Tag Archives: EU

“Privacy First Policy” to be on November ballot in San Francisco

San Francisco voters will decide on November 6, 2018, whether to enact the city’s “Privacy First Policy” that intends to protect the personal information of residents and visitors from misuse by companies doing business in San Francisco. The policy builds upon the California Consumer Privacy Act passed in June 2018, which gives consumers various rights, … Continue Reading

California’s unanimously passed privacy bill takes its cues from the EU’s GDPR and may significantly shift the legal landscape in the U.S.

California’s new privacy law, the California Consumer Privacy Act of 2018 (AB 375), will go into effect on January 1, 2020. The law expands privacy rights, provides California consumers with more control over the personal information that businesses collect on them, and includes civil penalties and statutory damages for noncompliance. While the new privacy law … Continue Reading

European Parliament calls for suspension of EU to U.S. data transfers under the Privacy Shield

On 5 July 2018, the European Parliament demanded in a resolution that the European Commission suspends its EU-U.S. Privacy Shield unless the U.S. administration introduces adequate data protection safeguards by 1 September 2018. The Privacy Shield agreement is aimed at facilitating data transfers of EU personal data to the United States. The non-binding resolution was … Continue Reading

EU’s GDPR applied to promotion marketing

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading

Ireland: New guidelines on restrictions on data subject rights

Article 23 of the General Data Protection Regulation (GDPR) allows EU Member States to restrict the scope of data subjects’ GDPR rights and organisations’ GDPR obligations. The Irish data protection authority, the Data Protection Commission (DPC), released guidelines (Guidelines) on GDPR Article 23 on 19 June 2018. The Irish Data Protection Act 2018 (the Act) … Continue Reading

UK Government publishes technical note on data protection

On 7 June 2018, the UK government published a technical note detailing options for future UK-EU cooperation on data protection, post-Brexit. The technical note is part of a series of papers produced by the UK Brexit negotiation team for discussion with the EU, in order to assist with the development of future EU-UK relations. The … Continue Reading

European Commission proposes draft Whistleblowing Directive

On 23 April 2018, the European Commission published a proposal for a Directive on the protection of whistleblowers reporting on breaches of EU law, accompanied by an explanatory memorandum. The Directive The intention behind the proposal is to harmonise the minimum level of protection available to whistleblowers across the EU. It reflects the Commission’s view … Continue Reading

European Commission outlines plans to boost artificial intelligence

Last month, the European Commission (Commission) announced plans to bolster the future of artificial intelligence (AI) across the bloc. In a paper on ‘Artificial Intelligence for Europe’, the Commission proposed a three-pronged approach to: (i) increase public and private investment in AI; (ii) prepare for socio-economic changes; and (iii) ensure an appropriate ethical and legal … Continue Reading

European Commission outlines blockchain development plans, calls for a feasibility study and unveils FinTech Action Plan.

The EU Commission continues to show its support and investment in new technologies in the digital economy. On February 1, 2018, the Commission and the European Parliament launched the EU Blockchain Observatory and Forum, and earlier this month, the Commission also unveiled its FinTech Action Plan. The Blockchain Observatory The observatory is designed to be … Continue Reading

Four months until GDPR: Which EU countries are ready? How relevant are these laws?

The General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. It will attempt to standardize data protection law throughout the European Union. The GDPR will not be fully harmonized since the law has more than 70 opening clauses that will leave room for the EU Member States’ legislators to implement (stricter, … Continue Reading

ICO publishes International Strategy

The Information Commissioner’s Office (“ICO”) has released its International Strategy 2017-2021  (“Strategy”). The Strategy supports its Information Rights Strategic Plan, which we reported on earlier this year. The first part of the Strategy refers to the challenges and priorities for the next five years, particularly in light of changes brought about by the General Data … Continue Reading

South Korea joins APEC’s Cross Border Privacy Rules system

This week, it was officially announced that South Korea has become the fifth country to join the Asia-Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system. This system was developed by APEC in 2011 to “build consumer, business and regulator trust in cross border flows of personal information” and thus facilitate e-commerce among APEC … Continue Reading

One year to go – European Commission issues statement on benefits of GDPR

“A year from now, the European Union will start benefiting from the new data protection standards.” This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all … Continue Reading

Preparing for the GDPR: what you need to know

Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading

European Commission Publishes Proposal for Signing the EU-U.S. Umbrella Agreement

The EU-U.S. data protection Umbrella Agreement consists of a framework of principles and safeguards for trans-Atlantic transfers of personal data (such as criminal records, names and addresses) in relation to the prevention, detection, investigation and prosecution of criminal offences, including terrorism. The agreement seeks to satisfy two core objectives: first, to ensure a high level … Continue Reading

Turkish Parliament Enacts New Data Protection Law

In a step toward its accession to the EU, Turkey has enacted its first comprehensive Data Protection Law. The law was passed by the Turkish Parliament 24 March and published in the Official Gazette 7 April. The law is based largely on the EU Data Protection Directive (95/46/EC), and as such introduces familiar definitions of … Continue Reading

EU General Data Protection Regulation in force from 25 May 2018: the Countdown to Compliance starts now

The long-awaited General Data Protection Regulation was published in the Official Journal of the European Union on 4 May 2016. This means that the most comprehensive reform to the EU’s omnibus data protection law in 20 years will apply throughout the European Union from 25 May 2018. We have written in previous posts (here and here) … Continue Reading

Privacy Shield does not achieve adequacy of protection under current regime, say EU Data Protection Authorities

On 13 April, the Article 29 Data Protection Working Party (‘WP29’) published its opinion on whether the proposed Privacy Shield programme, which is intended to replace the now-invalid Safe Harbor pact for facilitating trans-Atlantic data flows, achieved an adequate level of protection. The WP29 acknowledged that many of the shortcomings of Safe Harbor have been … Continue Reading

Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say … Continue Reading

Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading

EU Commission Publishes Work Program for 2015

The European Commission’s work program for 2015 covers 10 actions for 2015, including a “connected digital single market” across the EU. As part of the Digital Single Market Package, the Commission aims to conclude negotiations on the European data protection reform and the Regulation, and to propose changes to deal with existing challenges in the … Continue Reading

Presidency of the Council of Ministers publishes amendments to ‘one stop shop’ of the draft EU Data Protection Regulation

In October 2013, we reported on the move towards a ‘One Stop Shop’ (OSS) approach to EU Data Protection. The OSS principle aims to create consistency for international organisations to process personal data in multiple member states through the appointment of a single competent authority to monitor the data-controller’s activities across all EU Member States. … Continue Reading

The EU Cyber Security Directive: Latest Developments

The Cyber Security Directive (formally known as the Network & Information Security Directive) (the Directive) was considered by the European Parliament (the Parliament) in March. After a first reading of the Directive, MEPs voted strongly in favour of its progression to the next stage of the legislative process. This will involve negotiations between the European … Continue Reading

European Parliament votes in favour of new Data Protection Regulation

This post was written by Cynthia O’Donoghue. In March, the European Parliament voted overwhelmingly in favour of implementing the draft Data Protection Regulation, making its commitment to reforming the European regime irreversible. In order to become law, the Regulation must now be negotiated and adopted by the Council of Ministers. Discussions around reform began in … Continue Reading
LexBlog