The European Union’s new General Data Protection Regulation (GPDR) has passed its last major hurdle to adoption. On Dec. 18, 2015, the Permanent Representatives Committee of the European Council confirmed that the compromise texts on the legislative package had been agreed with the European Parliament.
The GPDR contains a number of features potentially of interest to privacy practitioners in other jurisdictions whose privacy laws may follow the direction set by the EU, including:
- codifying the ‘right to be forgotten’ confirmed by the European Court of Justice in the 2014 Costeja decision
- regulating algorithmic decision-making where it produces legal effects or significantly affects individuals, and
- introducing requirements for mandatory notification of data breaches.
Link: WSGR via Bloomberg BNA