Data protection law regulates processing of personal data by citizens, companies, organisations or public authorities. One of its main functions is to strike the balance between the citizens’ right to privacy and the needs of public or private bodies.
Its importance has grown over the last 20 years with the rapid technological development and globalised economy. The ability to access, share and above all generate data by people and machines alike has posed a great challenge to the law makers.
The current data protection law in the EU is based on the Directive 95/46/EC and the Council Framework Decision 2008/977/JHA. The Directive covers processing of personal data in general while the Council decision covers processing of personal data in the framework of police and judicial cooperation in criminal matters. The Directive has been transposed into domestic legislation of 28 Member States. In the UK, it is Data Protection Act 1998. In addition, the e-Privacy Directive regulates privacy and confidentiality in electronic communications. It was transposed into the UK legislation by Privacy and Electronic Communications (EC Directive) Regulations 2003.
The above legislative framework will change in the next several years. This is because the EU just adopted the new data protection package which consists of the Regulation 2016/680 (general) and the Directive 2016/679 (law enforcement) which will enter into force in May 2018. The Commission has also published its review of the e-Privacy Directive and has recently launched the public consultation to complement the review with views from stakeholders.
In the Law Societies, our main interest in this policy area was how the new data protection framework would address protection of confidential and privileged information. Legal professional privilege is one of the core values of the profession and the guarantee for proper administration of justice. It was therefore crucial for us that the new EU-wide legislative framework reflects that importance. Equally, we also examined how the new framework, and the Regulation in particular, would impact on law firms, businesses, and public authorities. This aspect of our work is important as solicitors are employed in various places and their expertise often covers data protection on which they have to advise their employer or their clients.
The activities of the Brussels Office in recent years were focused on bringing the solicitors’ expertise and experience in data protection and privacy law to the attention of the EU policy makers. We have engaged with the European Commission, European Parliament and various Permanent Representations of the Member States to the EU to raise awareness of the importance of the legal professional privilege and the reasons for which it must be safeguarded. We have also liaised regularly with the Council of Bars and Law Societies of Europe (CCBE) on the same subject. Since the adoption of the Regulation and the Directive, we liaise regularly with the Law Society of England and Wales, Law Society of Scotland and Law Society of Northern Ireland in their efforts to support their members in adapting to the new regime.