The New European Data Protection Law (GDPR), is expected some time in the summer of 2016.
Who would have thought that the US State of California would have led the world on an important matter of human rights? Well, back in 2002, against all expectations, California did indeed produce ground-breaking Data Breaches legislation, which became law in 2003 (SB 1386). Most other states of the US quickly followed suit, leaving the citizens of Europe well and truly exposed in comparison. Until now…
Why this should have been the case is a mystery for many… only a few years earlier the 1995 EU Directive on Protection of Personal Data led the way and represented a new milestone in applying the relevant sections of UN and EU Charters on Human Rights to the real world. One suspects that the increase from 16 states to 25, and then 28 states might have had something to do with this, but that is another matter. The EU never even started the process of improving data protection legislation until 2012, and the reality is that e-commerce in Europe has always been far too relaxed in protecting personal data of its citizens. At least now something is actually happening!
But is it? The principle behind EU Directives was that they were democratically agreed in Brussels, and EU States were given two years to tweak them to fit local conditions. In fact the UK managed to stretch it to three years before Directive 95/46 was implemented here. By then, B2C e-commerce was already well underway. The new legislation is not a directive, but an EU Law, with no local integration either needed or intended. It had been discussed since 2012 with massive consultation so it was reasonable to expect that it would start to apply straight away.
In fact… the two years required for local implementation of Directives will be applied in this case, so no changes from Directive 95/46 will actually happen before the spring of 2018. The shrieks of protest are already building but there hasn’t actually been a change is legislation relating to personal data and e-commerce for over 20 years! It is long, long overdue; indeed I was expecting something fairly imminently when I first took up my current post back in 1999! Well, better late than never, I suppose. The message has to be… stop grumbling and take it on board! None of the proposed changes are draconian, and they are necessary to halt the rise in cyber-crime and allay public concern about personal data as a result of so many high profile data breaches.
My next article will focus on the changes that the GDPR will bring. It seems that the draft will not become actual legislation until June, so it’ll just be a taster, but I didn’t want to go straight into the minutiae of the new act without providing a bit of context.