Tag Archives: GDPR

“Privacy First Policy” to be on November ballot in San Francisco

San Francisco voters will decide on November 6, 2018, whether to enact the city’s “Privacy First Policy” that intends to protect the personal information of residents and visitors from misuse by companies doing business in San Francisco. The policy builds upon the California Consumer Privacy Act passed in June 2018, which gives consumers various rights, … Continue Reading

ICO publishes its 2017/2018 Annual Report

The Information Commissioner’s Office (‘ICO’) has published its 2017/2018 Annual Report, covering the 12 months leading up to 31 March 2018. The report is the ICO’s annual report to Parliament as required by the Data Protection Act 1998 (‘DPA’), and outlines the achievements and work of the ICO. Among the findings reported are the number … Continue Reading

ICO issues guidance on hiring and supporting DPOs

The UK Information Commissioner’s Office (ICO) has issued a resource for organizations to utilise when hiring and structuring the roles of data protection officers (DPO) under the General Data Protection Regulation (GDPR). This blog summarises several key elements of these resources. DPO checklist The checklist contains four sections which include: Appointing a DPO – across … Continue Reading

California’s unanimously passed privacy bill takes its cues from the EU’s GDPR and may significantly shift the legal landscape in the U.S.

California’s new privacy law, the California Consumer Privacy Act of 2018 (AB 375), will go into effect on January 1, 2020. The law expands privacy rights, provides California consumers with more control over the personal information that businesses collect on them, and includes civil penalties and statutory damages for noncompliance. While the new privacy law … Continue Reading

EU’s GDPR applied to promotion marketing

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading

European Data Protection Board replaces Article 29 Working Party

On 25 May 2018 the European Data Protection Board (EDPB) formally replaced the Article 29 Working Party as the European advisory committee on data protection issues. In addition to taking over Article 29 Working Party’s responsibilities in issuing guidelines, recommendations and statements of best practice, the EDPB, which operates as an independent body of the … Continue Reading

How big is the risk to operate Facebook fan pages in Germany?

On 5 June 2018, the Court of Justice of the European Union (CJEU) handed down its long-awaited Facebook fan page judgement (Case C-210/16), holding that the operator of a fan page on Facebook is jointly responsible with Facebook for processing the data of visitors to the page. Only a day later, the Conference of German … Continue Reading

Data Protection Act 2018 comes into force

On 23 May 2018, the Data Protection Act 2018 (DPA) received royal assent and became UK law. The DPA implements the EU’s General Data Protection Regulation (GDPR), while providing for certain permitted derogations, additions and UK-specific provisions. The DPA: Repeals and replaces the previous Data Protection Act 1998 (the 1998 Act) as the primary piece … Continue Reading

ICO and NCSC issue guidance on security outcomes under GDPR

The General Data Protection Regulation ((EU) 2016/9679) (GDPR) came into effect on 25 May 2018. One of the key principles centres on integrity and confidentiality of personal data. Article 5(1)(f) of the GDPR provides that personal data shall be: “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised … Continue Reading

German authorities: tracking and profiling cookies require opt-in consent

On 26 April 2018, the Conference of German Data Protection Authorities (German DPAs) released a highly criticised position paper on the applicability of the German Telemedia Act (TMA) after 25 May 2018 (Position Paper, available in German here). The Position Paper clearly states that tracking and profiling cookies now require informed prior opt-in consent. Position … Continue Reading

European Parliament publishes a corrigendum to the GDPR

On 25 April 2018, the European Parliament’s Civil Liberties, Justice & Home Affairs Committee published a corrigendum (an error to be corrected in a printed work after publication) to the European General Data Protection Regulation ((EU 2016/679) (GDPR). There are 26 “official” language versions of the GDPR (all European Economic Area countries plus Norway and … Continue Reading

Article 29 Working Party issues final guidelines on consent

On 10 April 2018, the Article 29 Working Party (WP29) published revised guidelines on consent under the General Data Protection Regulation (GDPR). Consent is one of the six GDPR bases for the lawful processing of personal data. Technology Law Dispatch looked at the WP29’s draft guidelines on consent earlier this year. This article examines the … Continue Reading

