Before I undertake my legal studies, I have been thinking about changing my focus from corporate (M&A) to privacy issues. While I am hoping to seek work in the area of M&A after my training, I am intrigued about the area of privacy. Why the sudden change?
This past week I was asked by the business development team to look into the issues about importing data subject info to Japan from the EU. I read the relevant EU Directive and then, proceeded to see what protections such data subjects would enjoy should their data be imported into Japan. I understand the need of permitting data to travel freely around the EU and perhaps to third countries but, data subjects must, and I repeat - MUST, have immediate control over their data no matter where it resides.
The EU Member States and their relevant Ministers must protect the rights of data subjects. Simply put, if a EU-resident data subject wants his/her data removed from all US-servers (within the US or outside the US), that order must be executed immediatley. Refusal to heed the order from a EU Member State Minister shall be met with immediate government sanctions and if necessary, fines against the importer in EU courts.
While I cannot provide legal advice to my colleagues, I laid out the issues and informed them of the need to involve outside counsel immediately/eventually.
Recent Comments