This post is the eleventh in a series of predictions from legal and business experts about the directions cyberlaw policy might take in 2013, solicited by editors of BNA's Electronic Commerce & Law Report during the closing weeks of 2012. We asked that the remarks be brief -- something along the lines of a Twitter "tweet" or an elevator pitch. Over 100 attorneys, law professors, online business executives, policy advocates and other cyberlaw experts responded, producing 307 separate assessments, predictions, or just plain complaints regarding any of the many legal subject areas that affect online businesses.
While lawmakers in the United States continued their painstaking examination of the need for online privacy regulation, the European Commission released a proposal for Europe's second set of privacy rules, the proposed General Data Protection Regulation. It's ambitious by American standards. The proposed regulation includes a broad definition of personal information, sets out new rules on obtaining consumer consent for data uses and transfers, a "right to forget," a "privacy by design" a data breach notification requirement, a right of access to data and a right to limit profiling, strengthens the hand of member state data protection commissioners to enforce data protection laws, and a consumer right of action for damages.
The proposed data protection regulation will become final sometime in 2013. The European Parliament's Committee on Civil Liberties, Justice and Home Affairs recently weighed in on the proposed regulation, suggesting hundreds of changes, both small and large, while largely supporting the Commission's proposal. The Hogan Lovells Chronicle of Data Protection blog has a good summary here.
The experts' views:
Privacy by design--Let's prepare for proposed EU data protection regulation. Bradley L. Joslove, Partner, Franklin Societe D' Avocats, Paris.
New draft European Data Protection Regulation: what changes for data controllers? Also applicable to companies outside the EU! Companies may need to appoint data protection officer. Edwin Jacobs, @Edwin_Jacobs, Partner, time.lex, Brussels.
European Parliament and the Council are reviewing the draft EU Data Protection Regulation--new proposal expected early 2013 but no major changes expected. Karin Retzer, Partner, Morrison & Foerster, Brussels.
Continued morphing of non-U.S. data protection laws into competition vehicles. Holly K. Towle, Partner, K&L Gates LLP, Seattle.
The EU seems bent on making its data protection regime even more complicated and burdensome for businesses with the passage of a new Data Protection Regulation. Yet industry doesn't seem to be putting up much of a fight, yet. Michael Vatis, Partner, Steptoe & Johnson LLP, New York, N.Y.
The proposed EU Data Protection Regulation will move closer to reality in 2013, and it is likely to emerge with fewer adjustments to the originally-proposed text than many in business would want. Businesses will need to prepare for compliance with the new regime. Christopher Wolf, Partner, Hogan Lovells, Washington, D.C.
Will Google, Facebook and Twitter become illegal in Europe? In the year 2013 the European Union will introduce new data protection rules which are totally different to the understanding and practice in the U.S. The big question is: Will there be a cultural clash or competition between the systems and who will pay for all that. Are the U.S. companies willing to obey to such rules? Michael Zoebisch, @zoebisch, Partner, rwzh Rechtsanwãlte, Munich, Germany.
User consent rules for cookies have been finalized in all EU countries. The U.K. and German authorities are the most active--the ones to watch. Karin Retzer, Partner, Morrison & Foerster, Brussels.
Europe and the U.S. will continue their long, slow, uneven convergence toward a common approach to online privacy protection, and both will be better off as a result. The U.S. Congress will, directly or through FTC rulemaking, set some broad baseline principles of awareness and control over personal data; in parallel, the European Commission and the EU members' data protection commissions will adopt a more pragmatic, less self-defeatingly formalistic approach toward enforcement. Andrew McLaughlin, @McAndrew, Entrepreneur-in-Residence, betaworks, New York, N.Y.
The Right to Be Forgotten in the internet era seems to restore the power balance by giving effective control to individuals over their personal data. Will the new European Data Protection Regulation do the trick? Edwin Jacobs, @Edwin_Jacobs, Partner, time.lex, Brussels.
2012 saw proposed huge changes to the EU data privacy regime, but objections too. Jonathan Armstrong, Partner, Duane Morris LLP, London.
Turkey fails to pass the Data Protection Bill again, for nearly a decade now. But there's pressing need for the same; global companies and businesses should be on the look-out. Ceylin Beyli, @ceylinb, Founder & Managing Lawyer, CBL Law Office, Istanbul, Turkey.
The EU's proposed "right to be forgotten," if implemented, would pose major operational challenges for both traditional and new media. Andy Roth, Partner, SNR Denton, New York, N.Y.
The debate over how much power consumers should have over "their data" will become increasingly febrile in the run-up to the new EU Data Protection Regulation. Mark Owen, Partner, Harbottle & Lewis, London.
E-Commerce Bill is on the way for codification in Turkey, in 2013. A limited regulation of Data Protection is in question, but spam and cache regulations prevail. Monetary fines will be the topping of this fine cake. Ceylin Beyli, @ceylinb, Founder & Managing Lawyer, CBL Law Office, Istanbul, Turkey.
In 2013, Brazil will head to a more regulated cyberspace: laws on the use of internet, e-commerce and protection of data and privacy are expected. João Harres & Fábio Pereira, Associates, Veirano Advogados, Rio de Janeiro.
Follow me on Twitter at @tjotoole.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).