Privacy and Data Security Alert: Key Privacy Developments for 2016
See below for some key privacy developments that could impact you and your organization in 2016 and beyond.
GDPR Becomes Effective in 2018
On April 14, 2016, the most significant change in 30 years related to privacy law occurred when the European Parliament finally approved the General Data Protection Regulation (GDPR). After 4 years of political negotiations and thousands of amendments, the result is a 261-page regulation. The GDPR becomes effective in 2018 and creates new obligations, new enforcement mechanisms, severe penalties for non-compliance, and new data rights for EU citizens.
Privacy Shield Still Under Review
This past February, the European Commission and U.S. Department of Commerce announced a new data transfer framework, the EU-U.S. Privacy Shield, set to replace the EU-U.S. Safe Harbor Agreement that was invalidated last year by the European Court of Justice. For the past 15 years the Safe Harbor had been relied upon by thousands of U.S. companies to support transatlantic data transfers. Unfortunately, implementation of the Privacy Shield hit a major roadblock when it was rejected on April 13, 2015 by the EU Article 29 Working Party. While the Privacy Shield will likely be passed in some form, businesses must consider appropriate options currently available for cross-border data transfer compliance.
Finally, in December, the FTC and Wyndham Worldwide Corporation, the hotel franchisor, entered into a settlement agreement. This widely watched case challenged the very authority of the FTC in data privacy and security law enforcement. The resulting settlement agreement confirms the authority of the FTC and includes useful guidance for businesses seeking to minimize and mitigate risks related to data privacy and security.
Any business concerned about data privacy and security compliance should become familiar with the GDPR, Privacy Shield, and Wyndham. Our privacy group at GPM has been monitoring these legal developments and can suggest practical steps your business can take that are appropriate for your business or organization to mitigate risk.
A Legal Guide to Privacy and Data Security
The GDPR, Privacy Shield, Wyndham and other legal developments in the privacy and data security area are covered in the just published 2016 version of A Legal Guide to Privacy and Data Security. Gray Plant Mooty prepared this guide in collaboration with the Minnesota Department of Employment and Economic Development. If you would like a free paper copy of the guide or have further questions regarding the GDPR, Privacy Shield, or Wyndham, please contact Michael Cohen.