Each EU member state can, however, enact its own cookie law and there has been some variation in the consent requirements required. For example, in some countries, consent can be obtained via browser settings while others may require the express consent for use of cookies. There has been lax enforcement of these cookie restrictions and some have criticized these efforts as misguided and of little value to data privacy. The E-Privacy Regulation. Similar to the replacement of the EU Data Directive with the GDPR, the proposed E-Privacy Regulation (otherwise known as the cookie law) is planned to replace the E-Privacy Directive. Currently being drafted and revised, the E-Privacy Regulation will update and provide protections on cookie settings and direct marketing communications. The E-Privacy Regulation originally was intended to come into effect on May 25, 2018, together with the GDPR, but has still not been adopted. Article 29 Working Party . The Article 29 Working Party is a special group formed in the EU for the expressed purpose of overseeing specific issues such as workplace privacy and handling of employee data. The group is composed of representatives of the DPAs, the European Data Protection Supervisor, and the European commission. The Working Party issues opinions and offers guidance on data privacy to the member states. In addition to the opinion on “cookies” mentioned above they have issued the following recent opinions regarding consent and cloud computing: Article 29 Data Protection Working Party Opinion 15/2011 on Definition of Consent , 01197/11/EN (July 13, 2011) provides that valid consent requires affirmative indication of consent such as a signature or checking a box. Article 29 Data Protection Working Party Opinion 05/2012 on Cloud Computing 01037/12/EN (July 1, 2012) describes potential data protection risks, focusing on both individuals lack of control over their personal data and insufficient information about how the data is used.
152
Made with FlippingBook - Online Brochure Maker