- The European Committee decision that the Safe Harbour Privacy Principles issued by the US Department of Commerce on 21 July 2000 were sufficient in providing an adequate level of data protection lost validity on 6 October 2015. On that day the European Court ruled that Decision 2000/520 (i.e. the Safe Harbour framework) was invalid (case C-362/14, Facebook-case).
- The EU is currently working very hard on replacement for the Safe Harbour Privacy Principles, i.e. the so-called EU-U.S. Privacy Shield. A draft decision has been published and commented on. However, the EU-U.S. Privacy Shield has not been adopted yet (and not come into effect).
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data is repealed with effect from 25 May 2018.
- The above mentioned Directive is replaced by Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). This Regulation entered into force on 24th May 2016. However, the Regulation shall apply from 25 May 2018. This effectively means that one has until that date to implement all necessary privacy measures.
- This Regulation shall be binding in its entirety and directly applicable in all EU member states. This means that – contrary to a directive – no separate implementation by the EU member states is required.
- Further information about the content of the Regulation itself will follow.
If you require further information regarding EU and Dutch data protection, don’t hesitate to contact Concetta Allegra[ssba]