Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Sept. 30 — Ireland, which is developing a specialty in dealing with international technology companies' privacy issues, is awaiting to see if its authority will be expanded under the draft European Union data protection law, the Irish data protection commissioner said Sept. 30.
The data protection authority, with the European Court of Justice upholding citizens' right to be forgotten and increased voluntary data breach reporting, is getting more work with more changes to come, Helen Dixon, Ireland Office of the Data Protection commissioner, told privacy professionals during a breakout session at the International Association of Privacy Professionals annual meeting in Las Vegas.
“There certainly is more to do. And as we look forward to the European data protection regulation and the increase in the enumerated rights that data subjects are going to have and the increasing roles that the supervisory authorities are going to have, this is something that does keep us awake at night in terms of how we're going to resource this,” Dixon said.
The session, “Ireland's Role in the New EU Data Protection Regime,” was sponsored by Bloomberg Law. Other panelists included Don Aplin, managing editor of Privacy and Data Security News at Bloomberg BNA, and Rob Corbet, a partner and head of technology and innovation for Dublin, Ireland-based corporate law firm Arthur Cox.
The European Parliament in March 2014 approved a draft data protection regulation that includes fines for breaches of up to 100 million euros ($114 million), or 5 percent of a company's global turnover (49 Privacy Law Watch, 3/13/14)(13 PVLR 444, 3/17/14).
“There are lots of changes that are going to come with the regulation,” Dixon said. “Obviously the overarching aim is to modernize and harmonize European data protection,” with the idea of regulations having a direct effect on enhanced rights for erasure.
The proposal will have “increasing emphasis on enforcement and enforcement through deterrence with very significantfines,” she added. “I think that's a massive change. Currently the Irish Data Protection Authority doesn't have theauthority to make any administrative fine, no matter how small.”
Technology companies with Irish headquarters include Facebook Inc., Twitter Inc., Apple Inc., Google Inc., eBay Inc. and PayPal.
“We've taken a special role by virtue of the fact that a lot of U.S. companies have located their European headquarters inIreland,” Dixon told Bloomberg BNA. “So that puts us in the position of being the lead regulator, and by virtue then of the experience we've built up in regulating those companies and getting to know their service, that's an expertise we've now developed.”
U.S companies see data protection and privacy as a compliance piece to fit into a business model, Corbet said during the session.
The philosophy “is moving more and more towards the fundamental human rights type view of data protection,” he said.
The ECJ is expected Oct. 6 to issue a ruling on the U.S.-EU Safe Harbor Program, which more than 4,000 U.S. companies rely on the transfer personal data from the European Union under a self-certification scheme that is aligned with principles in the EU's 1995 Data Protection Directive (95/46/EC) (189 Privacy Law Watch, 9/30/15).
In a case involving Google, the ECJ May 2014 affirmed a right to be forgotten and to allow EU citizens to seek deletion of links on search engines if the information was outdated or irrelevant (93 Privacy Law Watch, 5/14/14)(13 PVLR 857, 5/19/14).
Under the Irish Data Protection Act, the DPA must investigate any complaint where an individual thinks his or her rights to be forgotten were breached, including 40 cases in 10 months in which individuals asked Google, Yahoo! Inc. or other search engines to have results de-indexed and the search engine refused. Dixon said that thus far, the investigations have resulted in a 50-50 split for de-indexing.
Those 40 cases are a “tiny percentage” of the more than 200,000 requests to be forgotten, she said.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)