The ICO recently published its Information Rights Strategic Plan for 2017 – 2021 (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting … Continue Reading
As part of its GDPR Implementation Project, the Centre for Information Policy Leadership (‘CIPL’) has released a discussion paper on certifications, seals and marks. The paper stresses the benefits of certifications that can be adapted to different companies and contexts, all while retaining common cross-border baselines. As no such measure is currently in place ahead … Continue Reading
“A year from now, the European Union will start benefiting from the new data protection standards.” This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all … Continue Reading
The Council of the European Union (“Council”) has predicted that the ePrivacy Regulation will not come into force by 25 May 2018. The ePrivacy Directive (Directive 2002/58/EC) will, therefore, continue to apply. The new ePrivacy Regulation The new European data protection regime will enter into force in about one year. The General Data Protection Regulation … Continue Reading
For organisations with data flows between the United States and Switzerland, it is now possible to self-certify into the Swiss-U.S. Privacy Shield Framework. This process became available on 12 April 2017. The Swiss-U.S. Privacy Shield will operate in a substantially similar way to the EU-U.S. Privacy Shield. There are, however, key differences, including: (1) the … Continue Reading
Yesterday, the German Parliament (Bundestag) passed a new Data Protection Act (Datenschutz-Anpassungs-und-Umsetzungsgesetz EU – DSAnpUG-EU; the Act), despite major criticism. The Act is available online in German here. The Act shall adjust the current German data protection laws with the requirements of the General Data Protection Regulation (GDPR), and replace the current Federal Data Protection … Continue Reading
Although considered burdensome by some, data protection impact assessments (DPIAs) help controllers assess any data protection implications of their processing operations, with the added benefit of demonstrating compliance with the EU General Data Protection Regulation (GDPR). The Article 29 Working Party (WP29) recently published Guidelines on DPIAs and on determining whether processing is “likely to … Continue Reading
Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR. Commissioner Denham emphasised that … Continue Reading
As the European data protection framework evolves, big data remains a hot topic. Often, what makes up these large data sets is personal data, so it has clear data protection implications. The Information Commissioner’s Office (“ICO”) has therefore issued guidance on “Big data, artificial intelligence, machine learning and data protection.” This recent guidance provides helpful emphasis … Continue Reading
In the recent case of Prince Moulay Hicham v Elaph Publishing Limited, the Court of Appeal held in a unanimous decision that a claimant could include an action under the UK Data Protection Act 1998 (‘DPA’) as an alternative means of redress. To read our full client alert in relation to this judgment, please click … Continue Reading
The EU-U.S. Privacy Shield has come under scrutiny once again after 17 civil society organisations (the Coalition) sent a letter to the European Commissioner for Justice and Consumers. The 28 February 2017 letter raises the issue as to the breadth of Section 702 of the FISA (Foreign Intelligence Surveillance Act) Amendments Act (FAA), which provides … Continue Reading
On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union. Unlocking the data economy The Strategy notes the … Continue Reading
On 3 March 2017, the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht – “DPA”) issued a 160-page 7th activity report (Tätigkeitsbericht), covering years 2015 and 2016. The activity report has been accompanied by a press release of the same date. Background In Germany, Data Protection Authorities are obliged to regularly, at least every two years, issue … Continue Reading
In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the … Continue Reading
At the beginning of February, the Minister of State responsible for digital and culture policy, Matt Hancock, reaffirmed the UK’s commitment to implementing legislation mirroring the General Data Protection Regulation (GDPR), and ensuring the uninterrupted flow of personal data between the UK and EU post Brexit. Reaffirmed Commitment to the GDPR… Continue Reading
In early January, the Article 29 Working Party (WP29) adopted its 2017 Action Plan (Action Plan) on the implementation of the General Data Protection Regulation (GDPR). Amongst the actions proposed, the Action Plan provides a list of guidelines to be published throughout the year; which are set to cover:… Continue Reading
The EU Commission recently launched a Public consultation on Building the European data economy. The objective behind the consultation is to feed into the Commission’s future policy agenda on the European data economy in 2017. The data economy In its Communication entitled “Building a European Data Economy,” the Commission has re-identified (from its 2012 Communication) … Continue Reading
The governments of Switzerland and the United States finalised the Swiss-U.S. Privacy Shield Framework on 11 January. The Framework is similar in many respects to the EU-U.S. Privacy Shield, and replaces the U.S.-Swiss Safe Harbor Framework with immediate effect. Background… Continue Reading
On 7 November, the government of the People’s Republic of China passed the much-anticipated Cyber Security Law of China, which will come into force 1 June 2017. After first and second drafts were put out for public consultation in June 2015 and May 2016, respectively, it was a third draft issued in October 2016 that … Continue Reading
We are hosting a webinar on January 30, 2017, to discuss the new obligations global organisations with interests in Europe will need to meet to comply with the GDPR. With just over 16 months to go until the Regulation will be enforced, it is vital that you understand the requirements and that you are able to … Continue Reading
Just four months after its adoption by the European Commission, the EU-U.S. Privacy Shield is facing its first formal legal challenge. The challenge comes from the Irish advocacy group Digital Rights Ireland, who is joined by French privacy advocacy group La Quadrature du Net and non-profit internet service provider French Data Network.… Continue Reading
LinkedIn has become the first major company to have access to its website in Russia blocked by the Russian Data Protection Authority, Roskomnadzor, following earlier Moscow Court decisions on 4 August and 10 November. Russia’s data localisation law came into effect in September 2015 and requires websites collecting personal data of Russian citizens to store … Continue Reading
Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading
Data Protection Authorities (“DPAs”) from across the world gathered in Marrakesh for the 38th International Privacy Conference. This event is held annually for the purpose of debating topical data protection issues. The debates this year centred on data privacy being central to: sustainable development, government access to personal data, the role of technology, adequacy, localisation … Continue Reading
