Archives: Regulatory

Subscribe to Regulatory RSS Feed

EU to create a cybersecurity certification framework

To enhance cyber resilience, the EU is building a certification framework for information and communication technology (ICT) products, services and processes. On 8 June 2018, the Council agreed a Proposal (known as the Cybersecurity Act) to prepare for negotiations with the European Parliament to finalise the text. One of the effects of the Proposal is … Continue Reading

ICO publishes its 2017/2018 Annual Report

The Information Commissioner’s Office (‘ICO’) has published its 2017/2018 Annual Report, covering the 12 months leading up to 31 March 2018. The report is the ICO’s annual report to Parliament as required by the Data Protection Act 1998 (‘DPA’), and outlines the achievements and work of the ICO. Among the findings reported are the number … Continue Reading

ICO issues guidance on hiring and supporting DPOs

The UK Information Commissioner’s Office (ICO) has issued a resource for organizations to utilise when hiring and structuring the roles of data protection officers (DPO) under the General Data Protection Regulation (GDPR). This blog summarises several key elements of these resources. DPO checklist The checklist contains four sections which include: Appointing a DPO – across … Continue Reading

EU’s GDPR applied to promotion marketing

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading

Data Protection Act 2018 comes into force

On 23 May 2018, the Data Protection Act 2018 (DPA) received royal assent and became UK law. The DPA implements the EU’s General Data Protection Regulation (GDPR), while providing for certain permitted derogations, additions and UK-specific provisions. The DPA: Repeals and replaces the previous Data Protection Act 1998 (the 1998 Act) as the primary piece … Continue Reading

ICO and NCSC issue guidance on security outcomes under GDPR

The General Data Protection Regulation ((EU) 2016/9679) (GDPR) came into effect on 25 May 2018. One of the key principles centres on integrity and confidentiality of personal data. Article 5(1)(f) of the GDPR provides that personal data shall be: “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised … Continue Reading

German authorities: tracking and profiling cookies require opt-in consent

On 26 April 2018, the Conference of German Data Protection Authorities (German DPAs) released a highly criticised position paper on the applicability of the German Telemedia Act (TMA) after 25 May 2018 (Position Paper, available in German here). The Position Paper clearly states that tracking and profiling cookies now require informed prior opt-in consent. Position … Continue Reading

European Parliament publishes a corrigendum to the GDPR

On 25 April 2018, the European Parliament’s Civil Liberties, Justice & Home Affairs Committee published a corrigendum (an error to be corrected in a printed work after publication) to the European General Data Protection Regulation ((EU 2016/679) (GDPR). There are 26 “official” language versions of the GDPR (all European Economic Area countries plus Norway and … Continue Reading

European Commission proposes draft Whistleblowing Directive

On 23 April 2018, the European Commission published a proposal for a Directive on the protection of whistleblowers reporting on breaches of EU law, accompanied by an explanatory memorandum. The Directive The intention behind the proposal is to harmonise the minimum level of protection available to whistleblowers across the EU. It reflects the Commission’s view … Continue Reading

European Commission outlines plans to boost artificial intelligence

Last month, the European Commission (Commission) announced plans to bolster the future of artificial intelligence (AI) across the bloc. In a paper on ‘Artificial Intelligence for Europe’, the Commission proposed a three-pronged approach to: (i) increase public and private investment in AI; (ii) prepare for socio-economic changes; and (iii) ensure an appropriate ethical and legal … Continue Reading

Network and Information Systems Regulations 2018 come into force in the UK and government cybersecurity survey is published

On 10 May 2018, the Network and Information Systems Regulations 2018 (NISR) came into force in the UK. NISR stems from the Network Information Systems Directive 2016 of the EU, which has been covered by this blog previously. Relatedly, on 25 April 2018, the UK government’s Department for Digital, Culture, Media and Sport (DCMS) published … Continue Reading

Trade secret litigation – is Germany next?

