1. European data protection law and institutions
A. Introduction
B. EU Institutions
C. EU Member States Authorities
D.Regulatory Instruments
E. Legislative Process
F. Non-EU International Institutions
G. Enforcement
H. Future Directions
2. Fundamental Legal Concepts
A. Introduction
B. Access and Related Rights
C. Anonymous and Pseudonymous Data
D. Consent
E. Data Controllers and Data Processors
F. Data Minimization
G. Data Processing: Definition and Grounds
H. Data Subject
I. Data Transfer
J. Establishment
K. Freedom of Expression
L. Freedom of Information
M. Free Flow of Data Within the EU
N. Legitimacy
O. Personal Data
P. Processing
Q. Purpose Limitation
R. Sensitive Data
S. Third Party
3. Applicable Law and Jurisdiction
A. Introduction
B. Distinguishing Choice of Law and Jurisdiction
C. The General Directive
D. The Directive on Privacy and Electronic Communications
E. The Directive on Data Retention
F. Case Studies
4. International data transfers
A. Introduction
B. Selecting a Data Transfer Mechanism
C. Basic Principles
D. Adequacy Decisions
E. Safe Harbor
F. Contractual Clauses
G. Exceptions
H. Binding Corporate Rules (BCRs)
5. Compliance Challenges and Strategies
A. Introduction
B. Developing a Data Protection Compliance Strategy
C. Legal Grounds for Processing Personal Data
D. Notification of Data Processing to the DPAs
E. Processing of Employee Data
F. Website Compliance
G. Security and Security Breaches
H. Corporate Acquisitions and Due Diligence
I. Outsourcing
J. Marketing
K. Records Management
Appendices
1. Useful Internet Links
2. European data protection authorities
3. Implementation and text of the EU Data Protection Directive ('General Directive') 95/46/EC
4. Implementation and text of the Directive on Privacy and Electronic Communications 2002/58/EC
5. Text of the EU Data Retention Directive 2006/24/EC
6. United State Safe Harbor principles and FAQs
7. Standard contractual clauses for the transfer of personal data to third countries (controller-to-controller transfers)
8. Standard contractual clauses for the transfer of personal data to third countries (controller-to-processor transfers)
9. Forms and Precedents
10. Mail, Fax, Telephone and E-Mail Marketing Requirements in EU Member States
11. Summary of Notification Requirements for Commercial and Human Resources Data in EU Member States
12. Standard Contractual Clauses Filing Requirements
13. Selected Enforcement Measures in Member States and Article 29 Working Party from September 2002 through May 2006
14. Documents Adopted by Article 29 Working Party through June 2006
15. Binding Corporate Rules materials
Contents: