Tag archives: Council of the European Union

NIS Directive Published: EU Member States Have Just Under Two Years to Implement

Data Protection Report - Norton Rose Fulbright

The Directive on Security of Network and Information Systems (known as the NIS Directive) was published in the Official Journal of the European Union on July 19, 2016. Member States will have until May 9, 2018 to implement this Directive into national laws and a further six months to identify “operators of essential services.”

Summary of the NIS Directive

The NIS Directive is the first comprehensive piece of EU legislation relating to the 2013 EU Cybersecurity Strategy. Its objective is to achieve a high common level of security of network and information systems across the EU through improved … Continue Reading

EU Data Protection Reform: EU Council of Ministers Publishes Updated Version of the GDPR, Formally Adopts Its Position at First Reading, Announces Crucial Second Reading to Take Place on 14 April

Data Protection Report - Norton Rose Fulbright

On 8 April 2016 (see here), the Council of the European Union announced that it has formally adopted its position at the first reading on the EU General Data Protection Regulation, a key step in the data protection reform process.

The Council’s position will now be sent to the European Parliament who will vote on whether they approve the Council’s position at first reading. This is expected to take place on Thursday 14 April. If the text is adopted in the European Parliament, it will be scheduled for formal adoption in Council shortly thereafter (which should be a mere … Continue Reading

Council and European Parliament reach agreement on NIS Directive

Data Protection Report - Norton Rose Fulbright

On December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD).

The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union for Foreign Affairs and Security Policy published a strategy for ‘An Open, Safe and Secure Cyberspace’ and proposed a directive in 2013. Once adopted, likely in early 2016, EU Member States will have 21 months to adopt the necessary national provisions to comply with the … Continue Reading

NLRB asserts employers must bargain with unions on breach response

Data Protection Report - Norton Rose Fulbright

The U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former postal employees. Specifically, in one of its complaints, the NLRB alleged that the postal service’s unilateral decision to provide credit monitoring and fraud insurance to affected employees without engaging in collective bargaining with the union on these issues violated Sections 8(a)(1) and (5) of … Continue Reading

EU’s “One Stop Shop” Proposal Focuses on “Main Establishment” as Nexus of DPA Enforcement Authority

Data Protection Report - Norton Rose Fulbright

This is Part 2 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In this Part we examine the concept of main establishment and the position of entities without an EU establishment.

Main Establishment

The operation of the One Stop Shop depends on being able to determine the ‘main establishment’ of a business. This dictates which supervisory authority (SA) will be the lead SA where the controller or processor processes … Continue Reading

EU Proposes “One Stop Shop” for Data Protection Supervision and Enforcement

Data Protection Report - Norton Rose Fulbright

This is Part 1 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation.

The Council of the European Union (the Council) has recently published a partial general agreement on its version of the so-called ‘One Stop Shop’ mechanism. The Council’s internal deliberations are expressly caveated to the effect that ‘nothing is agreed until everything is agreed’, and a required ‘trilogue’ between the three EU institutions involved in policy and law making cannot commence until the Council has agreed a complete version of the draft General Data Protection Regulation COM (2012) … Continue Reading

LexBlog