Framework Strengthens Privacy, Worries Business
The European Union's proposed new data protection framework--due for release tomorrow--could include strengthened privacy protections for individuals and serious implications for Internet companies trading in personal information, The New York Times reports. The reforms--including harmonization of the 27 EU Member States, the "right to be forgotten," mandatory breach notification and robust financial penalties for privacy violations--have some technology firms concerned about the reach of the new legislation. Microsoft Europe Chief Operating Officer Ron Zink said, "We have been pushing for harmonization of privacy laws for several years, but we are concerned that these proposals may be too prescriptive." Françoise Gilbert, CIPP/US, IT Law Group managing director, said, "Individuals are getting more rights. The balance is tilting more to the individual versus the companies." (Registration may be required to access this story.) Editor's Note: In this feature article for the IAPP Europe Data Protection Digest, Fabio Di Resta of Di Resta Law Firm discusses the new framework with a particular focus on the "equipment/means" and "directed to" criterion.