PL&B International E-news, Issue 60

1. Luxembourg lightens data protection law

On 1 September, Luxembourg modified its data protection law, removing some obligations to notify data processing to the CNPD (the national data protection authority) and simplifying other regulations.

The most common data processing in business and administration, such as that for human resources, no longer must be notified to the CNPD. Data processing by some professionals (lawyers, notaries, doctors, journalists, for example) will be considered to be sufficiently protected by professional ethics. The lists and conditions regarding the new rules on notification are on the CNPD website.

Data processing notification rules are also simplified for scientific research and health professionals, including clinical research for pharmaceutical companies. Data processing officers in charge of data protection for firms can now be employees of the firm (formerly they could only be external consultants). This means that these companies are exempt from notification requirements.

Perhaps the most significant change is that Luxembourg no longer extends protection to the privacy of legal persons, such as companies, as it does to natural persons. Of course, personal data processed by legal persons is covered by the amended data protection law.

A fuller report will be published in October’s Privacy Laws & Business International Newsletter.

Luxembourg’s Data Protection Commissioner, Mr. Gérard Lommel, with his senior advisors, has agreed to participate in a European Privacy Officers Network (EPON) Roundtable in Luxembourg on May 21st 2008. The agenda will include the above amendments to Luxembourg’s data protection law and how he will interpret and implement them. A briefing on the previous day will be hosted by Linklaters and the Roundtable will be hosted by Deloitte.  

Click here for further information about subscribing to the international newsletter.

Copyright Privacy Laws & Business 2007