By Ulrich Wuermeling Well ahead of the implementation deadline for the European General Data Protection Regulation (GDPR), the German Parliament (Bundestag) passed a new Federal Data Protection Act (Bundesdatenschutzgesetz) on April 27, 2017. The Federal Council (Bundesrat) could confirm the Act before the summer, but may require further amendments. If the Parliament and the Council fail to … Continue Reading
By Fiona Maclean & Calum Docherty The Article 29 Working Party (WP29) – the group that represents the data protection authorities of all EU Member States – has published guidance and FAQs on a number of issues under the General Data Protection Regulation (GDPR). Data Protection Officers (DPOs) (Guidance & FAQs) DPOs are the cornerstone … Continue Reading
By Gail Crawford and Ulrich Wuermeling As the whole world now knows, the UK voted to leave the European Union (EU) in its historic referendum on 23rd June by a vote of 51.9 percent in favour of “leave” to 48.1 in favour of “remain”. This blog focusses on how that decision will impact both UK … Continue Reading
By Ulrich Wuermeling, Gail Crawford and Jennifer Archie Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor regime, such as more direct and active oversight by US … Continue Reading
By Ulrich Wuermeling A political compromise has been reached on the new European Data Protection Regulation. On December 15, 2015, the negotiators in the so-called “informal trilogue” between the Council, the Parliament and the European Commission closed the final issues. Meanwhile, the Luxembourg Presidency informed the LIBE-Committee of the Parliament as well as the Permanent Representatives Committee … Continue Reading
By Gail Crawford and Andrea Stout On December 7th, members of the European Parliament (MEPs) and the Luxembourg Presidency of the EU Council of Ministers provisionally agreed to the text of the long awaited network and information security directive also known as the cybersecurity directive (Directive). While the text of the proposed Directive has yet … Continue Reading
By Ulrich Wuermeling Almost four years after the European Commission introduced their draft for a new European Data Protection Regulation, negotiators of the European Parliament and Council are close to agreeing on a compromise text, set for December 15, 2015. If the final negotiations in the so-called “informal trilogue” are successful, the legislative process can be formally … Continue Reading
By Ulrich Wuermeling On November 6, the European Commission issued a comprehensive Communication on the consequences of the Schrems Judgment of the Court of Justice of the European Union (ECJ). In the Communication, the Commission puts national data protection authorities in their place by stating that Model Contracts are a valid alternative measure to provide … Continue Reading
By Brian Meenagh On October 26, 2015, Raja Al Mazrouei, the Commissioner for Data Protection for the Dubai International Financial Centre (the DIFC), issued guidance on the adequacy of US Safe Harbor for the purpose of exporting personal data from the DIFC. The guidance is significant for organisations that transfer personal data from the DIFC to the … Continue Reading
By Ulrich Wuermeling On October 26, the European Commissioner Věra Jourová addressed the Parliament Committee on Civil Liberties, Justice and Home Affairs to discuss the consequences of the Schrems Judgment of the Court of Justice of the European Union (ECJ). Jourová commented on the status of the negotiations with the US to find a new solution … Continue Reading
By Ulrich Wuermeling An early Position Paper of the German data protection authority of Schleswig-Holstein on the Schrems Judgment of the Court of Justice of the European Union (ECJ) gave little hope for practical alternatives to Safe Harbor. On October 26, all German data protection authorities published a more reasoned joint Statement that follows the … Continue Reading
By Gail Crawford, Ulrich Wuermeling and Jennifer Archie The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement summarizing their initial conclusions. The Working Party includes representatives of … Continue Reading
By Jennifer Archie, Gail Crawford and Ulrich Wuermeling On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid (Case C-362/14 – Maximillian Schrems … Continue Reading
This week the Court of Justice of the European Union (‘CJEU’) heard a case that could destabilise data flows between the US and EU under the EU-US Safe Harbor Decision. In Schrems v Data Protection Commissioner(C-362/14), the same court that last year approved the “right to be forgotten” online heard evidence about the adequacy of … Continue Reading
By Kevin Boyle and Alex Stout On Monday, the data security firm CrowdStrike released a new report pointing a digital finger at the Chinese Army for cyber espionage against western technology companies. It has long been known that some of the most serious cyber challenges stem from state-sponsored attacks using encryption, customized tools that anti-virus … Continue Reading
By Larry Cohen and Gail Crawford While the popular press has been full of stories about the European Court of Justice’s (“ECJ”) ruling creating a “right to be forgotten” (ahead of the still pending Data Protection Regulation), we will focus on both the ruling as well as the specific questions referred to the ECJ that … Continue Reading
Guest Blogger Jillian Chia from Skrine, Kuala Lumpur, Malaysia & Gail Crawford With the Malaysian Personal Data Protection Act 2013 (“PDPA”) having come into force on 15 November 2013, Jillian Chia, Senior Associate at Skrine, provides an overview of the salient provisions in the Regulations and Orders. She notes that that there is a grace period for … Continue Reading
By, Jeremy M. Alexander, Natalie E. Brown & Susan A. Ebersole The day all covered entities and business associates have been working toward is here—September 23, 2013, the deadline to comply with the changes in the HIPAA omnibus final rule, published on January 25, 2013. Here is a review of the top three compliance categories … Continue Reading
By Kevin Boyle and Aryeh Richmond Here is a reminder that the Federal Trade Commission’s revisions to its Children’s Online Privacy Protection Rule become effective on July 1. If you haven’t already, now is the time to make sure you have revisions to meet the rule in place as FTC and state attorney general inquiries … Continue Reading
By Simon Berry and Carmen Guo In recent weeks, many Hong Kong businesses have circulated emails to contacts in their customer databases, offering recipients the ability to “opt out” of future direct marketing. This is in response to the introduction of a new Part VI A (effective as of 1 April 2013) into Hong Kong’s … Continue Reading
By Jennifer Archie On Friday, Feb. 1, 2013, following the now expected series of public workshops and roundtables and well-timed enforcement actions, the Federal Trade Commission Staff issued a new 36-page staff report, Mobile Privacy Disclosures: Building Trust Through Transparency. The Report summarizes past actions and guidance, and makes new recommendations for clearly and transparently … Continue Reading
By Li Jie Han On December 28, 2012, the Standing Committee of the National People’s Congress (“NPC”) of the People’s Republic of China adopted the Decision on Strengthening the Protection of Online Information (“Decision”). The Decision contains twelve (12) clauses, which are applicable to entities in both the public and private sectors in respect of … Continue Reading
Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation. The reports runs to over 200 pages and contains over 350 separate amendments. Since the original draft regulation was … Continue Reading
By Jennifer Archie, Kevin Boyle, and Gail Crawford What are the data breach risks that are of the most concern to the hospitality industry? What is the US Federal Trade Commission’s jurisdictional authority and what enforcement tools do they have available when it comes to data security? Learn more about these issues and other top … Continue Reading