August

"The EU has delayed the vote on a controversial reform of data protection laws, which seek to implement a single law across all 27 member states. Industry bodies are running a lobbying campaign against the proposals, which they claim will have a ""chilling"" effect on UK business and prevent the UK from being the home of the next Twitter or Facebook. Organisations including the Internet Advertising Bureau, Interactive Media in Retail Group and Coalition for a Digital Economy signed an open letter to ministers, warning them that the European Commission's proposals to clamp down on data violations would hamper growth of the digital industry in the UK. It is understood the crucial vote was delayed in order to concentrate on the fallout from the Cyprus banking crisis. The EU argues that a single data protection law across all its member states would save businesses �2.3bn a year by removing ""fragmentation and costly administrative burdens"" and will boost growth and jobs by reinforcing ""consumer confidence in online services"". John Pooley, managing director at specialist agency The Data Partnership, said, ""It seems the EU data regulators need to review their objectives and encourage data responsibility, rather than set out restrictive and widespread 'data gatekeeping'."" "

The European Information System called SIS (Schengen Information System) II is launching after substantial delays. The new database is intended to allow security officials faster and easier ways to exchange information, but privacy concerns abound. The main goal of the Schengen Agreement is to have a space of free movement without controls on the internal borders. All EU member states belong to the Schengen area with the exception of Great Britain, Ireland, Cyprus, Romania, and Bulgaria. In light of security concerns, the member states established the SIS in 1995 as a joint database to be used in manhunts. This system has now been reformed and enables European customs and border officials as well as police and prosecutors to search not just for missing people or criminal offenders, but also for cars and weapons. National and European privacy authorities are intended to help determine whether the SIS II conforms to their countries' standards. Some have reservations about the lack of uniform privacy standards in the EU. Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, believes that such a concentration of power is not in accordance with data protection standards. He also says a situation is developing in which information about not just suspected criminals or criminal deeds is being collected, but simply everyday behaviour.

The Article 29 Working Party (WP29) has adopted an Explanatory Document on the Processor Binding Corporate Rules (WP204), which clarifies the principles and elements of Processor Binding Corporate Rules or Binding Safe Processor Rules (BSPRs) as laid out in its Working Document 02|2012 (WP195). BSPRs are internal, legally binding, codes of conduct regarding privacy and security, aimed at guaranteeing clients of data processors that data transfers are adequately framed and protected. WP29 stated that data protection principles stemming from the Data Protection Directive (95|46|EC) must be incorporated within the BSPRs. They must also provide sufficient level of detail to allow DPAs to assess whether adequate safeguards are provided in relation to data processing and sub-processors. All BSPRs must contain: provisions guaranteeing a good level of compliance, audits, complaint handling, the duty of cooperation with the data controller and DPAs, liability, rules on jurisdiction, and transparency.