The Spring 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: New cookie rules in Germany will apply as of December 1, 2021 German data protection authorities conduct coordinated audits on international data transfers … Continue Reading
The UK’s data protection authority, the Information Commissioner’s Office (ICO), is calling for views on the first chapter of its anonymisation, pseudonymisation and privacy enhancing technologies guidance, available in draft here. The guidance will help organisations to identify the issues they need to consider in order to use anonymisation techniques effectively. The guidance will sit … Continue Reading
In Bellingham, Alex v. Reed, Michael [2021] SGHC 125 (Alex v. Reed) The Signapore High Court considered the loss or damage needed for a private action to be brought against an organisation for a breach of the PDPA. In particular, the court found that a mere loss of control over personal data, or emotional distress over such loss of control, was insufficient. Our recent client alert details the case and the … Continue Reading
On 19 May 2021, the European Data Protection Board (EDPB) adopted Recommendations on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions, available here. Scope of the recommendations The recommendations specifically address online providers of goods and services who store credit card data to facilitate … Continue Reading
City A.M. has interviewed Howard Womersley Smith, an expert Fintech and Data lawyer and partner in Reed Smith’s Technology & Data London team, on London’s current startup FinTech scene. Sitting down with Womersley Smith, City AM reflected on a range of London Fintechs urging the Financial Conduct Authority (FCA) to break banks’ dominance over the … Continue Reading
The EU General Data Protection Regulation (GDPR) came into effect on 25 May 2018. It became one of the leading pieces of legislation in the world to offer the highest levels of protection to the personal data of individuals. Many countries followed suit to raise the bar in how organisations handle personal data. The trend … Continue Reading
In its Schrems II decision (which we reported on here) the Court of Justice of the European Union (CJEU) found that the Privacy Shield framework, which had been used to facilitate data transfers from the EU to the US, did not adequately protect the personal data of EU users. The use of standard contractual clauses … Continue Reading
On 14th May 2021, the Irish High Court (High Court) dismissed a legal challenge brought against the Irish Data Protection Commission (DPC) concerning its inquiry and a preliminary draft decision to suspend the EU-U.S. data transfers of personal data of an applicant organisation. Background These proceedings follow on from Schrems II decision of the Court … Continue Reading
Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day. On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data risk … Continue Reading
In response to a number of recent high-profile cyber attacks aimed at federal agencies, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity (EO) on May 12, 2021. The EO which created a new Cyber Safety Review Board to review major cyber incidents and requires information and communications technology (ICT) service providers entering into contracts … Continue Reading
Earlier this year, following its public consultation, the European Data Protection Board (EDPB) approved its guidelines on the processing of personal data in the context of connected vehicles and mobility related applications (here). Why are these guidelines needed? In the guidelines, the EDPB notes that “vehicles are becoming massive data hubs” and “connected vehicles are … Continue Reading
The UK National Institute for Health and Care Excellence (NICE), along with the Care Quality Commission (CQC), Health Research Authority (HRA) and Medicines and Healthcare products Regulatory Agency (MHRA) have partnered to promote the use of artificial intelligence (AI) in health and care. The agencies are calling this initiative the “Multi-Agency Advisory Service for AI … Continue Reading
On April 21, 2021, a draft proposed European regulation on artificial intelligence (AI) (Regulation) was released following the European Commission’s white paper “On Artificial Intelligence – A European approach to excellence and trust”, published in February 2020. The regulation shows that the European Union is seeking to establish a legal framework for AI by laying … Continue Reading
What is new? During the ICO’s Data Protection Practitioners’ Conference 2021 today, the ICO revealed that it is working on new Standard Contractual Clauses (SCCs) to facilitate transfers of personal data outside the UK. The ICO’s consultation on the new UK SCCs will take place this summer. This is a separate process to the new … Continue Reading
The European Data Protection Board (EDPB) released a document earlier this year in response to a request by the European Commission for clarifications on the application of the GDPR in the area of scientific health research, which you can read here. However, it’s important to note that the EDPB are currently preparing guidelines on the processing … Continue Reading
In a ruling on April 22, 2021, the United States Supreme Court unanimously held that § 13(b) of the Federal Trade Commission Act (the Act) does not authorize the Federal Trade Commission (FTC) to seek, or a court to award, equitable monetary relief such as restitution or disgorgement. The FTC previously used § 13(b) as a … Continue Reading
In a recent Q&A conducted by Divonne Smoyer and Karen Lee Lust with Connecticut Attorney General (AG) William Tong published in the IAPP Privacy Advisor, the AG discusses how he has continued Connecticut’s role as a privacy leader among the states, partnering with the U.S. Federal Trade Commission on data privacy-related matters and other compliance … Continue Reading
On the 14th of April 2021, the European Data Protection Board (EDPB) adopted two opinions on the European Commission’s draft adequacy decision for the transfers of personal data from the EU to the UK. The EDPB assessed the alignment of the UK Data Protection Act to the GDPR and to the Law Enforcement Directive, and … Continue Reading
A new proposed federal rule, “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers,” could impose accelerated notification requirements on banking organizations and their service providers when notification incidents (as defined in the proposed rule) occur. The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal … Continue Reading
On March 29, 2021, the Financial Conduct Authority (FCA) published final rules that will create a new operational resilience framework for banks, building societies, solvency II firms, recognized investment exchanges, enhanced scope senior managers and certification regime firms, and those authorized or registered under the Payment Services Regulations 2017 or Electronic Money Regulations 2011. The … Continue Reading
On 30 March 2021, the European Commission announced, in a joint statement with South Korea’s data protection authority, the Personal Information Protection Commission (PIPC), the “successful conclusion” of the adequacy talks between the EU and South Korea. Such adequacy decision will enable the free flow of personal data from the EU to South Korea, covering … Continue Reading
The ICO Data Sharing Code of Practice which was published earlier this year aimed to provide organisations with practical guidance for data sharing in compliance with data protection law, which we previously wrote about here. The ICO are aware that data sharing encompasses many other dimensions and thus that the guidance would be updated on … Continue Reading
In its 2020 session, the Swiss Parliament passed the revised Federal Data Protection Act (FADP), which should come into force in the second half of 2022. The Swiss supervisory authority, the Federal Data Protection and Information Commissioner (FDPIC), has published a document outlining the important amendments, which is available here. The revised FADP (revFADP) covers … Continue Reading
On March 12, 2021, the French Council of State (Conseil d’Etat), the highest French administrative court, handed down a ruling (ordonnance des référés) allowing Doctolib, a company in charge of booking COVID-19 vaccination appointments, to rely on a U.S.-based health data host. In the present case, the servers of Doctolib – whose platform had been … Continue Reading
