Tag Archives: GDPR

Get your update on IT & Privacy Law (Germany)

By Dr. Andreas Splittgerber and Sven Schonhofen on Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Privacy & Data Protection
The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading

ICO’s Strategic Plan for the ‘New Frontier’ of Data Protection

By Cynthia O’Donoghue and Chantelle Taylor on Posted in Privacy & Data Protection
The ICO recently published its Information Rights Strategic Plan for 2017 – 2021  (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting … Continue Reading

Legitimate interests: a balancing act

By Cynthia O’Donoghue and Chantelle Taylor on Posted in Privacy & Data Protection
The Court of Justice of the European Union (CJEU) recently gave its preliminary ruling on the interpretation of the legitimate interests condition under Article 7(f) of the Data Protection Directive 95/46/EC (the Directive) in the context of processing by a public authority. A collision In 2012, a passenger in a taxi in Latvia suddenly opened … Continue Reading

CIPL produces roadmap for potential certification standards under GDPR

By Cynthia O’Donoghue and Chantelle Taylor on Posted in Privacy & Data Protection
As part of its GDPR Implementation Project, the Centre for Information Policy Leadership (‘CIPL’) has released a discussion paper on certifications, seals and marks. The paper stresses the benefits of certifications that can be adapted to different companies and contexts, all while retaining common cross-border baselines. As no such measure is currently in place ahead … Continue Reading

One year to go – European Commission issues statement on benefits of GDPR

By Cynthia O’Donoghue and Katalina Bateman on Posted in Privacy & Data Protection
“A year from now, the European Union will start benefiting from the new data protection standards.” This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all … Continue Reading

Still no clarity on data protection on websites: EU ePrivacy Regulation will not come into force by May 2018

By Sven Schonhofen, Dr. Thomas Fischl and Dr. Andreas Splittgerber on Posted in Privacy & Data Protection
The Council of the European Union (“Council”) has predicted that the ePrivacy Regulation will not come into force by 25 May 2018. The ePrivacy Directive (Directive 2002/58/EC) will, therefore, continue to apply. The new ePrivacy Regulation The new European data protection regime will enter into force in about one year. The General Data Protection Regulation … Continue Reading

German Parliament voted ‘Yes’ on new Data Protection Act to implement the GDPR

By Sven Schonhofen and Dr. Alexander Hardinghaus on Posted in Privacy & Data Protection
Yesterday, the German Parliament (Bundestag) passed a new Data Protection Act (Datenschutz-Anpassungs-und-Umsetzungsgesetz EU – DSAnpUG-EU; the Act), despite major criticism. The Act is available online in German here. The Act shall adjust the current German data protection laws with the requirements of the General Data Protection Regulation (GDPR), and replace the current Federal Data Protection … Continue Reading

More GDPR questions answered: new guidelines on DPIAs

By Cynthia O’Donoghue and Chantelle Taylor on Posted in Privacy & Data Protection
Although considered burdensome by some, data protection impact assessments (DPIAs) help controllers assess any data protection implications of their processing operations, with the added benefit of demonstrating compliance with the EU General Data Protection Regulation (GDPR). The Article 29 Working Party (WP29) recently published Guidelines on DPIAs and on determining whether processing is “likely to … Continue Reading

‘Once in a generation’ legislative changes: the ICO’s strategy for GDPR challenges

By Cynthia O’Donoghue and Thomas C. Evans on Posted in Privacy & Data Protection
Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR. Commissioner Denham emphasised that … Continue Reading

Man vs. machine: the ICO provides guidance on use of Big Data

By Cynthia O’Donoghue and Curtis McCluskey on Posted in GDPR, Privacy & Data Protection
As the European data protection framework evolves, big data remains a hot topic. Often, what makes up these large data sets is personal data, so it has clear data protection implications. The Information Commissioner’s Office (“ICO”) has therefore issued guidance on “Big data, artificial intelligence, machine learning and data protection.” This recent guidance provides helpful emphasis … Continue Reading

UK government publishes digital strategy to create and support a secure and thriving data economy

By Cynthia O’Donoghue and Thomas C. Evans on Posted in Privacy & Data Protection
On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union. Unlocking the data economy The Strategy notes the … Continue Reading

Bavarian Data Protection Authority issues its “7th activity report 2015/2016”

By Dr. Thomas Fischl, Dr. Philipp Süss and Dr. Alexander Hardinghaus on Posted in Privacy & Data Protection
On 3 March 2017, the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht – “DPA”) issued a 160-page 7th activity report (Tätigkeitsbericht), covering years 2015 and 2016. The activity report has been accompanied by a press release of the same date. Background In Germany, Data Protection Authorities are obliged to regularly, at least every two years, issue … Continue Reading

Implementing the GDPR: Reed Smith Webinar on Planning your Path to Compliance in 2017

By Cynthia O’Donoghue, Kate Brimsted, Philip Thomas, Daniel Kadar, Dr. Thomas Fischl and Doretta Frangaki on Posted in GDPR
We are hosting a webinar on January 30, 2017, to discuss the new obligations global organisations with interests in Europe will need to meet to comply with the GDPR. With just over 16 months to go until the Regulation will be enforced, it is vital that you understand the requirements and that you are able to … Continue Reading

Article 29 Working Party issues guidance on data portability, DPOs and lead supervisory authorities

