Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

KickerFeaturesTopicsCommercial LawRegulationTechnology Media and TelecomSectionsNewsLJN Newsletterse-Commerce Law & Strategy

EU Approves GDPR

Coming off the heels of the EU Article 29 Working Party Opinion on the Privacy Shield, the EU Parliament passed the General Data Protection Regulation (GDPR) on April 15, which overhauls the union's Data Protection Directive rules set forth in 1995. This regulation applies to all business and organizations targeting EU consumers, regardless of their geographic location.

The legislation defines new data and privacy rights for EU individuals, regulates the transfers and processing of EU data, and sets forth more stringent enforcement of data handling, fining a firm in violation of the GDPR up to 4% of its total worldwide revenue.

Four years in the making, the GDPR will replace the patchwork of EU member states' national laws to allow firms accessing EU data to deal with a centralized supervisory authority. The EU estimates that benefits from this standardization will reach '2.3 billion per year.

The finalized GDPR regulations will come into effect 20 days after its publication in the EU Official Journal, after which member states will have two years to translate the regulations into their national law.

But “in practice,” says Francoise Gilbert, cybersecurity and privacy expert and partner at Greenberg Traurig, “implementation has already started because the final draft of the document, prior to final editing, formatting, etc., has been known for several months.”

Among the regulations included in the GDPR are: an EU citizen's right to be “forgotten;” the need for clear and affirmative consent to retain or process his/her personal data; the right to data portability; the requirement of clear and plain language in Internet and business privacy policies; the requirement of EU businesses and providers to notify their national supervisory authority of “serious” data breaches in an expedited fashion; the limitation of the use of “profiling,” a technique aimed at ascertaining an individual's personal information as well as predicting their behavior without the expressed consent of the individual; and parental consent for children between the ages of 13 and 16 to open social media accounts (such laws are already in place in most EU countries).

' Ricci Dipshan

Read These Next
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit Image

Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.

Fresh Filings Image

Notable recent court filings in entertainment law.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.