In a further official Opinion on the e-Privacy Directive, dated 10 February and now available online, the Article 29 Working Party has emphasised some of its concerns about the impending e-Privacy Directive. While much of the Opinion retreads old ground, the tone of the comments on the data breach notification aspects of the Directive is arresting.The Working Party believes that: ‘an extension of personal data breach notifications to Information Society Services is necessary given the ever increasing role these services play in the daily lives of European citizens, and the increasing amounts of personal data processed by these services. Online transactions including access to e-banking services, private sector medical records and online shopping are few examples of services that may be subject to personal data breaches causing significant risks to a large number of European citizens. Limiting the scope of these obligations to publicly available electronic communications services would only affect a very limited number of stakeholders and thus would significantly reduce the impact of personal data breach notifications as a means to protect individuals against risks such as identity theft, financial loss, loss of business or employment opportunities and physical harm.’
UPDATE: In a further development of proposed data breach notification laws, according to Out-law, the Council of Ministers have rejected plans to expand the scope of the European Union security breach law beyond telecoms companies. More from Out-Law.
No comments:
Post a Comment