I have practiced law in both the U.S. and U.K., and witnessed first-hand the ongoing debate over the proposed EU General Data Protection Regulation. The arguments show no sign of a quick or easy resolution, especially given the number of interested parties and the expected implementation date of 2015.
The U.S. approach to data protection has been driven by the credit card privacy rules of the 1970s, and generally requires companies to use technology to protect customer data, send immediate notification to those whose data is compromised, and make a strong effort to provide after-the-fact credit protection. The EU approach to data protection, adopted in its 1995 directive, is restricting data transfers and obtaining permission from each individual before data can be used or transferred.
To read more, click here to read Darren’s complete post on Prince Lobel’s Corporate Law Blog.