Article 29 Working Party adopts finalized guidelines on transparency under GDPR

The Article 29 Working Party (WP29) adopted, on 11 April 2018, finalized guidelines on transparency (the Guidelines) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), following its public consultation. Technology Law Dispatch looked at the draft guidance on transparency earlier this year, so this blog focuses on the key issues and what is … Continue Reading

Article 29 Working Party consultation on guidelines for accrediting certification bodies under the GDPR

The Article 29 Working Party (WP29) published a consultation on guidelines for the accreditation of certification bodies under the General Data Protection Regulation (GDPR), which closed at the end of March. The consultation guidelines would require a certification body under the GDPR to be accredited by either the competent supervisory authority or the national accreditation … Continue Reading

Article 29 Working Party update on GDPR implementation

The Article 29 Working Party (WP29) discussed a number of important issues during its April plenary meeting on 17 April 2018. In its summary press release, the WP29 gave an update on the issues it discussed. Implementation of the General Data Protection Regulation (GDPR) and adopted guidelines WP29 formally adopted guidelines on consent and transparency … Continue Reading

Article 29 Working Party makes recommendations following submission of Code of Conduct for Cloud Infrastructure Service Providers

On 23 February 2018, the Article 29 Working Party (WP29) sent a letter to Alban Schmutz, President of Cloud Infrastructure Services Providers in Europe (CISPE), in response to the organisation’s submission of a draft Code of Conduct for Cloud Infrastructure Service Providers. In conducting its review, the aim of WP29 was to ensure that the … Continue Reading

European Commission VP comments on harmonisation and monetising user data, and guidance on the direct application of the GDPR is issued

On 28 February 2018, Andrus Ansip, the European Commission (Commission) Vice President and commissioner responsible for the Digital Single Market strategy, commented that all companies should be able to monetise user data, in the same way that social media companies do. Mr Ansip’s comments reflect the aims of the General Data Protection Regulation (GDPR) to … Continue Reading

Facebook announces plan to implement GDPR globally

In preparation for the EU’s General Data Protection Regulation (GDPR), which comes into effect May 25, Facebook announced it is launching a range of new privacy tools in an effort to “put people in more control over their privacy.” Interestingly, last week Mark Zuckerberg clarified that he intends to implement Europe’s GDPR across its entire … Continue Reading

UK government publishes response to its consultation on the Directive on security of networks and information systems

The UK government has published its response to a public consultation on the EU Directive on security networks and information systems (NIS Directive) that opened in August last year. The response sets out the UK’s vision for improving the security of the UK’s essential services by implementing the NIS Directive. The NIS Directive The NIS … Continue Reading

European Commission approves provisions for cross-border data flows while consultation on GDPR Article 49 guidance closes

Recently, the European Commission endorsed draft horizontal provisions for cross-border data flows and personal data protection in trade agreements – as personal data is a fundamental right, it is not something which can be the subject of negotiation in EU trade deals. Relatedly, the Article 29 Working Party (A29WP) consultation on the guidelines under Article … Continue Reading

Binding corporate rules – Article 29 Working Party issues revised guidelines

On 6 February 2018, the Article 29 Working Party (WP29) adopted revised guidelines on binding corporate rules (BCRs). These were issued following a period of public consultation that concluded on 17 January 2018. Technology Law Dispatch previously covered the issuing of the draft guidelines last December, in a blog setting out the key elements of … Continue Reading

Will EU data protection authorities ‘consistency mechanism’ be ready in time for the GDPR?

During an Article 29 Working Party (WP29) press conference on 7 February 2018, the outgoing chair and French privacy chief, Isabelle Falque-Pierrotin, expressed concerns that EU data protection authorities (DPAs) may not be able to enforce the General Data Protection Regulation (GDPR) effectively and in a unified manner in accordance with the consistency mechanism, by … Continue Reading
LexBlog