McGuireWoods London labor and employment lawyer Sarah Thompson wrote a concise summary for the Oct. 10 issue of People Management magazine, discussing additional data privacy regulations now working their way through the European Union’s parliamentary process and expected to be implemented soon.
Thompson, an often-quoted authority on data privacy matters, unpacked new requirements to be included in the EU’s upcoming ePrivacy Regulation (ePR), a complement to Europe’s sweeping General Data Privacy Regulation (GDPR), which took effect in May.
The purpose of the GDPR is to safeguard and govern the processing of personal data. The ePR extends government oversight to cover processing of electronic communications data, which covers phone calls, emails and texts, but also cookies, mobile apps such as WhatsApp, voice-over-internet-protocol providers such as Skype, and interactions in the Internet of Things, in which digital devices as diverse as televisions and refrigerators share data.
Like the GDPR, Thompson wrote, terms of ePR apply regardless of whether the data is processed in the EU or elsewhere. Also like GDPR, fines for violations can be prohibitive, topping out at €20 million (about $23 million) or 4 percent of annual global turnover, whichever is greater.