Data Protection

Standard clauses approved for the purposes of Directive 95/46/EC for the transfer of personal data to data controllers in third countries that do not ensure an adequate level of protection as set out in the Annex to  Decision 2004/915/EC. This Standard document has been adapted by PLC IPIT & Communications from the original text available at the EUR-Lex Website with the permission of the Publications Office of the European Union. © European Communities, http://eur-lex.europa.eu/ Only European Union legislation printed in the paper edition of the Official Journal of the European Union is deemed authentic.

A Q&A guide to privacy in Finland. The Q&A guide gives a high-level overview of privacy rules and principles, including what national laws regulate the right to respect for private and family life and freedom of expression; to whom the rules apply and what privacy rights are granted and imposed. It also covers the jurisdictional scope of the privacy law rules and the remedies available to redress infringement. To compare answers across multiple jurisdictions, visit the Privacy Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in the UK. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to privacy in the UK (England and Wales). The Q&A guide gives a high-level overview of privacy rules and principles, including what national laws regulate the right to respect for private and family life and freedom of expression; to whom the rules apply and what privacy rights are granted and imposed. It also covers the jurisdictional scope of the privacy law rules and the remedies available to redress infringement. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Saudi Arabia. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Australia. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in China. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data Protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A guide to data protection in Germany. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Japan. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Poland. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in South Africa. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Thailand. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in the Czech Republic. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

This tool enables subscribers to search the Country Q&A in the Data Protection multi-jurisdictional guide by question and jurisdiction. Simply select the questions and the jurisdictions that you are interested in and click the "submit" button. Please note that the law stated dates for each jurisdiction covered may not be the same. To check the law stated dates for each jurisdiction, please visit the individual article.

The European Commission published a proposed new data protection framework for the EU on 25 January 2012. The proposed legislation not only reflects the change in the way personal data is used, but also the change in public opinion about how it should be used. The new framework proposes, among other things, that data controllers can no longer rely on implied consent in the processing of personal data and that data subjects have the right to be forgotten. This article discusses the current and future position of data protection legislation in the EU. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Austria. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data Protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Hungary. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in Luxembourg. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in the Qatar Financial Centre (QFC). This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in the Dubai International Financial Centre (DIFC). This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the Data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

A Q&A guide to data protection in the United States. This Q&A guide gives a high-level overview of data protection rules and principles, including obligations on the data controller and the consent of data subjects; rights to access personal data or object to its collection; and security requirements. It also covers cookies and spam; data processing by third parties; and the international transfer of data. This article also details the national regulator; its enforcement powers; and sanctions and remedies. To compare answers across multiple jurisdictions, visit the data protection Country Q&A tool. This article is part of the PLC multi-jurisdictional guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-mjg.

Recent trends towards increased co-operation and exchange of information between regulators and prosecutors mean that multinational companies frequently have to deal with the same regulatory issues across many jurisdictions. This article sets out the key issues that a company must consider when facing a multi-jurisdictional regulatory investigation.  

This article is part of the PLC multi-jurisdictional guide to data protection law. For a full list of contents visit www.practicallaw.com/dataprotectionhandbook. This article explores the key issues faced by companies operating in multiple jurisdictions that are dealing with or planning for a scenario where personal data has been accidentally lost, destroyed or disclosed.

This article is part of the PLC multi-jurisdictional guide to data protection law. For a full list of contents visit www.practicallaw.com/dataprotectionhandbook. The production and disclosure of documents showing a company's relations with other parties is usually not intended, though this may be important in legal proceedings. Data protection laws have introduced new potential tools to obtain documents and gather information outside legal proceedings. This article examines the grounds for these requests under Swiss law and the rights under the Swiss Data Protection Act.

A Q&A guide to data protection law in Greece.

This chapter considers EU data protection issues that arise on an outsourcing, in particular: the role of the data controller and data processor; data protection issues to be addressed in pre-contractual negotiations; data protection issues to be addressed when drafting the outsourcing contract; and the national law governing the transfer of personal data in France, Italy and the UK.

The EU’s Article 29 Working Party has adopted an opinion (04/2013) on the data protection impact assessment template for smart grid and smart metering systems (WP205) in the energy sector.

The Article 29 Working Party has published its Opinion 03/2013 on purpose limitation (WP 203), which provides guidance for the principle's practical application under the Data Protection Directive (1995/46/EC) and includes recommendations with regard to the ongoing review of the EU data protection framework.

The European Council has published a comparative table of the Data Protection Regulation and the Data Protection Directive.

The Article 29 Data Protection Working Party has adopted an opinion providing further guidance on the European Commission's proposals for a revised data protection legislative framework. (Free access.)

The EU's Article 29 Working Party has adopted a new working document providing guidance on binding corporate rules for data processors.

The French data protection authority CNIL has sent a list of 69 questions to Google Inc on various aspects of its data protection procedures.

The French data protection authority, CNIL, has written to Google, saying that Google's new privacy policy does not meet the requirements of the Data Protection Directive (95/46/EC).

The European Commission has published its proposal for a new EU data protection framework. (Free access.)

A drafting note providing guidance on the standard contractual clauses (adopted by European Commission Decision 2004/915/EC on 27 December 2004) for the transfer of personal data from data controllers in the EU to data controllers in jurisdictions outside the European Economic Area (controller-to-controller transfers). The standard contractual clauses are one of several mechanisms approved by the European Commission to ensure adequate safeguards for personal data transferred from the EU to countries which the European Commission has not found to offer adequate protection for personal data. This drafting note is an unofficial document which has been prepared by PLC IPIT & Communications without input from the European Commission, the UK Information Commissioner or any other EU or UK data protection authority.