The House of Lords Library, which provides research and information services to Members of the House of Lords, has published a briefing on the Data Protection Bill (“Bill”) which sets out an overview of and reactions to the Bill (“Briefing”). The Briefing was prepared in advance of the Bill’s second reading in the House of … Continue Reading
We are only eight months away from the new EU data protection regime entering into force. In addition to the General Data Protection Regulation (“GDPR”), which includes the general data protection provisions, the ePrivacy Regulation shall provide specific rules for electronic communications. However, the legislative process of the ePrivacy Regulation is still in its early … Continue Reading
The European Commission has issued a proposal for a new Regulation on the free flow of non-personal data (“the Proposal”). Background The Commission adopted a Communication in January 2017 on “Building a European Data Economy”, in which its work on free flow of data was announced in the context of actions to enhance the data … Continue Reading
On October 11, 2017, the House passed a bill that would provide guidance to small businesses on how to deal with cybersecurity issues. This legislation passed on the heels of a similar Senate bill that was approved just weeks before on September 28. The NIST Small Business Cybersecurity Act (H.R. 2105) would require the Department … Continue Reading
Over the last several years, the Federal Trade Commission (FTC) has regularly used its authority under Section 5 of the FTC Act to bring cases against companies due to their allegedly unreasonable data security measures. The FTC has paid particular attention to the safeguards that manufacturers have implemented in electronic devices sold to consumers. Recently, … Continue Reading
The 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong published a Resolution on Data Protection in Automated and Connected Vehicles, which sets out fundamental data protection requirements for the mobility of the future (“Resolution”). The Resolution proposes common international standards. The Resolution addresses not only vehicle and equipment manufacturers, but also … Continue Reading
Background On 3 October 2017, the Irish High Court held that it is up to the European Court of Justice (“ECJ”) to determine whether Standard Contractual Clauses (“SCCs”) are a valid method of transferring personal data outside of the EU in compliance with privacy law. SCCs are widely used by businesses that transfer data from … Continue Reading
The Spanish Data Protection Authority (AEPD) has imposed a fine of €1.2 million against Facebook following its investigation into whether Facebook’s data processing activities were in accordance with the Spanish Data Protection Act (Law 15/1999) (the Act). In its decision, the AEPD concluded that Facebook had committed serious breaches of the Act, as discussed further … Continue Reading
The UK’s Information Commissioner (ICO) has published draft GDPR guidance on contracts and liabilities between controllers and processors. The draft guidance is currently open for consultation,with responses due by 10 October 2017. The purpose of the guidance is to help organisations understand what needs to be included in written contracts between controllers and processors under … Continue Reading
On 8 September 2017, the European Council published its first revisions (“Revised Draft”) to the draft EU ePrivacy Regulation (version COM(2017) 10 of 10 January 2017, “ePrivacy Regulation”). The Revised Draft is based on the discussions held in previous meetings of the European Union’s Working Party for Telecommunications and Information Society (“WP TELE”), and on comments … Continue Reading
With breaches of nearly 150 million Americans’ personal information flooding the news the last few weeks, followed by the filing of more than 50 class action lawsuits to date, and the announcement of an FTC investigation, cybersecurity is squarely on the minds of and on the table in boardrooms across the country. On September 14, … Continue Reading
The latest in the series of blogs from the UK Information Commissioner’s Office (ICO) looks at some of the myths around data breach reporting under the General Data Protection Regulation (GDPR). Given the misleading press stories on this topic, the ICO’s blog should provide some welcome clarification for concerned businesses as they prepare to comply … Continue Reading
In early 2016, a European Court of Human Rights (ECHR) case (Barbulescu v. Romania) attracted much publicity because it appeared to give employers the green light to read employees’ private emails (read our original commentary here). The decision in the original case has now been overturned by the Grand Chamber of the ECHR. Background The … Continue Reading
The General Data Protection Regulation (“GDPR”) will become applicable 25 May 2018. Even though the GDPR entered into force 24 May 2016, its provisions will be binding and enforceable only from 25 May 2018. In advance of the applicability of the GDPR, the German Administrative Court Karlsruhe (“AC Karlsruhe”) already had to decide on it … Continue Reading
The UK Government has published a position paper (“the Paper”), which will form part of a series of papers setting out key issues forming the Government’s vision for their partnership with the EU post-Brexit. The Paper explains how it intends to resolve the much-debated issue of UK-EU data transfers post-Brexit. This issue is a real … Continue Reading
In her blog last week, the UK Information Commissioner, Elizabeth Denham, tackled the issue of consent under the GDPR. This blog, the second in a series to be published by the ICO, is intended to address some of the myths that have developed around the GDPR. The first blog looked at the ICO’s new fining … Continue Reading
During the week of 18 September 2017, the European Commission and the Article 29 Working Party (“WP29”) will undertake the first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). The meetings will take place in the United States. As for the U.S. side, the U.S. Department of Commerce will conduct the review, and it … Continue Reading
On August 17, 2017, Delaware Governor John Carney signed into law House Substitute 1 for House Bill 180, making the first significant amendment to Delaware’s data breach notification law since 2005. The bill, scheduled to go into effect April 14, 2018, requires private organizations to maintain reasonable security policies and procedures; expands the definition of … Continue Reading
The Ninth Circuit added another chapter to the storied tale of Article III standing jurisprudence on August 15 when, on remand from the Supreme Court, the appellate court unanimously revived a plaintiff’s Fair Credit Reporting Act (“FCRA”) suit in Robins v. Spokeo, Inc., __ F.3d __, 2017 WL 3480695 (9th Cir. Aug. 15, 2017). The … Continue Reading
The government has released a Statement of Intent (“the Statement”) for a new Data Protection Bill (“the Bill”). The Bill was originally announced in the Queen’s Speech earlier this year (see our previous blog on this). This Statement provides further detail on the government’s proposed reforms to data protection laws in the UK. The Bill … Continue Reading
The security and reliability of the UK’s IT infrastructure remains a key priority for the government. In August 2017, the Department for Digital, Culture, Media and Sport launched a public consultation on its plans to transpose the Network and Information Systems Directive (‘NIS Directive’) into UK legislation. (As we reported earlier this year, the UK has … Continue Reading
Machine-generated data is a hot commodity, but who owns this information? As more and more valuable data are generated, should there be legislation to establish ownership and, potentially, access rights? The European Commission conducted a public consultation, “Building a European Data Economy,” to find out. The consultation addressed key factors, such as the question to … Continue Reading
In the past few years, we have seen an uptick in agencies beginning to focus on the cybersecurity readiness and response of organizations subject to their jurisdiction. The U.S. Securities and Exchange Commission (SEC), for example, has identified cybersecurity as a top priority for many years. This past June, the SEC named Stephanie Avakian and … Continue Reading
Three bipartisan Senate bills are up for consideration in Congress that would attempt to modernize the legal standards under which the U.S. government can access communications electronically stored by email service providers and cloud computing companies. The proposed bills, introduced July 27, 2017, each provide a different scheme in updating the Electronic Communications Privacy Act … Continue Reading
