European data privacy law and online business

EU data protection law is of great practical relevance for any company doing business in today's global information economy. This book provides a detailed and practical exposition of European data protection law in the context of the issues that arise in electronic commerce and data processing. It analyses the relevant EU legislation and case-law, and makes particular reference to the EU Data Protection Directives as well as to the national regulatory systems in Europe and the US. Numerous examples are taken from practice, and advice is given on how the relevant data protection laws apply to and impact upon business in Europe, the US, and worldwide. Beginning with a detailed description of the legislative process, the book goes on to discuss the basic legal concepts underlying data protection law. It then focuses on how to determine whether EU law applies to particular electronic commerce and online activities, and how to transfer personal data outside Europe so as to comply with EU law. The book also includes a comprehensive analysis of how to deal with complex compliance challenges, including notification of databases, processing of employee data, privacy policies, and website compliance and standardization. The key legislative texts needed to deal with complex data protection issues are included in the appendices, along with forms and precedents, contact information for data protection authorities, and links to useful websites. The book is fully up-to-date with the amendments to the Telecommunications Data Protection Directive passed in the summer of 2002.

• Preface
• Selected Bibliography
• 1. European Data Protection Law and Institutions
• A. Introduction
• B. EU Institutions
• C. EU Member States and Data Protection Authorities
• D. Legal Instruments
• E. Legislative Process
• F. Non-EU Institutions
• G. Enforcement
• H. Future Directions
• 2. Fundmental Legal Concepts
• A. Introduction
• B. Personal Data
• C. Data Subject
• D. Data Processing: Definition and Grounds
• E. Purpose Limitation
• F. Data Controllers and Data Processors
• G. Establishment
• H. Consent
• I. Sensitive Data
• J. Access and Information
• K. Anonymous and Pseudonymous Data
• L. Third Party
• M. Freedom of Expression
• N. Free Flow of Data Within the EU
• O. Data Transfer
• P. Data Minimization
• 3. Jurisdiction and Applicable Law
• A. Introduction
• B. Distinguishing Choice of Law and Jurisdiction
• C. The General Directive
• D. The Electronic Communications Data Protection Directive
• 4. International Data Transfers
• A. Introduction
• B. Basic Principles
• C. Legal Bases for Data Transfers
• 5. Compliance Challenges and Strategies
• A. Introduction
• B. Applicable Law and International Data Transfers
• C. Notification of Data Processing
• D. Internet Technology and the Employment Relationship
• E. Privacy Policies and Website Compliance
• F. Standardization and Technical Requirements
• G. Future Challenges
• APPENDICES
• Appendix 1: European Data Protection Authorities
• Appendix 2: Forms and Precedents
• Appendix 3: Implementation and Text of the EU Data Protection Directive ('General Directive')
• Appendix 4: Implementation and Text of the Electronic Communications Data Protection Directive
• Appendix 5: US Safe Harbor Principles
• Appendix 6: Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (Controller-to-Controller Transfers)
• Appendix 7: Standard Contractual Clauses for the Transfer of Personal Data toThird Countries (Controller-to-Processor Transfers)