Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

“Worst breach of personal data in Singapore’s history” attracts highest penalties totalling S$1 million

By Charmian Aw on Posted in Privacy & Data Protection
On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”. The unprecedented cyber attack on SingHealth’s patient database system led to the … Continue Reading

Brexit countdown: UK government to amend domestic data protection legislation

By Cynthia O’Donoghue and John O'Brien on Posted in Privacy & Data Protection
The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 have been laid before the UK Parliament. The regulations are introduced under the European Union (Withdrawal) Act 2018. The Withdrawal Act grants powers to correct deficiencies in UK legislation that will arise as a result of Brexit. The regulations introduce a large … Continue Reading

First two Singapore data protection enforcement decisions issued in 2019

By Charmian Aw on Posted in Privacy & Data Protection
On January 3, 2019, Singapore’s Personal Data Protection Commission issued two grounds of decision against Bud Cosmetics and AIG Asia Pacific Insurance Pte Ltd & Toppan Forms (S) Pte Ltd. Bud Cosmetics The facts of this case were as follows: Bud Cosmetics is an organic and natural skincare retailer with retail outlets in Singapore and … Continue Reading

Digital transformation of health and care

By Cynthia O’Donoghue and Eleanor Brooks on Posted in Privacy & Data Protection
In April 2018 the European Commission (Commission) published its Communication on the digital transformation of health and care in the Digital Single Market (Communication). The Commission outlined the need for reforms to health care systems and the development of innovative digital solutions. On 6 December 2018, the European Economic and Social Committee (EESC) published its … Continue Reading

London as the capital of FinTech

By Howard Womersley Smith on Posted in Privacy & Data Protection, Regulatory
London has historically been considered the centre of European financial services. Now it is also viewed as the capital of financial technology (FinTech). However, with the likelihood of a no-deal Brexit becoming ever more real, and increasing attempts to lure FinTech firms to the continent, London’s title is under threat. London provides a haven where … Continue Reading

European Commission publishes second annual report on EU-U.S. Privacy Shield

By Cynthia O’Donoghue, Gerard Stegmaier, Bart Huffman and John O'Brien on Posted in Privacy & Data Protection
Following our previous blog on the upcoming second annual review of the EU-U.S. Privacy Shield, the European Commission published its report on 19 December 2018. In its report, the Commission concludes that the level of protection for personal data transferred under the Privacy Shield from the European Union to the United States continues to be … Continue Reading

Informal agreement reached on EU cybersecurity proposal

By Cynthia O’Donoghue and Karen Lee Lust on Posted in Privacy & Data Protection
On 10 December 2018, the European Parliament, the Council of the European Union, and the European Commission reached agreement on the cybersecurity proposal put forward by the Commission. The aim of the Commission’s proposal is to build strong cybersecurity standards in the EU, allowing the EU to become a global leader in cybersecurity. The proposal … Continue Reading

‘No deal’ Brexit: ICO and UK government issue data protection guidance

By Cynthia O’Donoghue and John O'Brien on Posted in Privacy & Data Protection
The Information Commissioner’s Office (ICO) and the UK Department for Culture, Media and Sport (DCMS) have each issued no-deal Brexit data protection guidance. EU/UK personal data transfers The UK government has committed to incorporating the General Data Protection Regulation (GDPR) into domestic UK law when the UK leaves the EU. This means there will not … Continue Reading

Four Singapore organisations found to be in breach of obligation to protect personal data

By Charmian Aw on Posted in Privacy & Data Protection
On 13 December 2018, the Singapore data protection commission issued four separate decisions against the following organisations, for breaches of the protection obligation under section 24 of the Personal Data Protection Act 2012 (PDPA): Funding Societies Pte Ltd WTS Automotive Services Pte Ltd Institute of Singapore Chartered Accountants SLF Green Maid Agency Funding Societies The … Continue Reading

Joint Committee on Human Rights launches inquiry into Article 8 and the digital revolution

By Cynthia O’Donoghue and Eleanor Brooks on Posted in Privacy & Data Protection
The Joint Committee on Human Rights has launched an inquiry into the right to privacy under Article 8 of the European Convention on Human Rights (ECHR) and the “Digital Revolution”. The inquiry will examine whether further safeguards to regulate the collection, use, tracking, retention and disclosure of personal data by private companies are required to … Continue Reading

European Data Protection Board – Fifth plenary session: EU-Japan draft adequacy decision, DPIA lists and guidelines on accreditation

By Cynthia O’Donoghue and Nona Keyhani on Posted in Privacy & Data Protection
The European Data Protection Board (EDPB) met for its fifth plenary session on 4 and 5 December 2018. The EDPB published a press release, highlighting the three main areas of discussion: EU-Japan draft adequacy decision. The EDPB adopted an opinion on the European Commission’s draft adequacy decision. In adopting its opinion, the EDPB focused on the … Continue Reading

Does GDPR require non-EU companies to nominate EU representatives? EDPB issues guidance

