Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

Get your Update on IT & Data Protection Law in our Newsletter (Spring 2021 Edition)

The Spring 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: New cookie rules in Germany will apply as of December 1, 2021 German data protection authorities conduct coordinated audits on international data transfers … Continue Reading

The ICO publishes first chapter of its new draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies

The UK’s data protection authority, the Information Commissioner’s Office (ICO), is calling for views on the first chapter of its anonymisation, pseudonymisation and privacy enhancing technologies guidance, available in draft here. The guidance will help organisations to identify the issues they need to consider in order to use anonymisation techniques effectively. The guidance will sit … Continue Reading

Singapore High Court clarifies ‘loss or damage’ in private actions against the Personal Data Protection Act (PDPA)

In Bellingham, Alex v. Reed, Michael [2021] SGHC 125 (Alex v. Reed) The Signapore High Court considered the loss or damage needed for a private action to be brought against an organisation for a breach of the PDPA. In particular, the court found that a mere loss of control over personal data, or emotional distress over such loss of control, was insufficient. Our recent client alert details the case and the … Continue Reading

Storing credit card details for future purchases – EDPB recommends online retailers do so only with consent

On 19 May 2021, the European Data Protection Board (EDPB) adopted Recommendations on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions, available here. Scope of the recommendations The recommendations specifically address online providers of goods and services who store credit card data to facilitate … Continue Reading

City A.M. interviews Howard Womersley Smith on London’s start up Fintech scene

City A.M. has interviewed Howard Womersley Smith, an expert Fintech and Data lawyer and partner in Reed Smith’s Technology & Data London team, on London’s current startup FinTech scene. Sitting down with Womersley Smith, City AM reflected on a range of London Fintechs urging the Financial Conduct Authority (FCA) to break banks’ dominance over the … Continue Reading

Three years on from the implementation of the EU GDPR – Reed Smith tools and solutions to help with compliance

The EU General Data Protection Regulation (GDPR) came into effect on 25 May 2018. It became one of the leading pieces of legislation in the world to offer the highest levels of protection to the personal data of individuals. Many countries followed suit to raise the bar in how organisations handle personal data. The trend … Continue Reading

DPC’s authority to inquire into the EU-U.S. data transfers confirmed by the Irish High Court

On 14th May 2021, the Irish High Court (High Court) dismissed a legal challenge brought against the Irish Data Protection Commission (DPC) concerning its inquiry and a preliminary draft decision to suspend the EU-U.S. data transfers of personal data of an applicant organisation. Background These proceedings follow on from Schrems II decision of the Court … Continue Reading

Get the latest updates on our Tech Law Talks podcast

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading

Executive Order for cybersecurity creates new requirements for government contractors

In response to a number of recent high-profile cyber attacks aimed at federal agencies, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity (EO) on May 12, 2021. The EO which created a new Cyber Safety Review Board to review major cyber incidents and requires information and communications technology (ICT) service providers entering into contracts … Continue Reading

Processing personal data in the context of connected vehicles

Earlier this year, following its public consultation, the European Data Protection Board (EDPB) approved its guidelines on the processing of personal data in the context of connected vehicles and mobility related applications (here). Why are these guidelines needed? In the guidelines, the EDPB notes that “vehicles are becoming massive data hubs” and “connected vehicles are … Continue Reading

NICE AI: A health data opportunity

The UK National Institute for Health and Care Excellence (NICE), along with the Care Quality Commission (CQC), Health Research Authority (HRA) and Medicines and Healthcare products Regulatory Agency (MHRA) have partnered to promote the use of artificial intelligence (AI) in health and care. The agencies are calling this initiative the “Multi-Agency Advisory Service for AI … Continue Reading

A summary of the obligations, scope and effect of the proposed European regulation on artificial intelligence

On April 21, 2021, a draft proposed European regulation on artificial intelligence (AI) (Regulation) was released following the European Commission’s white paper “On Artificial Intelligence – A European approach to excellence and trust”, published in February 2020. The regulation shows that the European Union is seeking to establish a legal framework for AI by laying … Continue Reading

