Justice interpreting the EU Data Protection Directive (95/46), the Commission's first report on the implementation of the Directive, the Data Retention Directive, new developments in international data transfers, conflicts between security requirements and data protection, and the implementation of

the Electronic Communications and Privacy Directive 2002/58 in the Member States. It also covers the recent European Court of Justice decision on the controversial export of airline passenger data to the US, and expands its European overview to include the new and acceding Member States.

The book contains comprehensive coverage of data protection law, while at the same time providing pragmatic guidance on the typical compliance issues that companies face. As globalization of the world economy continues, an increasing number of business issues with data protection implications have

come to the foreground, for example, outsourcing, whistleblower hotlines and records management, all of which are covered in the book. The appendices have been expanded to include most sources which a company will need, such as the texts of relevant directives, the safe harbor principles and FAQs,

and charts of implementation in the Member States of specific provisions of interest to business.European Data Protection Law is the book is a single reference source for companies faced with data protection issues.

Review

"A useful addition to the literature on the European data privacy debate, which has huge repercussions for any global or cross-border enterprise failing to accord sufficient attention to the issues."--ASIL Newsletter (American Society of International Law)

particular reference to the EU Data Protection Directives as well as to the national regulatory systems in Europe and the US.

e-commerce and to the Council of Europe Data Protection Working Group.

Selected Bibliography

1. European Data Protection Law and Institutions

A. Introduction

B. EU Institutions

C. EU Member States and Data Protection Authorities

D. Legal Instruments

E. Legislative Process

F. Non-EU Institutions

G. Enforcement

H. Future Directions

2. Fundamental Legal Concepts

A. Introduction

B. Personal Data

C. Data Subject

D. Data Processing: Definition and Grounds

E. Purpose Limitation

F. Data Controllers and Data Processors

G. Establishment

H. Consent

I. Sensitive Data

J. Access and Information

K. Anonymous and Pseudonymous Data

L. Third Party

M. Freedom of Expression

N. Free Flow of Data Within the EU

O. Data Transfer

P. Data Minimization

3. Jurisdiction and Applicable Law

A. Introduction

B. Distinguishing Choice of Law and Jurisdiction

C. The General Directive

D. The Electronic Communications Data Protection Directive

4. International Data Transfers

A. Introduction

B. Basic Principles

C. Legal Bases for Data Transfers

5. Compliance Challenges and Strategies

A. Introduction

B. Applicable Law and International Data Transfers

C. Notification of Data Processing

D. Internet Technology and the Employment Relationship

E. Privacy Policies and Website Compliance

F. Standardization and Technical Requirements

G. Future Challenges

Appendices

Appendix 1: European Data Protection Authorities

Appendix 2: Forms and Precedents

Appendix 3: Implementation and Text of the EU Data Protection Directive ('General Directive')

Appendix 4: Implementation and Text of the Electronic Communications Data Protection Directive

Appendix 5: US Safe Harbor Principles

Appendix 6: Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (Controller-to-Controller Transfers)

Appendix 7: Standard Contractual Clauses for the Transfer of Personal Data toThird Countries (Controller-to-Processor Transfers)