International E-news - July 2011



  1. Nordic DPAs question Facebook on privacy
  2. Mexico consults on regulations
  3. Netherlands’ cookie clause stricter than EU Directive requires
  4. Peru adopts data protection law
  5. Sweden: Cookie clause in force 1 July
  6. Hungary submits new Data Protection Bill and cookie clause for legislative approval

1. Nordic DPAs question Facebook on privacy

The data protection authorities of Sweden, Finland, Norway and Denmark put a series of questions last week to Facebook about its processing of personal data. The authorities say that they want to better understand how personal data is handled over social networks. Norway’s authority took the lead in this action earlier this year by preparing a case study on Facebook on behalf of the Norwegian Consumer Council.

The authorities have given Facebook until the end of August to answer their questions. The questions range from, for example, how Facebook shares basic account information with other businesses, to what extent Facebook uses additional personal data (for example, sexual orientation and race) for its own purposes.

2. Mexico consults on regulations

Mexico started, on 6 July, consultation on regulations that will establish guidelines for the implementation of Mexico’s Federal Law on the Protection of Personal Data.

Speaking yesterday at PL&B’s 24th Annual International Conference in Cambridge, Wanda Sigrid Arzt Colunga, Commissioner, Federal Access to Information and Data Protection Commission, Mexico, said that a new mandate was issued this month obliging companies to publish privacy notices with immediate effect.

The regulations, which will cover data transfers, are expected to take effect in January 2012.

Papers/slides from this conference are available to purchase for £150 GBP + 20% VAT. Please contact glenn@privacylaws.com

3. Netherlands’ cookie clause stricter than EU Directive requires

The Netherlands’ proposals on implementing the so called cookie clause, as required by the amendments to the European Union’s e-Privacy Directive, are causing controversy. It is planned that the use of cookies, including third-party cookies, will require explicit consent. This policy would therefore oblige foreign businesses that operate websites in the Netherlands to comply if they process personal data of people in the Netherlands.

The Telecommunications Law was adopted in the lower house of the legislature on 21 June and now needs the Senate’s approval. The Senate cannot amend the law but may send it back to the lower House.

Read more about this topic in the September issue of PL&B International Report.

4. Peru adopts data protection law

President of Peru, Alan García, signed the data protection bill (PL&B International Report July 2011 pp. 21-22) into law on 2 July, making it possible for Peru to apply for EU adequacy status in the future. The law establishes, in Article 32, a Data Protection Authority that will report to the Ministry of Justice. The Authority may impose sanctions, which are defined as minor, major and severe. It will maintain a National Data Protection Register and all private companies will have to register their databases with the new regulator.

The law applies to information on natural persons that identifies them or makes them identifiable. Individuals will have access rights and a right to have their personal details corrected or deleted.

More details are published in the July 2011 edition of the PL&B International Report, pp.21-22 which is available from PL&B’s office.

A copy of the law is available here

PL&B’s 24th Annual International Conference next week will feature sessions in English and Spanish on Latin American data protection developments (in Argentina, Uruguay, Chile, Colombia and Brazil) on 13 July. The sessions will be given by Latin America’s leading specialist data protection lawyer, Pablo Palazzi, Attorney, Allende & Brea, Buenos Aires, Argentina. On the same day, Mexican Commissioner, Wanda Sigrid Arzt Colunga, Commissioner, Federal Institute for Access to Information and Data Protection (IFAI), will speak about Mexico’s data protection law. She will also chair the Spanish language session. Irenea Renuncio-Mateos, the writer of the articles on Chile, Uruguay, Colombia and Paraguay in PL&B’s International Report in February and the report on Peru in the July edition, will also be attending these sessions where there will be time to discuss Peru’s new law. 

5. Sweden: Cookie clause in force 1 July

On 18 May, the Swedish Parliament implemented the new rules on cookies that stem from the amendments to the EU e-Privacy Directive. The Swedish approach is in line with the amendments to the Directive, and will enter into force on 1 July. The law requires individuals to be informed of cookies and their relevance to data processing, and to consent to the cookies. There is no certainty as yet whether browser settings could imply consent. The Swedish Internet Advertising Bureau has criticised the law, saying that up to 30% of users may refuse cookies, and therefore hamper e-commerce.

See the amendment (in Swedish).

6. Hungary submits new Data Protection Bill and cookie clause for legislative approval

Hungary’s government issued, on 7 June, a draft for the new Hungarian Data Protection Act (the Act on informational self-determination and freedom of information). It is expected to enter into force on 1 January 2012 along with the new Basic Law of Hungary, which will create an independent DP Commissioner. That is the most notable change, and is designed to fully implement the EU DP Directive, reports www.dataprivacy.hu

On 10 June, a draft bill was submitted to the Parliament to transpose the amendments to the EU e-Privacy Directive. The cookies clause requires prior consent and notice to permit cookies.

For further details on the Privacy Laws & Business International Newsletter, please click here.

Copyright Privacy Laws & Business 2011