The new edition of this acclaimed book gives a fully updated overview of European data protection law affecting companies, incorporating the important legal developments which have taken place since the last edition was published. These include the first three cases of the European Court of Justice interpreting the EU Data Protection Directive (95/46), the Commission's first report on the implementation of the Directive, the Data Retention Directive, new developments in international data transfers, conflicts between security requirements and data protection, and the implementation of the Electronic Communications and Privacy Directive 2002/58 in the Member States. It also covers the recent European Court of Justice decision on the controversial export of airline passenger data to the US, and expands its European overview to include the new and acceding Member States.
The book contains comprehensive coverage of data protection law, while at the same time providing pragmatic guidance on the typical compliance issues that companies face. As globalization of the world economy continues, an increasing number of business issues with data protection implications have come to the foreground, for example, outsourcing, whistleblower hotlines and records management, all of which are covered in the book. The appendices have been expanded to include most sources which a company will need, such as the texts of relevant directives, the safe harbor principles and FAQs, and charts of implementation in the Member States of specific provisions of interest to business. Thus, the book is a single reference source for companies faced with data protection issues.
A Chinese edition of the book was published in 2008, making it the first in-depth treatise on European data protection law published in Chinese.
1: European data protection law and institutions A. Introduction B. EU Institutions C. EU Member States Authorities D.Regulatory Instruments E. Legislative Process F. Non-EU International Institutions G. Enforcement H. Future Directions 2: Fundamental Legal Concepts A. Introduction B. Access and Related Rights C. Anonymous and Pseudonymous Data D. Consent E. Data Controllers and Data Processors F. Data Minimization G. Data Processing: Definition and Grounds H. Data Subject I. Data Transfer J. Establishment K. Freedom of Expression L. Freedom of Information M. Free Flow of Data Within the EU N. Legitimacy O. Personal Data P. Processing Q. Purpose Limitation R. Sensitive Data S. Third Party 3: Applicable Law and Jurisdiction A. Introduction B. Distinguishing Choice of Law and Jurisdiction C. The General Directive D. The Directive on Privacy and Electronic Communications E. The Directive on Data Retention F. Case Studies 4: International data transfers A. Introduction B. Selecting a Data Transfer Mechanism C. Basic Principles D. Adequacy Decisions E. Safe Harbor F. Contractual Clauses G. Exceptions H. Binding Corporate Rules (BCRs) 5: Compliance Challenges and Strategies A. Introduction B. Developing a Data Protection Compliance Strategy C. Legal Grounds for Processing Personal Data D. Notification of Data Processing to the DPAs E. Processing of Employee Data F. Website Compliance G. Security and Security Breaches H. Corporate Acquisitions and Due Diligence I. Outsourcing J. Marketing K. Records Management Appendices 1. Useful Internet Links 2. European data protection authorities 3. Implementation and text of the EU Data Protection Directive ('General Directive') 95/46/EC 4. Implementation and text of the Directive on Privacy and Electronic Communications 2002/58/EC 5. Text of the EU Data Retention Directive 2006/24/EC 6. United State Safe Harbor principles and FAQs 7. Standard contractual clauses for the transfer of personal data to third countries (controller-to-controller transfers) 8. Standard contractual clauses for the transfer of personal data to third countries (controller-to-processor transfers) 9. Forms and Precedents 10. Mail, Fax, Telephone and E-Mail Marketing Requirements in EU Member States 11. Summary of Notification Requirements for Commercial and Human Resources Data in EU Member States 12. Standard Contractual Clauses Filing Requirements 13. Selected Enforcement Measures in Member States and Article 29 Working Party from September 2002 through May 2006 14. Documents Adopted by Article 29 Working Party through June 2006 15. Binding Corporate Rules materials
Christopher Kuner is Partner in the Brussels office of Hunton & Williams. He specializes in global data protection and e-commerce practices and is Chairman of the International Chamber of Commerce (ICC) Data Protection Task Force.
Reviews for European Data Protection Law: Corporate Compliance and Regulation
[I]n a globalized world, the book can clearly be useful both to european and non-european entities...The distinguished author has fundamentally revised, updated and expanded the book...The author has expanded the chapter on international data transfers, which is of particular practical relevance. In particular, protections for transfers to third countries are explained lucidly and understandably, with particular emphasis on contractual solutions and Binding Corporate Rules...Kuner gives the practicioner valuable advice regarding notification to the data protection authorities, the processing of employee data, designing data protection-compliant web sites, data protection in corporate acquisitions, outsourcing, marketing, and data security. The comprehensive material in the appendices is also of great value for data protection practicioners...The clarity and informational content of the book have, generally speaking, increased compared with the previous edition... Recht der Datenverarbeitung This book is a success in every respect. It is the first book on data protection law that is conceived on a truly European level and goes beyond local coverage to include the practices of the most important EU Member States. At the same time, it has paid off that the author, a lawyer who has worked in the field of international data protection law for many years, has drawn on his lengthy exprerience in advising corporate clients in writing this book. Thus, the book is certainly of benefit for every company that deals with data protection law in the scope of its compliance activites...Anyone who wants to get a foothold in international data protection law needs to purchase this book.
