EU consultation on breach notification rules for telcos: have your say
This alert was featured in Tech Bytes, our technology law newsletter.
Tech Bytes contents
- UK government abandons plans to block infringing websites
- EU consultation on breach notification rules for telcos: have your say
- Hargreaves proposals for IP reform endorsed by UK government
- Case update: “best” and “all reasonable” endeavours obligations
- Local TV: UK government consults on proposed framework and roll out
- Featured article. Making a crisis into an opportunity
The European Commission is asking all relevant stakeholders to contribute to a consultation on practical rules that will implement EU-wide breach notification laws under the ePrivacy Directive.
By way of background, changes to the e-Privacy Directive - part of wide ranging revisions to the European telecoms framework that took effect in December 2009 - introduced a pan-European breach disclosure obligation for the providers of publicly available electronic communications services, i.e. telecommunications companies and ISPs. The obligation is to notify national data protection regulators of “personal data breaches” without “undue delay”, which extends to notifying individuals too, if the breach has an adverse effect on their interests. The new law came into effect on 26th May this year.
The Consultation is concerned with the new law’s provisions on “technical implementing measures”, which is a reference to the nuts-and-bolts of breach disclosure and the actual systems and operations that need to be adopted by telecos and ISPs to achieve legal compliance. The law anticipates that there will be detailed harmonisation of the procedures for giving notification, through the publication of binding guidance by the European Commission.
The consultation, which closes on 9 September 2011, can be accessed here.