The new edition of this acclaimed book gives a fully updated overview of European data protection law affecting companies, incorporating the important legal developments which have taken place since the last edition was published. These include the first three cases of the European Court of Justice interpreting the EU Data Protection Directive (95/46), the Commission's first report on the implementation of the Directive, the Data Retention Directive, new developments in international data transfers, conflicts between security requirements and data protection, and the implementation of the Electronic Communications and Privacy Directive 2002/58 in the Member States. It also covers the recent European Court of Justice decision on the controversial export of airline passenger data to the US, and expands its European overview to include the new and acceding Member States.

The book contains comprehensive coverage of data protection law, while at the same time providing pragmatic guidance on the typical compliance issues that companies face. As globalization of the world economy continues, an increasing number of business issues with data protection implications have come to the foreground, for example, outsourcing, whistleblower hotlines and records management, all of which are covered in the book. The appendices have been expanded to include most sources which a company will need, such as the texts of relevant directives, the safe harbor principles and FAQs, and charts of implementation in the Member States of specific provisions of interest to business.European Data Protection Law is a single reference source for companies faced with data protection issues.

"... opens the reader's eyes to the Europe-wide, indeed the worldwide issues at stake in the future of data protection law; and serves as a cautionary tale for those who would confine themselves to the parochial charm of a national registry's guidance notes."--Computer and Telecommunications Law Review

"A useful addition to the literature on the European data privacy debate, which has huge repercussions for any global or cross-border enterprise failing to accord sufficient attention to the issues."--ASIL Newsletter (American Society of International Law)

Christopher Kuner is Partner in the Brussels office of HuntonandWilliams. He specializes in global data protection and e-commerce practices and is Vice-Chair of the International Chamber Commerce (ICC) Special Advisory Board on e-commerce. He is also ICC Delegate to the UNCITRAL Working Group on e-commerce and to the Council of Europe Data Protection Working Group.

Preface

Selected Bibliography

1. European Data Protection Law and Institutions

A. Introduction

B. EU Institutions

C. EU Member States and Data Protection Authorities

D. Legal Instruments

E. Legislative Process

F. Non-EU Institutions

G. Enforcement

H. Future Directions

2. Fundamental Legal Concepts

A. Introduction

B. Personal Data

C. Data Subject

D. Data Processing: Definition and Grounds

E. Purpose Limitation

F. Data Controllers and Data Processors

G. Establishment

H. Consent

I. Sensitive Data

J. Access and Information

K. Anonymous and Pseudonymous Data

L. Third Party

M. Freedom of Expression

N. Free Flow of Data Within the EU

O. Data Transfer

P. Data Minimization

3. Jurisdiction and Applicable Law

A. Introduction

B. Distinguishing Choice of Law and Jurisdiction

C. The General Directive

D. The Electronic Communications Data Protection Directive

4. International Data Transfers

A. Introduction

B. Basic Principles

C. Legal Bases for Data Transfers

5. Compliance Challenges and Strategies

A. Introduction

B. Applicable Law and International Data Transfers

C. Notification of Data Processing

D. Internet Technology and the Employment Relationship

E. Privacy Policies and Website Compliance

F. Standardization and Technical Requirements

G. Future Challenges

Appendices

Appendix 1: European Data Protection Authorities

Appendix 2: Forms and Precedents

Appendix 3: Implementation and Text of the EU Data Protection Directive ('General Directive')

Appendix 4: Implementation and Text of the Electronic Communications Data Protection Directive

Appendix 5: US Safe Harbor Principles

Appendix 6: Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (Controller-to-Controller Transfers)

Appendix 7: Standard Contractual Clauses for the Transfer of Personal Data toThird Countries (Controller-to-Processor Transfers)