Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

EDPB issues much-awaited guidance on GDPR’s territorial scope

On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). This is the first of two blogs on the guidelines. This blog considers the extra-territorial scope of the GDPR. Next week, we will consider the need for non-European Union … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

Singapore data protection commission issues warning for “heat of the moment” disclosure of personal data

On November 28, 2018, Singapore’s Personal Data Protection Commission (commission) issued its grounds of decision against Big Bubble Centre (respondent), a sole-proprietorship in the scuba-diving business. The facts of the case were as follows: The complainant was an individual who had worked for the respondent and claimed that he was not paid wages for such … Continue Reading

European Data Protection Board update

The European Data Protection Board (EDPB) met for its fourth plenary session on 16 November 2018. The session covered many areas of discussion, outlined in the session’s agenda. The EDPB published a press release, highlighting the three main areas of discussion. EU-Japan draft adequacy decision. The EDPB discussed the draft adequacy decision, which it received … Continue Reading

Regulatory framework for free flow of non-personal data formally adopted by European Parliament and the Council of the European Union

In September 2017, we published a blog that outlined the Commission’s proposal for a framework on this subject (you can view our blog here). In June 2018, we further reported that the European Parliament, Council of the European Union and the European Commission had reached a political agreement on the rules for the free flow … Continue Reading

Update on Facebook fan pages: What should organisations do after the release of Facebook’s co-controller agreement?

After another statement by the German Data Protection Authorities (German DPAs) of 5 September 2018 (Statement, available in English here), stating that the operation of a fan page as offered by Facebook was illegal, Facebook reacted “overnight” and released a co-controller agreement, the “Page Insights Controller Addendum” (Insights Addendum, available here). In a press release … Continue Reading

Guiding principles for AI development

A meeting of data protection authorities from around the world has highlighted the development of artificial intelligence and machine learning technologies (AI) as a global phenomenon with the potential to affect all of humanity. A coordinated international effort was called for to develop common governance principles on the development and use of AI in accordance … Continue Reading

Get your update on IT & Data Protection Law in our Newsletter (Fall 2018 edition)

The Fall 2018 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on Facebook fan pages, the right to be forgotten, cease and desists by competitors under GDPR, spamming and customer satisfaction surveys, the German Network Enforcement Act, and more. The newsletter also includes … Continue Reading

EU and U.S. second annual review of Privacy Shield

The European Union and the United States have now conducted the second annual review of Privacy Shield, a framework which regulates and facilitates the exchange of personal data across the Atlantic. The European Commission will publish its conclusions in a report at the end of this month. The EU-U.S. Privacy Shield mechanism EU organisations that … Continue Reading

European Parliament favours innovation-friendly blockchain regulation

The European Parliament has published a non-binding resolution on distributed ledger technologies and blockchains (blockchain technologies). What is distributed ledger technology? Best known as the technology behind bitcoin and other crypto-currencies, distributed ledger technology is, in its simplest form, a ledger of digital information maintained in decentralised form across a large network of computers. The … Continue Reading

Singapore to adopt new legislation on unsolicited commercial messages, and enhanced practical guidance framework for data protection

On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to: merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to … Continue Reading

A new deal for consumers: EDPS publishes Opinion

The European Data Protection Supervisor (EDPS) published an Opinion on 5 October 2018 regarding the European Commission’s legislative package “A New Deal for Consumers”. In the Opinion, the EDPS calls for closer alignment between consumer and data protection rules in the EU. Background The Commission’s package, adopted earlier this year, includes two legislative proposals: (1) … Continue Reading

UK government releases IoT security code of practice

The UK government has launched a Code of Practice (CoP) for the Internet of Things (IoT) security. This is aimed at improving baseline security and ensuring that devices that process personal data are General Data Protection Regulation (GDPR) compliant, as well as advancing an industry-wide ‘security by design’ approach. The CoP provides outcome-focused practical steps … Continue Reading

California pursues IoT data security regulations with new legislation

California enacted Internet of Things (IoT) legislation intended to help protect consumer privacy and safety from potential hacking of connected devices. Under the state legislation that may apply to any connected devices sold in California, manufacturers of connected devices are required to equip the devices with security options suitable to the nature of the device … Continue Reading

ICO takes action against organisations for failure to pay new data protection fee

On 26 September 2018 the Information Commissioner’s Office (ICO) began formal enforcement action against 34 organisations that have failed to pay their data protection fees. Notices of intent have been served on both private and public sector organisations, including the NHS, government organisations, and businesses in recruitment, finance and accountancy. They have until 17 October … Continue Reading

Spotlight shone on online advertising as complaints are filed with EU supervisory authorities

On 12 September 2018, complaints were filed with the UK Information Commissioner’s Office and the Irish Data Protection Commissioner regarding the “wide scale and systemic breaches of the data protection regime” by Google and others in the online advertising industry (the Complaints). The Complaints The Complaints were submitted by Brave, an ad blocking web browser, … Continue Reading

Singapore data protection commission fines carpooling service and LAN gaming centre

Two businesses have been fined a total of S$13,000 for breaching Singapore’s data protection law. GrabCar Facts The first decision involved a carpooling service operated by GrabCar through an app. Twenty drivers had their accounts suspended for flouting usage rules for the platform. They were allowed to submit an appeal, by filling a Google form … Continue Reading

ICO publishes Technology Strategy for 2018–2021

The Information Commissioner’s Office (ICO) has published its Technology Strategy for 2018 to 2021. The Strategy, part of the ICO’s focus on adapting to rapidly developing technologies, outlines eight “technology goals” and the measures that will be implemented to achieve them. Technology goals Broadly, these goals include increased technology training for the ICO’s staff and … Continue Reading

Singapore’s Personal Data Protection Act provides guidelines for handling national identification

Beginning on September 1, 2019, all Singapore private sector organizations will be banned from collecting, using or releasing all national identity cards, copies or their numbers unless required under law or deemed necessary to verify an individual’s identity. If organizations violate the rules under the Singapore Personal Data Protection Act 2012 (PDPA), they could face … Continue Reading

FTC continues aggressive enforcement of Privacy Shield

On Thursday, September 27, the Federal Trade Commission (FTC) announced settlements with four companies, IDmission, LLC, mResource LLC (doing business as Loop Works, LLC), SmartStart Employment Screening, Inc., and VenPath, Inc., following allegations that the companies falsely claimed to be certified under the EU-U.S. Privacy Shield. Specifically, the FTC alleged that IDmission, LLC misrepresented participation … Continue Reading

ICO takes enforcement action against Brexit campaigners

On 6 July 2018, the Information Commissioner’s Office (ICO) issued an enforcement notice against AggregateIQ for failing to comply with the General Data Protection Regulation 2016/679 (GDPR). The enforcement notice was issued as part of the ICO’s investigation into whether personal data was misused by both sides during the Brexit referendum. AggregateIQ The terms of … Continue Reading

An interview with North Carolina AG Josh Stein

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

The impact of a no-deal Brexit on data protection

The government has published guidance for UK organisations on transfers of personal data in the event of a so-called no-deal Brexit. In particular, the guidance sets out actions for UK organisations to take to enable the continued flow of personal data between the UK and the European Union (EU) in such an event. While emphasising … Continue Reading
LexBlog