International E-news - August 2011
- Hungary adopts new data protection law
- Important amendments to Russia’s DP law
- Consultation on data breach notification
- EU writes to countries that fail to implement e-Privacy
Hungary’s legislature adopted a new Data Protection Act on 24th July and it was published in the official journal on 26th July. It will enter into force on 1 January 2012. As a result, a new Data Protection Authority (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság; “NAIH”) will be set up with full powers of investigation and authority to impose significant fines. Under the new law, mandatory registration with the data protection registry will be subject to a fee and no data processing can be carried out until receipt of the NAIH’s acknowledgement of the registration.
However, companies can avoid this requirement by completing the mandatory registrations under the current system at the Data Protection Commissioner’s office before 31st December 2011. Until then, registration is free.
The new law was adopted as a response to the changes introduced by Hungary’s new constitution. It also recognises the need for effective monitoring of companies’ data protection activities and protecting Hungarian citizens’ rights.
Source: Andrea Klára Soós, Attorney, Budapest Hungary, email@example.com Telephone: +36 20 310 2274
There will be a fuller article by Andrea Klára Soós in the September edition of PL&B’s International Report.
Hungary Roundtable: If you are interested in a one day Roundtable in Budapest later this year with Dr. András Jóri, Data Protection and Freedom of Information Commissioner, Hungary, please e-mail firstname.lastname@example.org with ”Hungary” in the subject line. He will explain the changes in companies’ legal duties resulting from the new law.
Russia’s President, Dmitry Medvedev, signed a new law on 26 July 2011, which amends Russia’s DP law of 2006. The amendments provide:
- some exemptions from the general duty to notify individuals about the processing of their data, and
- specifies circumstances where organisations may continue to process personal data even after data subjects have revoked their consent.
Also, the amendments extend the time to respond to a subject access request to 30 days.
If you would be likely to attend a workshop on the Russian DP amendments either in London or Moscow, please email email@example.com stating your preferred location and with “Russia” in the subject line.
The EU Commission is currently seeking views on the practical implementation of the mandatory data breach notification requirement for telecoms providers under the amendments to the e-Privacy Directive. The Commission is keen to find out from stakeholders the procedures and formats which they think would be workable.
The Commission has now started its preparatory work on the implementing measures. This public consultation seeks to gather practical input based on existing practice and initial experience with the new rules, and tries to achieve a harmonised approach.
Respondents are encouraged to provide practical examples of how they handle data breaches and notifications. This consultation applies only to the data beach notification that is currently in force for the telecoms sector, and does not seek views on any future plans to extend it.
The consultation was launched on 14 July, and the deadline for responses is 9 September 2011.
Only seven EU Members Member States, the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden managed to implement the amendments to the e-Privacy Directive by the deadline of 25 May. The EU Commission sent, on 18 July, requests for information to the remaining 20 Member States. Should they fail to provide satisfactory information within two months, the Commission will start formal legal proceedings. The main reason for the delay is the controversial cookie-regulations that will require consent for using cookies.
For further details on the Privacy Laws & Business International Newsletter.
Copyright Privacy Laws & Business 2011