Global Privacy & Security Compliance Law Blog

Category Archives: Privacy

Subscribe to Privacy RSS Feed

RuNet Law: New Russian Law Could Significantly Impact Telecom and Internet Providers and Social Media Platforms

Broadly written rules would allow the Russian government greater central control over content and data flows, and greater access to users’ information. By Fiona M. Maclean and Ksenia Koroleva On May 1, 2019, the Russian President signed draft law No. 608767-7, commonly referred to as the Russian Internet Law, or “RuNet Law” (Federal Law No. … Continue Reading

ICO Launches Consultation on Age-Appropriate Design: A Code of Practice for ISS

Online services have until 31 May to respond to 16 draft standards of age-appropriate design. By Fiona Maclean and Olga M. Phillips The ICO is required by s123 of the Data Protection Act 2018 to prepare a code of practice which contains guidance on standards of age-appropriate design of relevant information society services likely to … Continue Reading

UK’s Proposed “Online Harms” Compliance and Enforcement Regime Will Target Platforms

UK publishes White Paper with hard-hitting regulatory proposals to tackle online harms. By Alain Traill, Stuart Davis, Andrew Moyle, Deborah Kirk and Gail Crawford On 8 April 2019, the Home Office and the Department for Culture, Media and Sport (DCMS) published an “Online Harms White Paper”, proposing a new compliance and enforcement regime intended to … Continue Reading

What Companies Can Learn From CNIL’s Privacy Consent Cases on Targeted Marketing … in 60 Seconds

The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR. By Myria Saarinen and Elise Auvray Four French advertising technology companies that received a warning in 2018 from the French Data Protection Authority (CNIL) have all implemented the regulator’s required changes. The recent closure of the cases highlights … Continue Reading

No Deal Brexit and Data Transfers: Companies Must Prepare Now

Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. By Fiona M. Maclean and Jane Bentham Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data Protection Board (EDPB) has published two information notes on data transfers in the event … Continue Reading

4 Questions to Consider When Dealing With Children’s Data in the US

The FTC and many state attorneys general aggressively monitor apps, websites, and internet-connected products for COPPA compliance. By Jennifer C. Archie, Michael H. Rubin, and Alexander L. Stout In the United States, collecting data directly from children under 13 years of age is tightly regulated by a federal statute, which is aggressively monitored and enforced. … Continue Reading

DIFC Issues New Direct Marketing and Electronic Communications Guidelines

The DIFC guidelines provide practical guidance for DIFC-registered entities engaging in electronic direct marketing, including useful “dos” and “don’ts”. By Brian A. Meenagh, Fiona M. Maclean, and Laura Holden What Do DIFC-Registered Entities Need to Know? In January 2019, the Commissioner for Data Protection for the Dubai International Financial Centre (DIFC) issued new Direct Marketing … Continue Reading

5 Ways for Companies to Limit GDPR Penalties

EU data protection authorities are imposing increased penalties under the GDPR, with more proceedings forecast for 2019. By Tim Wybitul, Prof. Dr. Thomas Grützner, Dr. Wolf-Tassilo Böhm, and Dr. Isabelle Brams The General Data Protection Regulation (GDPR) has been in effect since May 2018. Although the French data protection authority (CNIL) has imposed the highest … Continue Reading

French Data Protection Authority Issues €50 Million Fine in Landmark GDPR Case

The CNIL decision handed down on 21 January 2019, which cites violations of several GDPR obligations, provides important insights for groups wishing to benefit from the “one-stop-shop mechanism”. By Gail E. Crawford, Myria Saarinen, Camille Dorval, and Laura Holden The Complaints Not more than a week after the General Data Protection Regulation 2016/679 (GDPR) came … Continue Reading

What a ‘No Deal’ Brexit Means for UK Data Privacy

Understanding the practical implications of a “No Deal” Brexit (as compared to an exit under an approved Withdrawal Agreement) following last week’s vote against the current withdrawal proposal. By Gail E. Crawford and Jane Bentham “No Deal” Brexit Unless the UK can agree on a deal with the EU that meets the approval of the … Continue Reading

German GDPR Fine Proceedings Conclude Favourably for Defending Company

Germany’s first GDPR fine offers lesson for companies planning a data breach policy. By Tim Wybitul, Wolf-Tassilo Böhm, and Isabelle Brams In November 2018, Germany’s first fine under the General Data Protection Regulation (GDPR) was imposed — and it was much lower than many expected. The favourable outcome of the proceedings for the defending company … Continue Reading

