Out-Law News 1 min. read
18 Jul 2011, 9:23 am
The Commission has published a consultation on whether new rules are needed to ensure data breaches are reported in a consistent way across the EU.
The notification requirement, which applies to providers of electronic communications services, came into force following the revision of the European E-Privacy Directive (Directive), which came into force in the UK on 26 May 2011.
The Commission is looking for input from phone companies, internet service providers (ISPs), consumer organisations and national data protection authorities about their existing practices and experiences with the notification procedure to date.
"The duty to notify data breaches is an important part of the new EU telecoms rules. But we need consistency across the EU so businesses don't have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses," said Neelie Kroes, Commission Vice-President for the Digital Agenda, in a statement.
The E-Privacy Directive requires telecommunications operators and ISPs to keep customer data confidential and secure. Operators and ISPs must immediately inform national authorities and their customers about breaches of personal data.
The Directive also allows the Commission to propose 'technical implementing measures' in order to ensure the rules are implemented consistently across member states.
In May the European justice commissioner, Viviane Reding, said that the notification rules should be extended to cover online banking, video games, shopping and social media.
The Commission has asked organisations how they comply, or intend to comply, with the new obligation under the Directive and the types of breaches that would trigger the notification requirement. It has also asked for example of protection measures currently in use that can render data unintelligible.
It has asked for examples of current procedure such as standard formats and notification deadlines, and of the feasibility of a standard EU format.
The Commission is also looking for more information about how cross-border breaches are dealt with, and compliance with other EU obligations relating to security breaches.
Responses will be considered up until 9 September 2011.
Technology law news is also available from Bootlaw, a free resource for technology start-ups, with regular events hosted by Pinsent Masons.