By Cynthia O’Donoghue and Curtis McCluskey on Posted in Privacy & Data Protection
As we enter 2017, 2018 doesn’t seem that far away…and with the new General Data Protection Regulation (GDPR) due to come into effect from 25 May 2018, organisations are running out of time to ensure compliance with the new data protection requirements. It is therefore not surprising that the Article 29 Working Party (“Working Party”) … Continue Reading

Preparing for the GDPR: what you need to know

By Cynthia O’Donoghue, Kate Brimsted, Philip Thomas, Daniel Kadar and Dr. Thomas Fischl on Posted in GDPR, Privacy & Data Protection, Regulatory
Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading

UK Government Confirms GDPR Will Be a Reality For Post-Brexit Britain, Hints That Future UK Law Could Drop Some “Burdensome” EU Requirements

By Kate Brimsted and Cynthia O’Donoghue on Posted in Privacy & Data Protection
In her evidence to the Culture, Media and Sport Select Committee on 24 October, Secretary of State for the Department of Culture, Media and Sport (“DCMS”) Karen Bradley MP called out the EU General Data Protection Regulation (“GDPR”) as an example of EU law that the government would opt into. At the same time, the … Continue Reading

Does Brexit mean Brexit for data protection in the UK?

By Cynthia O’Donoghue and Chantelle Taylor on Posted in Privacy & Data Protection, Regulatory
Three months on from the landmark Brexit vote 23 June, the Information Commissioner’s Office is setting out its position regarding data protection laws in a post-Brexit UK. Elizabeth Denham, the new Information Commissioner, told the BBC that she believed the UK should adopt the General Data Protection Regulation (GDPR) regardless of Brexit. Denham stressed that … Continue Reading

Brexit: Baroness Neville-Rolfe on Data Implications

By Thomas C. Evans, Cynthia O’Donoghue and Kate Brimsted on Posted in Global Data Transfers, Privacy & Data Protection
At the beginning of July, Baroness Neville-Rolfe, Minister of State at the Department for Business, Energy and Industrial Strategy, gave a speech at the annual Privacy Laws & Business conference, outlining the government’s stance on the implications of Brexit for a range of data issues including the GDPR, cybersecurity, international data transfers and the Internet of … Continue Reading

What Will Data Protection Look Like in a Post-Brexit Britain?

By Cynthia O’Donoghue, Kate Brimsted, Philip Thomas, Chantelle Taylor and Thomas C. Evans on Posted in Data & Cyber Security
Following the United Kingdom’s vote to leave the European Union, one thing is clear: the negotiations for the terms of the UK’s exit are likely to overlap with the implementation across the EU of the General Data Protection Regulation (GDPR) in May 2018. We have prepared a client alert to lay out the facts as they … Continue Reading

International Data Transfers Face Further Setbacks: MEPs and the EDPS Reject the Privacy Shield & the Adequacy Challenge Spreads to EU Model Clauses

By Cynthia O’Donoghue, Daniel Kadar, Kate Brimsted, Dr. Thomas Fischl, Philip Thomas, Katalina Bateman, Thomas C. Evans, Chantelle Taylor, Doretta Frangaki, Caroline Gouraud and Dr. Alexander Hardinghaus on Posted in Privacy & Data Protection, Regulatory
The options available to EU organisations for lawfully transferring personal data from Europe to the United States appear to be dwindling. In particular, there have been further setbacks to the approval of the Privacy Shield and, separately, a new legal challenge to the validity of EU model contract clauses. For more information click here to … Continue Reading

UK relies on EU Treaty exception to avoid “anti-FISA” data transfers clause in European General Data Protection Regulation (“GDPR”)

By Kate Brimsted and Cynthia O’Donoghue on Posted in Global Data Transfers
In a written statement to Parliament, Baroness Neville-Rolfe confirmed the UK Government’s view that the Treaty on the Functioning of the European Union (“TFEU”) means that Article 48 of the GDPR does not apply to the UK. Article 48 of the GDPR states that any judgment or tribunal decision – or decision of an administrative … Continue Reading

EU General Data Protection Regulation in force from 25 May 2018: the Countdown to Compliance starts now

By Cynthia O’Donoghue, Daniel Kadar, Kate Brimsted, Dr. Thomas Fischl, Philip Thomas, Doretta Frangaki, Katalina Bateman, Dr. Alexander Hardinghaus, Chantelle Taylor, Caroline Gouraud and Thomas C. Evans on Posted in Information Governance, Privacy & Data Protection
The long-awaited General Data Protection Regulation was published in the Official Journal of the European Union on 4 May 2016. This means that the most comprehensive reform to the EU’s omnibus data protection law in 20 years will apply throughout the European Union from 25 May 2018. We have written in previous posts (here and here) … Continue Reading

The Data Protection Directive Is Dead! Long Live the General Data Protection Regulation!

By Kate Brimsted, Cynthia O’Donoghue and Thomas C. Evans on Posted in Privacy & Data Protection
After four years of protracted discussions and negotiations, the General Data Protection Regulation (the “GDPR”) gained final approval from the European Parliament 14 April. It will enter into force 20 days after publication in the Official Journal of the European Union (expected imminently), and it comes into force two years after that date – i.e., … Continue Reading

Happy Data Protection Day! ICO and Senate Committee’s spotlight on data protection

By Cynthia O’Donoghue and Philip Thomas on Posted in Privacy & Data Protection
In preparation for European Data Protection Day on 28 January, the ICO commissioned a survey on attitudes towards data protection. The YouGov poll revealed growing public concern over data privacy and security. Of more than 2000 respondents questioned: 95% considered it “very or fairly important” that companies were clear from the outset about how their … Continue Reading
LexBlog