The new rules include a streamlining of the “cookie law”, which has resulted in an overload of consent requests for internet users by clarifying that no consent is needed for non-privacy intrusive cookies. This means cookies to remember shopping cart history or count the number of visitors to that website will no longer require consent.
The new rules ban unsolicited electronic communication by any means, and make national data protection authorities responsible for the enforcement of the confidentiality rules in the GDPR.
The EC said it plans to engage proactively in discussions on reaching “adequacy decisions”, allowing for the free flow of personal data to countries with “essentially equivalent” data protection rules to those in the EU with key trading partners in East and South-East Asia. This will start with Japan and Korea in 2017, as well as interested countries in Latin America and the “European neighbourhood”.
In addition, the EC will make full use of other alternative mechanisms provided by the new GDPR and Police Directive to facilitate the exchange of personal data with other third countries with which adequacy decisions cannot be reached.
The EC hopes to have the new rules in place by the time the GDPR becomes applicable on 25 May 2018.
“The intention is to provide citizens and businesses with a fully-fledged and complete legal framework for privacy and data protection in Europe by this date,” said the EC.
Read more about GDPR
- KPMG is warning CEOs not to stall on preparing their businesses for the arrival of the European General Data Protection Regulation.
- Information commissioner Elizabeth Denham welcomes the UK government’s confirmation that it will implement the EU’s General Data Protection Regulation (GDPR) despite the outcome of the UK referendum.
- An alarming 96% of companies still do not fully understand the European General Data Protection Regulation (GDPR), a survey reveals.
The proposed rules represent the next step for EU regulators, as they attempt to ensure personal data is adequately protected and that users have increased control over how it is collected, used, retained and disclosed, said Mark Thompson, global privacy advisory lead at KPMG.
“For consumers, it means more control over the use of personal data. For businesses, the proposal will be felt in a spectrum of different ways,” he said.
“However, businesses that fall under increased consent requirements, where users are required to take action to allow cookie usage before information can be collected, in certain circumstances, are likely to face some challenges,” he said. “The new rules will allow users more control over their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks.”
Source : http://www.computerweekly.com/news/450410767/Firms-should-take-note-of-EC-privacy-proposals-warns-KPMG