FCA Speaks Out on the Ethics of Big Data

FCA Chair hints that new regulation addressing data ethics in the FinTech space may be on the horizon. By Nicola Higgs, Fiona Maclean and Terese Saplys Will societies of the future be ruled by algocracy, in which algorithms decide how humans are governed? Charles Randell, Chair of the Financial Conduct Authority (FCA) and Payment Systems … Continue Reading

California Consumer Privacy Act of 2018 May Usher in Sweeping Change

Businesses active in California should promptly assess whether the law applies to their practices and start planning towards compliance with the new law. By Jennifer Archie, Michael Rubin, and Scott Jones Key Points: A sweeping new privacy law — the California Consumer Privacy Act of 2018 — was signed into law on June 28, 2018. … Continue Reading

Update: California’s Consumer Right to Privacy Ballot Initiative

California ballot initiative, Consumer Right to Privacy Act of 2018, gathers momentum for a November vote, spurring some telecom and internet businesses to organize opposition. By Michael H. Rubin, Roxana Mondragón-Motta, and Scott C. Jones Businesses are preparing to oppose a California ballot measure that could impose new data privacy and security obligations, with the … Continue Reading

Article 29 Working Party Publishes Privacy Shield Review: Better, but Needs Work

By Gail Crawford and Mark Sun The Article 29 Working Party (WP29), an independent European advisory body on data protection and privacy released the results of their first review of the EU-US Privacy Shield on Wednesday (6 December 2017). The WP29 has identified several “significant concerns” with the EU-US Privacy Shield (Privacy Shield) programme, as currently … Continue Reading

Schrems Strikes Again? The Future of EU Standard Contractual Clauses

By Gail Crawford and Calum Docherty On October 3, 2017, the Irish High Court announced that it will make a reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling on the validity of the Standard Contractual Clauses, which allow companies in the European Economic Area (EEA) to transfer personal data … Continue Reading

Messaging Apps May Face New Obligations in Russia

By Gail Crawford, Ksenia Koroleva, and Andrea Stout The State Duma, Russia’s lower chamber of Parliament, has adopted amendments to the Federal Law on Information, Information Technologies and Information Protection of the Russian Federation (the Law) in its first reading. Under the proposed amendments, messaging apps would be required, among other things, to verify users … Continue Reading

The Countdown Continues: One Year to the GDPR

By Gail Crawford, Ulrich Wuermeling, Calum Docherty The General Data Protection Regulation (GDPR or Regulation) will become applicable in one year, as of May 25, 2018. A lot has happened since we set out the key provisions of the Regulation last year. As companies implement compliance programmes in efforts to protect data subjects and avoid … Continue Reading

Germany Implements GDPR

By Ulrich Wuermeling Well ahead of the implementation deadline for the European General Data Protection Regulation (GDPR), the German Parliament (Bundestag) passed a new Federal Data Protection Act (Bundesdatenschutzgesetz) on April 27, 2017. The Federal Council (Bundesrat) could confirm the Act before the summer, but may require further amendments. If the Parliament and the Council fail to … Continue Reading

China Issues Draft Measures to Restrict the Overseas Transmission of Personal Data

By Hui Xu, Gail E. Crawford, Wei-Chun (Lex) Kuo, Andrea E. Stout and Sean Wu The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft Measures provide further clarification surrounding the “localization” requirement … Continue Reading

US Magistrate Judge Upholds Search Warrants for Google Data Stored Overseas, “Shards” and All

By Serrin Turner and Megan Behrman Another front recently emerged in the legal battle over whether US law enforcement authorities can use a search warrant issued under the Stored Communications Act (SCA) to obtain data stored overseas. Until now, the battle has been focused in New York, where Microsoft filed a challenge in December 2013 … Continue Reading

Keeping Your Company’s Data Safe This Tax Season

By Jennifer Archie and Alex Stout Tax-related identity theft is nothing new, but tax season 2016 took tax schemes to a new level. Last year, our cyber experts advised a large cluster of clients (public and private companies) over a period of only two weeks, following a nationwide explosion of deviously simple attacks—mostly targeted at … Continue Reading

European Commission Proposes ePrivacy Regulation

By Ulrich Wuermeling On January 10, 2017, the European Commission proposed a new ePrivacy Regulation (Proposal). Compared to the internal draft that was leaked in December, the official Proposal has been substantially modified. However, the general approach taken by the European Commission has not changed. The Proposal includes provisions with a broad scope of application covering … Continue Reading
LexBlog