Privacy and Data Protection

Privacy in the European Union: A Data Safekeeping Revolution

In 1995, the European Union (EU) brought to the forefront the issues of privacy and the individual’s right to protection of their sensitive information when it adopted “Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data” (the EU Data Protection Directive). A version of the EU Data Protection Directive was implemented in each EU country. The EU’s history of strong commitment to privacy and human rights law is reflected in the EU Data Protection Directive, which was the first major privacy law of its kind. The U.S. Congress subsequently enacted the Health Insurance and Portability and Accountability Act of 1996, and then in 1999, Congress passed the Gramm-Leach-Bliley Act, which governs privacy obligations for financial institutions.

On January 25, 2012, the EU introduced a new privacy regulation, known as the General Data Protection Regulation (GDPR), that superseded the EU Data Protection Directive in May 2018.[2] If not already accomplished, companies must review the GDPR and revise their privacy programs to comply with it, even if they are US-only companies.

This document is only available to subscribers. Please log in or purchase access.