Live From Toronto: EU Privacy Laws Far From Unified
The European Union is hardly a monolith when it comes to privacy, according to Alastair Tempest, director general of public affairs and self-regulation for FEDMA. He spoke at the DMA 82nd annual Conference & Exhibition here in Toronto.
Though the EU requires that all member companies comply with its data directive, each country has latitude when creating its own laws, he said during a session at the DMA annual conference here this weekend.
The term is “Eurocal,” indicating that the directives are executed locally. For example, Italy, which only recently passed a data law, requires express consent to transfer data on a consumer even within the EU. This clearly goes “against the directive,” Tempest said.
“In Greece, you can’t transfer data at all for processing for DM purposes,” he added. “And Holland has a 149-page booklet on privacy. An optician has to have consent to send patients information on their glasses because it is ‘sensitive,’ health-oriented data.”
The 15 EU data-protection commissioners’ countries also have varying views on what constitutes sensitive data, which can only be transferred with the consent of the consumer.
“My name indicates someone who is English,” Tempest said. “But the name Singh or Patel indicates someone from the Indian subcontinent. Therefore, ‘that name puts me in a racial category, which could be sensitive data.'”
