Technology Update: Busy Year for Companies as New Technology Laws Come into Effect
10 December 2018
While the General Data Protection Regulation (GDPR) has undoubtedly been the focus for many organisations throughout 2018, there have also been a number of other key laws introduced throughout the year. Many of these lay the groundwork for the EU’s Single Digital Market (DSM) strategy and show that the era of enhanced regulation for businesses operating in Europe will continue.
A New Era for Data Protection and Data Security
2018 was a milestone year for data protection and data security, marked by the arrival of several new laws. GDPR was by far the most-publicised, representing an overhaul of the EU’s 20+ year old data protection regime. The GDPR heralded a new era for data protection, introducing both new and enhanced rights, obligations, and sanctions. In Ireland, the GDPR was complemented by the Data Protection Act 2018 (Act). Not only did the Act implement and augment aspects of GDPR, it also implemented the EU Law Enforcement Directive (LED) into Irish law. The LED, in essence, is the GDPR-equivalent for organisations and authorities with a role in law enforcement matters. Finally, in September, Ireland’s implementation of the NIS Directive was signed into law. This introduced additional cybersecurity obligations for critical infrastructure and certain online services.
Trade Secrets Finally Find a Solid Footing in the IP Landscape
One of the most important Irish developments has been in the area of trade secrets with the introduction of the European Union (Protection of Trade Secrets) Regulations 2018 (Regulations), which came into effect in June 2018. The perceived gap in terms of the level of protection afforded to trade secrets has long been a source of concern for companies in certain sectors and the Regulations represent a significant step forward. Where a business can show that its information is not generally known or accessible, has commercial value, and the company has taken reasonable steps to keep it secret, then it is quite possible that the information will be covered within the scope of the Regulations. One significant benefit of the new regime is that, like copyright, it arises automatically and organisations do not have to go through any formal registration process to secure protection. We discussed the likely impact of the new regime and the steps that should be taken to secure protection for key trade secrets in more detail earlier this year.
New Geo-blocking Regime Marks the First Wave of the EU’s Revised Consumer Law Framework
Another key development was the introduction of Regulation 2018/302 (Geo-Blocking Regulation), which aims to prevent unjustified geo-blocking and other forms of discriminations based on location. Geo-blocking is the practice of a company seeking to block or limit access to its website or e-commerce services from customers in other countries or seeking to charge different prices. The Geo-Blocking Regulation is one of the most important aspects of the EU’s DSM plan and its goal to create borderless e-commerce trade throughout the European Union. As the Geo-Blocking Regulation has direct effect, it does not require any specific implementing national legislation and entered into force on 3 December 2018. Among the prohibited behaviours for businesses are blocking access to users based on geographical location within the EU and redirecting website visitors to a local domain unless they have the explicit consent of the user or where it is required by law. Usually, from a consumer law perspective, the Regulation covers not only consumers but also businesses, where those businesses are purchasing the goods or services for their own end use as opposed to for resale purposes. While there are a number of caveats as to how the Geo-Blocking Regulation should operate, businesses selling to customers on a pan-EU basis should ensure they understand the scope of their new obligations.
With the GDPR still in a nascent stage, we look forward to guidance from regulators, both by way of published guidance and from formal investigatory decisions. In 2019, we also expect further updates regarding the draft ePrivacy Regulation, which many industries are closely watching.
In addition, as we move further towards the European Union’s goal of a Digital Single Market, it’s likely that businesses operating in Europe will continue to wrestle with landscape-altering legislation similar to GDPR. In particular, the much discussed New Deal for consumers will introduce sweeping reforms of consumer protection laws and usher in GDPR-type fines for breaching these new rules.
For more information, contact a member of our Technology team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.