EWeek reports on privacy regulations in Europe and their international impact:
The European Union’s new data privacy rules requiring companies to obtain explicit customer consent before displaying targeted Internet advertisements will impact any Web enterprise that has customers within the EU.
The data privacy rules, an amendment to the European Union’s Privacy and Electronic Communications Directive, will go into effect May 26. Intended to give Web users more control over their data online, the e-privacy law will require anyone running a Website to get user consent before deploying certain types of information-collecting cookies.
The e-Privacy Directive applies to cookies used to collect information that is not directly related to the service offered by the site and would be used for advertising purposes. The sites can continue automatically installing cookies that collect information such as passwords, language preferences or the contents of an e-commerce shopping cart. […]
Each member country will be translating the EU regulations into law, making it likely there will be variations from country to country. The Netherlands Ministry of Economic Affairs, Agriculture and Innovation will allow Websites to rely on browser settings to obtain users’ consent to cookies. The Article 29 Data Protection Working Party, the privacy group within the European Commission, has suggested implementing the directive in a way that users are required to opt in to every individual cookie.
Any business, wherever it is located, that places cookies on computers belonging to its customers based in the European Union would be subject to the e-privacy directive, according to Chris Saunders, an attorney at Mundays Solicitors, in Surrey, England. It’s still “to be decided” how and where the rules will be enforced for non-EU-based organizations, Saunders said. […]
All businesses using cookies need to carefully consider the methods they use to obtain computer users’ consent and keep up-to-date on how the laws are defined in the countries where they do business, Saunders said.
Under the new privacy rules, Internet and phone providers will also be required to notify data-protection authorities if they accidentally lost or disclosed personal information such as names, email addresses or bank details. The companies will also have to inform the affected consumers directly.