Privacy and Data Protection

Printer Friendly, PDF & Email

Privacy in the European Union: A Data Safekeeping Revolution

In 1995, the European Union (the EU) brought to the forefront the issues of privacy and the individual’s right to protection of their sensitive information, when it adopted “Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data” (the EU Data Protection Directive). A version of the EU Data Protection Directive was implemented in each EU country. The EU’s history of strong commitment to privacy and human rights law is reflected in the EU Data Protection Directive, which was the first major privacy law of its kind. The U.S. Congress subsequently enacted the Health Insurance and Portability and Accountability Act of 1996 and, in 1999, Congress passed the Gramm-Leach-Bliley Act, which governs privacy obligations for financial institutions.

On January 25, 2012, the EU introduced a new privacy regulation, known as the General Data Protection Regulation (the EU GDP Regulation), that superseded the EU Data Protection Directive in May 2018.[2] Companies must review the new EU GDP Regulation and revise their privacy programs to comply with the EU GDP Regulation, even if they are US-only companies. As was the case in 1995, the EU may be on the forefront of more restrictive privacy regulations than the U.S.

This document is only available to subscribers. Please log in or purchase access.