Global review of Laws and regulations
Electronic Identification, Communication & Data Protection Regulations
GDPR – General Data Protection Regulation
On May 25th, 2018, the EU’s new regulation on the protection of privacy – GDPR came into force. The GDPR deals with protecting data subjects, and with their rights.
According to the GDPR, personal information belongs only to the data subject. The regulation defines personal information as “information pertaining to a private person that enables identification of that person, directly or indirectly, such as: names, identity numbers, addresses, as well as other social and economic identifiers.”
The GDPR effectively applies to any organization that works in the EU, processes information in the EU, or processes information of the EU citizens.
California Consumer Privacy Act of 2018 (CCPA)
Companies will be required to build out specific procedures to enable individuals to exercise the rights enumerated under the CCPA, including a webpage entitled “Do Not Sell My Personal Information” that allows the consumer or his or her authorized representation, to opt out of the sale of the consumer’s personal information.
Organizations subject to the law must be ready to comply by January 1, 2020.
E-signature laws and regulations
Regulation on electronic identification and trust services for ekectronic transaction in the internal market (eIDAS)
Currently under evaluation by the European Parliament, the Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS) is the new framework for electronic identification and electronic trust services that will: ensure mutual recognition and acceptance of electronic identification across borders; give legal effect and mutual recognition to trust services including enhancing current rules on e-signatures and providing a legal framework for electronic seals, time stamping, electronic document acceptability, electronic delivery and website authentication.
The United Nations Convention on the Use of Electronic Communications in International Contracts enters into force on 1 March 2013 – UN
The United Nations Convention on the Use of Electronic Communications in International Contracts entered into force on 1 March 2013. The Convention aims at enhancing legal certainty and commercial predictability where electronic communications are used in relation to international contracts. Hence, its adoption by States would provide a significant contribution to trade facilitation through the creation of an enabling environment for paperless trade.
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures – UK
This Directive establishes the legal framework at European level for electronic signatures and certification services. The aim is to make electronic signatures easier to use and help them become legally recognized within the Member States.
Electronic Communications Act 2000 – UK
The Electronic Communications Act 2000 (c.7) is an Act of the Parliament of the United Kingdom that:
– Regulates the provision of cryptographic services in the UK (ss.1-6); and
– Confirms the legal status of electronic signatures (ss.7-10).
The United Kingdom government had come to the conclusion that encryption, encryption services and electronic signatures would be important to e-Commerce in the UK.
By 1999, however, only the security services still hankered after key escrow. So a “sunset clause” was put in the bill. The May 2000 Electronic Communications Act gave the Home Office the power to create a registration regime for encryption services. This was given a five-year period before it would automatically lapse.
The five years expired in May 2006 and the legislation granting such a power disappeared from the statute book.