The UK’s Information Commissioner’s Office (“ICO”) published earlier this month its Accountability Framework, available here. The Accountability Framework is designed to assist companies demonstrate compliance with their accountability obligation under the General Data Protection Regulation (“GDPR”) and assess whether their current measures meet the ICO’s expectations. The Accountability Framework consists of ten categories where the … Continue Reading
In August 2018, Brazil passed its General Data Protection Law (LGPD), which could become effective as soon as September 16, 2020. Now is the time for organizations that collect personal data of individuals in Brazil or process personal data in Brazil to assess their processing activities and consider how to comply with the new law, … Continue Reading
On May 27, 2020, the German Federal Constitutional Court invalidated section 113 of the German Telecommunications Act (TKG) and several accompanying federal law provisions for non-compliance with the German Constitution (case nos. 1 BvR 1873/13 and 1 BvR 2618/13). On July 17, 2020, the Federal Constitutional Court published the fully reasoned judgment as well as a press release outlining the … Continue Reading
The Court of Justice of the European Union (CJEU) handed down its judgment on a case brought by privacy rights activist, Max Schrems (C-311/18, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems) (Schrems II) yesterday, July 16, 2020. The case concerned the transfer of personal data to recipients in the United States via the EU … Continue Reading
The Summer 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Access rights vs. data backup Cookie update: Planet49 and cookie walls Double opt-in required under GDPR Update on influencer advertisement German Supreme Court: … Continue Reading
Although the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, the California Attorney General (AG) was not authorized to begin enforcement until July 1, 2020. With the pandemic and the delay in finalizing the regulations, it was unclear how or when AG enforcement would begin. Any such confusion can be dispelled, … Continue Reading
It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA). On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA. The proposed changes are significant. Key … Continue Reading
Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong. In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 … Continue Reading
It is natural for businesses to be concerned about the security of their premises and to explore new technologies that can help mitigate health and safety risks related to that security. As retailers get back to business in the United States, the laws implicating biometrics and the increase in use cases for biometric technologies have … Continue Reading
On 12 June 2020, the UK’s Information Commissioner’s Office (ICO) issued new guidance for organisations on the coronavirus (COVID-19) recovery phase (Guidance). The Guidance (available here) forms part of the ICO’s wider data protection and coronavirus information hub (available here) which aims to help organisations navigate data protection during this unprecedented time. The new Guidance … Continue Reading
The Information Commissioner’s Office (ICO) has updated its guidance on access requests and whether such requests are manifestly unfounded or excessive, providing further clarification to the definitions in the guidance and on how data controllers should respond to such requests. We summarise the key points below. Background A data subject has rights under the Data … Continue Reading
On 26 May 2020, the German Data Protection Authorities (German DPAs) issued guidelines on measures to protect personal data transferred via email (Guidelines; available in Germen here). The Guidelines outline requirements for procedures to send and receive emails that must be met by data controllers, data processors and public email service providers (Email Service Providers) … Continue Reading
Artificial intelligence, or AI, has the ability to process large sets of data. The term “AI” describes algorithms that can be taught to identify patterns or predict outcomes. If the algorithm is primed with a teaching set of data, then it can evaluate new sets of data based on the desired outcome. AI has been … Continue Reading
After many months and several rounds of revisions, the Office of the California Attorney General has finally submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The complete package, which includes the Final Text of Proposed Regulations and the Final Statement of Reasons, … Continue Reading
A Dutch court has held that a grandmother was in breach of the General Data Protection Regulation (GDPR) for posting pictures of her grandchildren on social media platforms without their parents’ consent and refusing to delete them after multiple requests. The GDPR does not apply to the processing of personal data by an individual “in … Continue Reading
It has been 64 days since the UK officially went into lockdown due to the COVID-19 crisis, with many ‘non-essential’ workers vacating their workplace. In preparation for sending the UK back to work, the Information Commissioner’s Office (ICO) has issued FAQ-style guidance to assist employers wishing to track and test employees’ symptoms (available here). Health … Continue Reading
Company investigations (whether self-initiated or required by regulators) generally require the collection, review, and analysis of data to identify documents and other materials that are relevant to the investigation. An investigation may result in the need to access sensitive personal data or, frequently, involve the review of other materials that happen to include personal data … Continue Reading
On 13th May, the European Commission’s eHealth Network published its interoperability guidelines for approved contact tracing mobile applications in the EU, guiding developers when designing and implementing applications and backend solutions to ensure efficient tracing of cross-border infection chains. These guidelines serve as a follow-up action to their previously published ‘Common EU Toolbox for Member … Continue Reading
On 18 March, the Task Force for Relations with the United Kingdom (UKTF) of the European Commission published its Draft Text of the Agreement on the New Partnership with the United Kingdom (Draft Agreement). It translates the negotiating directives, approved by Member States, into a legal text, in line with the Political Declaration agreed between … Continue Reading
The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation. Key amendments proposed in the Bill include: Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher. Mandatory data … Continue Reading
The chair of the Council of Europe’s data protection ‘Convention 108’ committee, Alessandra Pierucci, and the Council of Europe Data Protection Commissioner, Jean-Philippe Walter, have recently released a joint statement on digital contact tracing in the fight against coronavirus. Digital contact tracing is being used in many countries to help control the spread of coronavirus … Continue Reading
The novel coronavirus pandemic has created an immediate and immense need for scientific research. Amid this urgency, the European Data Protection Board (EDPB), during its twenty-third plenary session held on April 21, adopted guidelines to shed light on legal questions concerning the use of health data (pursuant to article 4(15) of the General Data Protection … Continue Reading
The use of facial recognition and other biometric technologies by businesses, retailers, and landlords continues to grow and has found a new application in response to the COVID-19 pandemic. Proper implementation and management of these technologies can help increase security and limit physical contact. Real estate management firms and various businesses may be able to … Continue Reading
The Commercial Court held in AA v. Person Unknown [2019] EWHC 2556 (Comm) that a cryptocurrency such as bitcoin is a form of property capable of forming the subject of a proprietary injunction, in January. This is the first time the courts have applied the analysis set out in the UK Jurisdiction Taskforce’s legal statement … Continue Reading
