Privacy, You and Your Business - EU Directives

December 16, 2011




In May 2011, a Europe wide directive was passed relating to data protection and processing of data. The directive (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 for those who are interested!) set outs how information can and cannot be used by data controllers.


As with many EU directives, there is room for interpretation but I've outlined the basics of this particular directive below. 




As with all data protection related laws it is just as important for small businesses to know their obligations as it is for the big global corporations.
Firstly, according to the Irish Data Protection Office the new regulations apply to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the State and where relevant the European Union, including public communications networks supporting data collection and identification devices.

As per previous regulations, adequate security measures and procedures should be in place to try and ensure the data is protected. This includes limiting access to a select number of individuals, saving only required data and processing it in a way that is fair.

The UK Information Commission Office has specifically referred to cookies in relation to the directive. They have stated that users must be given an opportunity to refuse cookies (an “opt out”) with a requirement for user consent. The requirement to also provide users with clear, comprehensive information on the use of cookies remains. Whilst the Irish Data Protection Office has not specifically mentioned cookies, the general directive is the same. So whilst it is not specified, businesses should really look at the full spectrum of data retention and usage.

Data controllers have been given a 12 month grace period, so in May 2012 the law comes into full force. Before then, it might be an idea to read up on the specifics and see exactly how your company will be affected.

Data breaches are not only a legal issue but also have the potential to ruin a companies reputation.


More information on the new directive is available on Data Protection Directive PDF. It is also worth looking at the UK Information Commission Office PDF.