data localisation

Update on the UK’s Information Commissioner, IP Addresses and Russia’s ‘Right to be Forgotten’ Laws

By Cynthia O’Donoghue & Chantelle Taylor on 23 March 2016

With the Privacy Shield, the Umbrella Agreement and the GDPR capturing significant attention, it would be easy to overlook some of the other important developments that have taken place in the data protection sphere. We have rounded up some of the main stories.

Next UK Information Commissioner announced

Pending the formal approval process, Elizabeth Denham (Information and Privacy Commissioner, British Columbia, Canada) is scheduled to take over from Christopher Graham as the UK’s next Information Commissioner. Minister for Data Protection Baroness Neville-Rolfe, has commended Ms. Denham on her proactive approach to enforcing data protection law, and acknowledged her “track record of working with business and other stakeholders”. Ms. Denham’s appointment should take place in June as Mr. Graham’s term of office ends 28 June.
Continue Reading Update on the UK’s Information Commissioner, IP Addresses and Russia’s ‘Right to be Forgotten’ Laws

Russia ramps up compliance checks under its Data Localisation Law

By Cynthia O’Donoghue & Chantelle Taylor on 7 January 2016

Russia’s data protection authority, the Roskomnadzor, has recently announced its intention to increase the number of data localisation audits it carries out in 2016. It has pledged to conduct around 1,000 data localisation compliance audits and 2,000 monitoring procedures in a bid to check whether businesses are meeting their obligations under data localisation law.

Russia’s data localisation law came into effect 1 September 2015. It requires that all companies that collect or process personal data of Russian citizens, process and store that information on servers in Russia. Companies also have an obligation to notify the Roskomnadzor of the location of such servers.
Continue Reading Russia ramps up compliance checks under its Data Localisation Law

New challenges created by China’s new draft cybersecurity law

By Cynthia O’Donoghue & Philip Thomas on 5 October 2015

In July 2015, China released its new draft cybersecurity law (the ‘Law’), which will potentially have far-reaching consequences for network operators and companies doing business in China.

The Law regulates cross-border data transfers and gives individuals greater protection over their personal data, including granting them increased rights to access and amend their personal information. The Law also imposes a range of stringent new obligations, while awarding the government added powers to access and block dissemination of private information which would be deemed illegal under Chinese law.

Under the Law, the PRC government will be able to:

Restrict the transmission of information over the Internet to certain places where privacy incidents have occurred previously in order to protect national security
Introduce a new ‘localization law’ which will oblige certain entities to store any information deemed by the government as “important” or “critical” within China. If there is a legitimate business reason to store or otherwise transfer such data abroad, the transferring organisation will be required to complete a security evaluation which meets government requirements before any such data can be transferred. This obligation is intended to apply only to organisations in “key information infrastructure sectors,” but it is unclear exactly how this term will be interpreted.

Continue Reading New challenges created by China’s new draft cybersecurity law

Data Localisation Law – clarifications published with one month to go…

By Cynthia O’Donoghue & Chantelle Taylor on 2 September 2015

Just one month before the new Data Localisation Law (‘the law’) is due to come into force, the Russian Ministry of Communications has published its long-awaited clarifications (in Russian) to the new law.

These clarifications, although unofficial and non-binding, provide further guidance on the new law which will require all organisations processing personal data on Russian residents to collect and store such data within Russia. Key clarifications include:
Continue Reading Data Localisation Law – clarifications published with one month to go…

Russia thinks about extending deadline for data localisation

By Cynthia O’Donoghue on 4 August 2015

News is filtering through that Russia may extend the deadline for requiring companies to process the personal data of its citizens on servers located within Russia, to sometime after the existing deadline of 1 September 2015. The original legislation had proposed an effective date of 1 September 2015, but in a press statement of 14…

Russia sets a new deadline for data localisation, and removes Hong Kong and Switzerland from Adequate Privacy Protection List

By Cynthia O’Donoghue on 14 January 2015

The Russian Duma recently set a new deadline for companies to localise their data processing of Russian citizens on Russian soil, while the data protection authority published an order removing Hong Kong and Switzerland from its ‘adequate privacy protection list’.

The Russian Duma has voted through, on a first reading, an accelerated effective date for…

Technology Law Dispatch