure to the data protection directive 95/46/DC which will expire can build on their experience.
Art. 21 defines a consumer right to object meaningfully to the collection of data, and Art. 35 requires the notification of consumers following a risk-intensive data breach. A key objective is the assurance of disclosures at the earliest possible time and by active conduct of the data collector and processor.
In addition to active disclosures, consumers have a right to passive or responsive action by the data holders. The latter must respond to consumer inquiries about data held or transferred as well as requests to transfer data.
The European Union expects to achieve additional transparency and compliance by establishing reporting requirements. Beneficiaries may be government agencies but third parties may also benefit, such as under the right-to-forget rules in Art. 17(2) about expunging published data.
The regulation may be implemented differently in the various E.U. member states. Whatever the national implementation, companies involved in the collection, storage, processing and dissemination of consumer data need to consider the fundamental-right statement at the beginning of the new regulation:
CK - Washington. The continued Equifax data breaches that by now affect half the American population puzzle consumers who do not know if their financial and personal data are lost. By contrast, Germans and most Europeans benefit from data transparency laws designed to protect their privacy and guide all who commercially collect, store, massage and share data. A new European data directive, effective May 25, 2018, governs rights and obligations relating comprehensively to such data activities.
Consumers will receive detailed information on the intended activities when granting companies access to their data. They will receive additional disclosures after a company stores data and intends to use it for other than the original purposes. Disclosures to consumers must be clear and intellible for a lay person. Technical or legal jargon incomprehensible to average consumers will be outlawed: The binding regulation even suggests 15 words per sentence, separated by not more than one comma. Information must be provided free of charge to the person who owns it. That alone is a far cry from the practices of some American data hoarders who persistently ignore what a Secret Service director advised more than a decade ago: Don't hoard data because they leave you and all Americans vulnerable.
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known in German as Datenschutz-Grundverordnung, lists information and reporting requirements and may increase burdens on entities that process personal data in any way. The above disclosure requirements may be more difficult than some of the other obligations, but entities with prior exposure to the data protection directive 95/46/DC which will expire can build on their experience.
Art. 21 defines a consumer right to object meaningfully to the collection of data, and Art. 35 requires the notification of consumers following a risk-intensive data breach. A key objective is the assurance of disclosures at the earliest possible time and by active conduct of the data collector and processor.
In addition to active disclosures, consumers have a right to passive or responsive action by the data holders. The latter must respond to consumer inquiries about data held or transferred as well as requests to transfer data.
The European Union expects to achieve additional transparency and compliance by establishing reporting requirements. Beneficiaries may be government agencies but third parties may also benefit, such as under the right-to-forget rules in Art. 17(2) about expunging published data.
The regulation may be implemented differently in the various E.U. member states. Whatever the national implementation, companies involved in the collection, storage, processing and dissemination of consumer data need to consider the fundamental-right statement at the beginning of the new regulation:
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union … and Article 16(1) of the Treaty on the Functioning of the European Union … provide that everyone has the right to the protection of personal data concerning him or her.Germany has some of the strictest substantive and procedural data protection systems, and the E.U. update will likely enhance the comprehensive consumer data scheme. This summer, German law journal Kommunikation & Recht published some articles from a conference on data protection on the regulation, including Transparenz als Herausforderung: Die Informations- und Meldepflichten der DSGVO aus Unternehmenssicht by attorneys Michael Kamps and Florian Schneider.
CURRENT :: 2003 :: 2004 :: 2005 :: 2006 :: 2007 :: 2008 :: 2009 :: 2010 :: 2011
:: 2012
:: 2013
:: 2014
:: 2015
:: 2016
:: 2017
:: 2018
:: 2019
German Reports: