is a Partner with Bird & Bird International. She jointly heads their International Privacy and Data Protection Group and is based in their London office. Ruth advises on data privacy, freedom of information, database rights and other information law issues.
Ruth’s extensive experience includes advising a broad range of public and private sector organisations on information law matters, including representing them on their dealings with Data Protection Authorities and the EU’s Article 29 Working Party.
This new e-Privacy Regulation, if adopted, will replace the current e-Privacy Directive and will establish, together with the General Data Protection Regulation, GDPR, a new privacy legal framework for electronic communications. The proposal aims to be lex specialis to the GDPR. Probably to ensure consistency with the new privacy legal framework for electronic communications, the entry into force provision of the leaked text has been amended to state expressly that the e-Privacy Regulation will come into force on the same date as the GDPR (25 May 2018). With many legislative hurdles still remaining before it is approved, this represents an ambitious timeline for EU legislators.
The decision creates significant uncertainty for organizations who rely on Safe Harbor either for their own, internal data transfers, or because they use a service provider which, in turn, relies on Safe Harbor to provide adequacy for its transfers to the US. Alternative methods of addressing data transfers will be needed – such as implementing EU Commission approved data transfer agreements, or obtaining individual consent. Although the decision has invalidated Safe Harbor – with immediate effect – organizations will need to look to the reactions of national data protection authorities to determine how urgently to implement alternative data transfer solutions.