UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit. By Gail E. Crawford, Fiona Maclean, and Amy Smyth Following a consultation process, the UK government has now confirmed that it will put forward legislation to require non-UK-based digital services providers — larger cloud providers, search engines, and … Continue Reading
This week the Court of Justice of the European Union (‘CJEU’) heard a case that could destabilise data flows between the US and EU under the EU-US Safe Harbor Decision. In Schrems v Data Protection Commissioner(C-362/14), the same court that last year approved the “right to be forgotten” online heard evidence about the adequacy of … Continue Reading
A Stored Communications Act (SCA) search warrant case arising out of a New York federal narcotics trafficking investigation is being closely watched by EU data protection authorities, privacy advocates, multinational internet service providers, and law enforcement, among others, as the parties pursue an expedited appeal to the Second Circuit Court of Appeals. Captioned In re Search … Continue Reading
By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading
The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading
Spokeo Consent Decree Serves as Important Caution to Buyers and Sellers of Social Media Reports on Consumers to Understand and Comply with FCRA By Jennifer Archie, Kevin Boyle and Kelsey McPherson As part of a settlement announced Monday, the FTC sends a reminder that the requirements of the Fair Credit Reporting Act (“FCRA”) apply to … Continue Reading
In a decision published on February 16, 2011 (Deliberation No. 2011-023), the French data protection authority (CNIL) exempted non EU-based companies from any prior notification obligation with regard to their payroll, customer and prospects data processed in France. This exemption will be of particular interest for non EU companies engaging cloud service providers with processing … Continue Reading
The processing of personal data in the context of evolving technology and globalisation of commerce has prompted the Article 29 Working Party to take a hard look at the applicable law provisions under the European Data Protection Directive and its implementation by the Member States in its most recent Opinion. The Working Party believes that … Continue Reading