By Cynthia O’Donoghue and John O'Brien on Posted in Privacy & Data Protection
On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). Last week we published a blog on these guidelines, focusing on when the GDPR applies to non-European Union (EU) controllers and processors. This week, we focus on when non-EU … Continue Reading

Get caught in the crossfire! E-Discovery debates

By Anthony Diana, Therese Craparo and David R. Cohen on Posted in Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
Tuesday, December 4, is officially “E-Discovery Day” and Reed Smith is doing its part to participate. Join us as we host a free one–hour webinar: “Discovery crossfire: Debating the controversial issues in E-Discovery.” The program, scheduled for 12-1 p.m. ET, will feature debates on five controversial e-discovery issues: Obligations of employers to search employee personal … Continue Reading

Privacy and Electronic Regulations (Amendment) 2018

By Cynthia O’Donoghue and Karen Lee Lust on Posted in Privacy & Data Protection
The UK government has issued the Privacy and Electronic Communications Regulations (Amendment) 2018 (ePrivacy Regs), which comes into force on 17 December 2018. The ePrivacy Regs amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and modify the application of the Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 and the … Continue Reading

EDPB issues much-awaited guidance on GDPR’s territorial scope

By Cynthia O’Donoghue and John O'Brien on Posted in Privacy & Data Protection
On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). This is the first of two blogs on the guidelines. This blog considers the extra-territorial scope of the GDPR. Next week, we will consider the need for non-European Union … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

By Samuel F. Cullari and Jim Barbuto on Posted in Privacy & Data Protection, Regulatory
On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

Singapore data protection commission issues warning for “heat of the moment” disclosure of personal data

By Charmian Aw on Posted in Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
On November 28, 2018, Singapore’s Personal Data Protection Commission (commission) issued its grounds of decision against Big Bubble Centre (respondent), a sole-proprietorship in the scuba-diving business. The facts of the case were as follows: The complainant was an individual who had worked for the respondent and claimed that he was not paid wages for such … Continue Reading

European Data Protection Board update

By Cynthia O’Donoghue and John O'Brien on Posted in Privacy & Data Protection
The European Data Protection Board (EDPB) met for its fourth plenary session on 16 November 2018. The session covered many areas of discussion, outlined in the session’s agenda. The EDPB published a press release, highlighting the three main areas of discussion. EU-Japan draft adequacy decision. The EDPB discussed the draft adequacy decision, which it received … Continue Reading

Regulatory framework for free flow of non-personal data formally adopted by European Parliament and the Council of the European Union

By Cynthia O’Donoghue and Nona Keyhani on Posted in Privacy & Data Protection
In September 2017, we published a blog that outlined the Commission’s proposal for a framework on this subject (you can view our blog here). In June 2018, we further reported that the European Parliament, Council of the European Union and the European Commission had reached a political agreement on the rules for the free flow … Continue Reading

Update on Facebook fan pages: What should organisations do after the release of Facebook’s co-controller agreement?

By Dr. Andreas Splittgerber, Sven Schonhofen and Dr. Thomas Fischl on Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
After another statement by the German Data Protection Authorities (German DPAs) of 5 September 2018 (Statement, available in English here), stating that the operation of a fan page as offered by Facebook was illegal, Facebook reacted “overnight” and released a co-controller agreement, the “Page Insights Controller Addendum” (Insights Addendum, available here). In a press release … Continue Reading

Guiding principles for AI development

By Cynthia O’Donoghue and Curtis McCluskey on Posted in Privacy & Data Protection
A meeting of data protection authorities from around the world has highlighted the development of artificial intelligence and machine learning technologies (AI) as a global phenomenon with the potential to affect all of humanity. A coordinated international effort was called for to develop common governance principles on the development and use of AI in accordance … Continue Reading

Get your update on IT & Data Protection Law in our Newsletter (Fall 2018 edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Global Data Transfers, In the Courts, Intellectual Property, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
The Fall 2018 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on Facebook fan pages, the right to be forgotten, cease and desists by competitors under GDPR, spamming and customer satisfaction surveys, the German Network Enforcement Act, and more. The newsletter also includes … Continue Reading

EU and U.S. second annual review of Privacy Shield

By Cynthia O’Donoghue and Kelley Chittenden on Posted in Privacy & Data Protection
The European Union and the United States have now conducted the second annual review of Privacy Shield, a framework which regulates and facilitates the exchange of personal data across the Atlantic. The European Commission will publish its conclusions in a report at the end of this month. The EU-U.S. Privacy Shield mechanism EU organisations that … Continue Reading

European Parliament favours innovation-friendly blockchain regulation

By Cynthia O’Donoghue and Alexander Mackay on Posted in Privacy & Data Protection
The European Parliament has published a non-binding resolution on distributed ledger technologies and blockchains (blockchain technologies). What is distributed ledger technology? Best known as the technology behind bitcoin and other crypto-currencies, distributed ledger technology is, in its simplest form, a ledger of digital information maintained in decentralised form across a large network of computers. The … Continue Reading
LexBlog