The government has released a Statement of Intent (“the Statement”) for a new Data Protection Bill (“the Bill”). The Bill was originally announced in the Queen’s Speech earlier this year (see our previous blog on this). This Statement provides further detail on the government’s proposed reforms to data protection laws in the UK. The Bill … Continue Reading
Machine-generated data is a hot commodity, but who owns this information? As more and more valuable data are generated, should there be legislation to establish ownership and, potentially, access rights? The European Commission conducted a public consultation, “Building a European Data Economy,” to find out. The consultation addressed key factors, such as the question to … Continue Reading
The German Data Protection Authorities (“DPAs”) released a paper on fines under Art. 83 General Data Protection Regulation (“GDPR”) in July 2017. Fines are hanging like a Sword of Damocles over the organizations that are getting ready for GDPR, since the upper limits of fines have been increased substantially. For example, German DPAs can currently … Continue Reading
The House of Lords EU Home Affairs Sub-Committee (“the Committee”) has published a report on the EU Data Protection Package and the impact of Brexit (“the Report”). The Report considers the implications of the UK’s exit from the EU for cross-border data transfers, and for UK data protection policy more generally. The Report looks at … Continue Reading
The House of Commons Library, which aims to provide impartial research and analysis to MPs and their staff, has published a briefing paper on the impact of Brexit on data protection law in the UK (“the Paper”). The Paper summarises the background to EU data protection law and notes that inconsistent implementation of the Data … Continue Reading
The Article 29 Working Party (“WP29”) recently published an opinion on data processing at work (“Opinion”). The Opinion restates the position and conclusions in WP29’s 2001 Opinion on processing personal data in the employment context (WP48), and its 2002 WP55 Working Document on the surveillance of electronic communications in the workplace. However, it addresses the … Continue Reading
The Bavarian Data Protection Authority (“Bavarian DPA”) has published an English-language version of a GDPR implementation audit questionnaire (“Questionnaire”). The Questionnaire is available here. The Questionnaire has been previously released in German. Content of the Questionnaire The Questionnaire includes questions on six topics: Structure and responsibility in the company • For example, is there awareness … Continue Reading
The Information Commissioner’s Office (“ICO”) has released its International Strategy 2017-2021 (“Strategy”). The Strategy supports its Information Rights Strategic Plan, which we reported on earlier this year. The first part of the Strategy refers to the challenges and priorities for the next five years, particularly in light of changes brought about by the General Data … Continue Reading
The Queen’s Speech was delivered 21 June 2017, setting out the government’s legislative plans. Key proposals from a data protection perspective include: The introduction of a new Data Protection Bill, which will incorporate the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), and the new Directive which applies to law enforcement data processing into UK law; and A … Continue Reading
The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading
The ICO recently published its Information Rights Strategic Plan for 2017 – 2021 (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting … Continue Reading
The Court of Justice of the European Union (CJEU) recently gave its preliminary ruling on the interpretation of the legitimate interests condition under Article 7(f) of the Data Protection Directive 95/46/EC (the Directive) in the context of processing by a public authority. A collision In 2012, a passenger in a taxi in Latvia suddenly opened … Continue Reading
As part of its GDPR Implementation Project, the Centre for Information Policy Leadership (‘CIPL’) has released a discussion paper on certifications, seals and marks. The paper stresses the benefits of certifications that can be adapted to different companies and contexts, all while retaining common cross-border baselines. As no such measure is currently in place ahead … Continue Reading
“A year from now, the European Union will start benefiting from the new data protection standards.” This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all … Continue Reading
The Council of the European Union (“Council”) has predicted that the ePrivacy Regulation will not come into force by 25 May 2018. The ePrivacy Directive (Directive 2002/58/EC) will, therefore, continue to apply. The new ePrivacy Regulation The new European data protection regime will enter into force in about one year. The General Data Protection Regulation … Continue Reading
Yesterday, the German Parliament (Bundestag) passed a new Data Protection Act (Datenschutz-Anpassungs-und-Umsetzungsgesetz EU – DSAnpUG-EU; the Act), despite major criticism. The Act is available online in German here. The Act shall adjust the current German data protection laws with the requirements of the General Data Protection Regulation (GDPR), and replace the current Federal Data Protection … Continue Reading
Although considered burdensome by some, data protection impact assessments (DPIAs) help controllers assess any data protection implications of their processing operations, with the added benefit of demonstrating compliance with the EU General Data Protection Regulation (GDPR). The Article 29 Working Party (WP29) recently published Guidelines on DPIAs and on determining whether processing is “likely to … Continue Reading
Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR. Commissioner Denham emphasised that … Continue Reading
As the European data protection framework evolves, big data remains a hot topic. Often, what makes up these large data sets is personal data, so it has clear data protection implications. The Information Commissioner’s Office (“ICO”) has therefore issued guidance on “Big data, artificial intelligence, machine learning and data protection.” This recent guidance provides helpful emphasis … Continue Reading
On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union. Unlocking the data economy The Strategy notes the … Continue Reading
On 3 March 2017, the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht – “DPA”) issued a 160-page 7th activity report (Tätigkeitsbericht), covering years 2015 and 2016. The activity report has been accompanied by a press release of the same date. Background In Germany, Data Protection Authorities are obliged to regularly, at least every two years, issue … Continue Reading
We are hosting a webinar on January 30, 2017, to discuss the new obligations global organisations with interests in Europe will need to meet to comply with the GDPR. With just over 16 months to go until the Regulation will be enforced, it is vital that you understand the requirements and that you are able to … Continue Reading
As we enter 2017, 2018 doesn’t seem that far away…and with the new General Data Protection Regulation (GDPR) due to come into effect from 25 May 2018, organisations are running out of time to ensure compliance with the new data protection requirements. It is therefore not surprising that the Article 29 Working Party (“Working Party”) … Continue Reading
Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading
