|OVERVIEW||Luxembourgian law regulates the data processing activities of organizations and individuals who collect and use personal data.|
|GENERAL PRIVACY LAWS||The Law of 2 August 2002 on the Protection of Persons with regard to the Processing of Personal Data implemented Directive 95/46/EC. The 2002 Act created a new data protection authority, the Commission nationale pour la protection des données, also known as the CNPD. The CNPD became operative on December 12 2002. It controls the processing of personal data in Luxembourg, and ensures compliance with the data protection regulations.|
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
Law of 2 August 2002 on the Protection of Persons with regard to the processing of Personal Data
Law of 2005 on Privacy in Electronic Communications
All databases including personal data must be registered. There is also a requirement to license systems used to process personal data prior to the processing taking place.
|TYPE OF DATA PROTECTED||Personal Data.|
|WORKPLACE PRIVACY LAWS||
An authorization from the CNPD is required before using technical means for monitoring.
The Law of May 6, 1974 establishing joint works committees in private sector provides employees with co-determination rights on the introduction and application of technical equipment designed to monitor employees’ behavior and performance at their work stations.
|TRANSBORDER TRANSFERS||Data processing must be registered with the data protection authority, the Commission Nationale pour la Protection des Donnes.|
|FINES AND SANCTIONS||Civil and criminal sanctions.|
|OTHER PRIVACY LAWS AND REGULATIONS||
Numerous laws on financial secrecy.
In December 2001, the Commission of Surveillance of the Financial Sector (Commission de Surveillance du Secteur Financier) released practical and technical guidelines to financial services companies that intend to promote the protection of customers' privacy and the confidentiality of their financial information when launching new online financial services.