Tag Archives: data protection

German Parliament voted ‘Yes’ on new Data Protection Act to implement the GDPR

Yesterday, the German Parliament (Bundestag) passed a new Data Protection Act (Datenschutz-Anpassungs-und-Umsetzungsgesetz EU – DSAnpUG-EU; the Act), despite major criticism. The Act is available online in German here. The Act shall adjust the current German data protection laws with the requirements of the General Data Protection Regulation (GDPR), and replace the current Federal Data Protection … Continue Reading

More GDPR questions answered: new guidelines on DPIAs

Although considered burdensome by some, data protection impact assessments (DPIAs) help controllers assess any data protection implications of their processing operations, with the added benefit of demonstrating compliance with the EU General Data Protection Regulation (GDPR). The Article 29 Working Party (WP29) recently published Guidelines on DPIAs and on determining whether processing is “likely to … Continue Reading

‘Once in a generation’ legislative changes: the ICO’s strategy for GDPR challenges

Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR. Commissioner Denham emphasised that … Continue Reading

Man vs. machine: the ICO provides guidance on use of Big Data

As the European data protection framework evolves, big data remains a hot topic. Often, what makes up these large data sets is personal data, so it has clear data protection implications. The Information Commissioner’s Office (“ICO”) has therefore issued guidance on “Big data, artificial intelligence, machine learning and data protection.” This recent guidance provides helpful emphasis … Continue Reading

Defamation and Data Protection: a twin-barrelled approach to claims against publishers

In the recent case of Prince Moulay Hicham v Elaph Publishing Limited, the Court of Appeal held in a unanimous decision that a claimant could include an action under the UK Data Protection Act 1998 (‘DPA’) as an alternative means of redress. To read our full client alert in relation to this judgment, please click … Continue Reading

Coalition of human rights organisations call for suspension of Privacy Shield

The EU-U.S.  Privacy Shield has come under scrutiny once again after 17 civil society organisations (the Coalition) sent a letter to the European Commissioner for Justice and Consumers. The 28 February 2017 letter raises the issue as to the breadth of Section 702 of the FISA (Foreign Intelligence Surveillance Act) Amendments Act (FAA), which provides … Continue Reading

UK government publishes digital strategy to create and support a secure and thriving data economy

On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union. Unlocking the data economy The Strategy notes the … Continue Reading

Bavarian Data Protection Authority issues its “7th activity report 2015/2016”

On 3 March 2017, the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht – “DPA”) issued a 160-page 7th activity report (Tätigkeitsbericht), covering years 2015 and 2016. The activity report has been accompanied by a press release of the same date. Background In Germany, Data Protection Authorities are obliged to regularly, at least every two years, issue … Continue Reading

NIS Directive to be implemented in UK despite Brexit

In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the … Continue Reading

UK Reaffirms Commitment to GDPR while ICO Increases its International Focus

At the beginning of February, the Minister of State responsible for digital and culture policy, Matt Hancock, reaffirmed the UK’s commitment to implementing legislation mirroring the General Data Protection Regulation (GDPR), and ensuring the uninterrupted flow of personal data between the UK and EU post Brexit. Reaffirmed Commitment to the GDPR… Continue Reading

Building the EU data economy: time for an upgrade?

The EU Commission recently launched a Public consultation on Building the European data economy. The objective behind the consultation is to feed into the Commission’s future policy agenda on the European data economy in 2017. The data economy In its Communication entitled “Building a European Data Economy,” the Commission has re-identified (from its 2012 Communication) … Continue Reading

Switzerland and the United States Agree Privacy Shield Framework

The governments of Switzerland and the United States finalised the Swiss-U.S. Privacy Shield Framework on 11 January. The Framework is similar in many respects to the EU-U.S. Privacy Shield, and replaces the U.S.-Swiss Safe Harbor Framework with immediate effect. Background… Continue Reading

The new Cybersecurity Law of China: What does it mean for the International Market?

On 7 November, the government of the People’s Republic of China passed the much-anticipated Cyber Security Law of China, which will come into force 1 June 2017. After first and second drafts were put out for public consultation in June 2015 and May 2016, respectively, it was a third draft issued in October 2016 that … Continue Reading

Implementing the GDPR: Reed Smith Webinar on Planning your Path to Compliance in 2017

We are hosting a webinar on January 30, 2017, to discuss the new obligations global organisations with interests in Europe will need to meet to comply with the GDPR. With just over 16 months to go until the Regulation will be enforced, it is vital that you understand the requirements and that you are able to … Continue Reading

EU-US Privacy Shield challenged in the European Court of Justice

Just four months after its adoption by the European Commission, the EU-U.S. Privacy Shield is facing its first formal legal challenge. The challenge comes from the Irish advocacy group Digital Rights Ireland, who is joined by French privacy advocacy group La Quadrature du Net and non-profit internet service provider French Data Network.… Continue Reading

“Sorry, Santa, the Kids’ Data Is Stuck In Russia!” ~ Plus LinkedIn Not Feeling the Love from Russia

LinkedIn has become the first major company to have access to its website in Russia blocked by the Russian Data Protection Authority, Roskomnadzor, following earlier Moscow Court decisions on 4 August and 10 November. Russia’s data localisation law came into effect in September 2015 and requires websites collecting personal data of Russian citizens to store … Continue Reading

Preparing for the GDPR: what you need to know

Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading

Data Protection Authorities gather for the 38th International Privacy Conference

Data Protection Authorities (“DPAs”) from across the world gathered in Marrakesh for the 38th International Privacy Conference. This event is held annually for the purpose of debating topical data protection issues. The debates this year centred on data privacy being central to: sustainable development, government access to personal data, the role of technology, adequacy, localisation … Continue Reading

Article 29 Working Party issues results of GDPR Fablab workshop

Ahead of the forthcoming General Data Protection Regulation (GDPR), the Article 29 Working Party earlier this year organised the Fablab workshop. Meeting in Brussels, more than 90 participants gathered to discuss certain operational and practical issues linked to the GDPR with representatives of industry, civil society, academics and relevant associations. Fablab’s objective was to generate … Continue Reading

Company bosses can no longer dodge nuisance call fines

In an ongoing effort to tackle nuisance calls, the UK government has signalled its intention to make company directors directly liable for breaches of the Privacy and Electronic Communications Regulations (PERC) carried out by their firms. These fines will be in addition to any fines ordered against the firm itself. Deemed a growing problem that, … Continue Reading

In the Wake of Schrems: EU White List of Adequate Nations and Standard Contractual Clauses Under Review

Early last month, the European Commission tabled proposed amendments to its existing decisions on the adequacy of third countries’ data protection laws, and to its decisions on the EU standard contractual clauses. When the CJEU invalidated the EU-U.S. Safe Harbor framework in the Schrems decision last year, it set in motion a review of all … Continue Reading

FCA and G7 issue cybersecurity guidelines for the financial sector

In its speech at the FT Cyber Security Summit, the FCA has outlined its approach to cybersecurity in financial services firms. In addition to this, the Group of 7 (“G7”) has issued an 8-point framework for the financial sector as a push for financial firms to design a cybersecurity strategy. We explore each piece of … Continue Reading

CJEU says dynamic IP addresses can constitute personal data

The Court of Justice of the European Union (“CJEU”) has ruled that dynamic IP addresses can constitute personal data. Dynamic IP addresses, registered by a website provider when an individual accesses its website, shall constitute personal data where the operator has the legal means to combine the data with additional data (held by the internet … Continue Reading
LexBlog