In anticipation of the implementation of the Trade Secrets Directive, the topic of know-how protection has been widely discussed. Dr Anette Gärtner, along with Sabrina Gossler, has written an article which explores the current legal situation in Germany, analyses the relevant provisions of the Directive and explains the immediate next steps for companies operating in … Continue Reading

Article 29 Working Party issues final guidelines on consent

On 10 April 2018, the Article 29 Working Party (WP29) published revised guidelines on consent under the General Data Protection Regulation (GDPR). Consent is one of the six GDPR bases for the lawful processing of personal data. Technology Law Dispatch looked at the WP29’s draft guidelines on consent earlier this year. This article examines the … Continue Reading

Article 29 Working Party adopts finalized guidelines on transparency under GDPR

The Article 29 Working Party (WP29) adopted, on 11 April 2018, finalized guidelines on transparency (the Guidelines) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), following its public consultation. Technology Law Dispatch looked at the draft guidance on transparency earlier this year, so this blog focuses on the key issues and what is … Continue Reading

Article 29 Working Party consultation on guidelines for accrediting certification bodies under the GDPR

The Article 29 Working Party (WP29) published a consultation on guidelines for the accreditation of certification bodies under the General Data Protection Regulation (GDPR), which closed at the end of March. The consultation guidelines would require a certification body under the GDPR to be accredited by either the competent supervisory authority or the national accreditation … Continue Reading

Brexit sectoral analysis – ICT report

In November 2017, the House of Commons Committee on Exiting the European Union (the Committee) published impact assessment reports of Brexit on various UK business sectors. The Report on the Technology (ICT) Sector (the Report) is a mix of qualitative and quantitative analysis. For each business sector, the Report includes: (i) a description of the … Continue Reading

Arizona emerges as privacy innovator as its AG and Governor lead the charge

Arizona and its Attorney General’s office have emerged as key players in the effort to prioritize data security on the national stage. Since his inauguration in 2015, Arizona Attorney General Mark Brnovich has struck a balance between supporting innovation and protecting Arizonans’ privacy rights. With the support of Governor Doug Ducey, Arizona is taking active … Continue Reading

Article 29 Working Party update on GDPR implementation

The Article 29 Working Party (WP29) discussed a number of important issues during its April plenary meeting on 17 April 2018. In its summary press release, the WP29 gave an update on the issues it discussed. Implementation of the General Data Protection Regulation (GDPR) and adopted guidelines WP29 formally adopted guidelines on consent and transparency … Continue Reading

Article 29 Working Party makes recommendations following submission of Code of Conduct for Cloud Infrastructure Service Providers

On 23 February 2018, the Article 29 Working Party (WP29) sent a letter to Alban Schmutz, President of Cloud Infrastructure Services Providers in Europe (CISPE), in response to the organisation’s submission of a draft Code of Conduct for Cloud Infrastructure Service Providers. In conducting its review, the aim of WP29 was to ensure that the … Continue Reading

FRAND licensing in Germany – the recent Düsseldorf decision

The findings from the recent Higher Regional Court of Düsseldorf decision Mobiles Kommunikationssystem have established a new framework that should be followed when courts are benchmarking standard-essential patents (SEP) licence offers. The court has commented on which requirements are to be placed on the infringement notice, the licence request and the licence offer and how … Continue Reading

European Commission VP comments on harmonisation and monetising user data, and guidance on the direct application of the GDPR is issued

On 28 February 2018, Andrus Ansip, the European Commission (Commission) Vice President and commissioner responsible for the Digital Single Market strategy, commented that all companies should be able to monetise user data, in the same way that social media companies do. Mr Ansip’s comments reflect the aims of the General Data Protection Regulation (GDPR) to … Continue Reading

UK government publishes response to its consultation on the Directive on security of networks and information systems

The UK government has published its response to a public consultation on the EU Directive on security networks and information systems (NIS Directive) that opened in August last year. The response sets out the UK’s vision for improving the security of the UK’s essential services by implementing the NIS Directive. The NIS Directive The NIS … Continue Reading

UK government publishes the Digital Charter and reaffirms creation of the Centre for Data Ethics and Innovation

Earlier this year the UK Department for Digital, Culture, Media & Sport published its new Digital Charter. This short document outlines a UK rolling programme of work designed to make the UK a friendly environment to start-up and grow digital businesses. It is also designed to make the UK a safe place to be online. … Continue Reading

A complete quilt: South Dakota and Alabama are final two states to enact data breach laws

In February, we reported that South Dakota and Alabama were the last two U.S. states without data breach notification laws. Since then, both states have enacted data breach laws. South Dakota governor Dennis Daugaard signed South Dakota Bill No. 62 into law on March 21, making it the 49th state to pass a data breach … Continue Reading
LexBlog