November 2014 Bar Bulletin
U.S. Efforts Seek To Close Gap with E.U. Data Protection Regulation
By Sherman Helenese
Privacy and data security are considered fundamental rights in the European Union, akin to the rights to free speech or to bear arms in under the U.S. Constitution. Accordingly, the E.U. has some of the highest standards relating to the use and protection of personal data of its citizens.
In October 2013, the European Parliament Committee on Civil Liberties, Justice and Home Affairs approved an updated version of the E.U. Data Protection Regulation so that it could be socialized among member states in preparation for approval. The proposed legislative initiative empowers consumers with a "right to erasure" or "right to be forgotten."
Consumers will have the ability to request the removal of any personal data that a particular entity may possess. Egregious violators of the proposed regulation may be subject to a penalty of up to 1 million Euros or 2 percent of annual global revenue. Entities seeking to transfer data outside the E.U. would need to obtain prior approval from the E.U. data protection authorities to do so.
While the E.U. prepares to implement broader consumer protection, the White House published "Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy," aka the Consumer Privacy Bill of Rights, which provides:
Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
Respect for Context: Consumers have a right to expect that companies will collect, use and disclose personal data in ways that are consistent with the context in which consumers provide the data.
Security: Consumers have a right to secure and responsible handling of personal data.
...login to read the rest of this article.