ICO announces it is working on bespoke UK set of Standard Contractual Clauses

What is new? During the ICO’s Data Protection Practitioners’ Conference 2021 today, the ICO revealed that it is working on new Standard Contractual Clauses (SCCs) to facilitate transfers of personal data outside the UK. The ICO’s consultation on the new UK SCCs will take place this summer. This is a separate process to the new … Continue Reading

EDPB clarifies the application of the GDPR for scientific research

The European Data Protection Board (EDPB) released a document earlier this year in response to a request by the European Commission for clarifications on the application of the GDPR in the area of scientific health research, which you can read here. However, it’s important to note that the EDPB are currently preparing guidelines on the processing … Continue Reading

FTC loses powerful enforcement tool in consumer protection and antitrust matters due to Supreme Court decision

In a ruling on April 22, 2021, the United States Supreme Court unanimously held that § 13(b) of the Federal Trade Commission Act (the Act) does not authorize the Federal Trade Commission (FTC) to seek, or a court to award, equitable monetary relief such as restitution or disgorgement. The FTC previously used § 13(b) as a … Continue Reading

Connecticut AG William Tong shared compliance insight on data privacy-related matters

In a recent Q&A conducted by Divonne Smoyer and Karen Lee Lust with Connecticut Attorney General (AG) William Tong published in the IAPP Privacy Advisor, the AG discusses how he has continued Connecticut’s role as a privacy leader among the states, partnering with the U.S. Federal Trade Commission on data privacy-related matters and other compliance … Continue Reading

European Data Protection Board opines on UK draft adequacy decision

On the 14th of April 2021, the European Data Protection Board (EDPB) adopted two opinions on the European Commission’s draft adequacy decision for the transfers of personal data from the EU to the UK. The EDPB assessed the alignment of the UK Data Protection Act to the GDPR and to the Law Enforcement Directive, and … Continue Reading

Proposed rule would impose new notification requirements on banks and their service providers when a cybersecurity incident occurs

A new proposed federal rule, “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers,” could impose accelerated notification requirements on banking organizations and their service providers when notification incidents (as defined in the proposed rule) occur. The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal … Continue Reading

Final rules on the new operational resilience framework published by the FCA and PRA

On March 29, 2021, the Financial Conduct Authority (FCA) published final rules that will create a new operational resilience framework for banks, building societies, solvency II firms, recognized investment exchanges, enhanced scope senior managers and certification regime firms, and those authorized or registered under the Payment Services Regulations 2017 or Electronic Money Regulations 2011. The … Continue Reading

European Commission announces completion of South Korea adequacy talks

On 30 March 2021, the European Commission announced, in a joint statement with South Korea’s data protection authority, the Personal Information Protection Commission (PIPC), the “successful conclusion” of the adequacy talks between the EU and South Korea. Such adequacy decision will enable the free flow of personal data from the EU to South Korea, covering … Continue Reading

The ICO unveils its plans for updating anonymisation guidance

The ICO Data Sharing Code of Practice which was published earlier this year aimed to provide organisations with practical guidance for data sharing in compliance with data protection law, which we previously wrote about here. The ICO are aware that data sharing encompasses many other dimensions and thus that the guidance would be updated on … Continue Reading

Swiss authority’s summary of its GDPR-like revised federal law

In its 2020 session, the Swiss Parliament passed the revised Federal Data Protection Act (FADP), which should come into force in the second half of 2022. The Swiss supervisory authority, the Federal Data Protection and Information Commissioner (FDPIC), has published a document outlining the important amendments, which is available here. The revised FADP (revFADP) covers … Continue Reading

Aftermath of Schrems II decision in France: The French Council of State provides significant clarification on the U.S. based data host to provide services in the French health care sector

On March 12, 2021, the French Council of State (Conseil d’Etat), the highest French administrative court, handed down a ruling (ordonnance des référés) allowing Doctolib, a company in charge of booking COVID-19 vaccination appointments, to rely on a U.S.-based health data host. In the present case, the servers of Doctolib – whose platform had been … Continue Reading
LexBlog