Global Privacy & Security Compliance Law Blog

Tag Archives: data privacy

Takeaways From Hong Kong PCPD’s 2021-22 Annual Report

The Office of the Privacy Commissioner for Personal Data of Hong Kong summarised enforcement trends and plans to further amend the Personal Data (Privacy) Ordinance. By Kieran Donovan and Jacqueline Van On 9 November 2022, the Office of the Privacy Commissioner for Personal Data of Hong Kong (Commissioner) published its annual report titled “A New … Continue Reading

Saudi Arabia Issues Amended Data Protection Law for Consultation

The amendment proposes business-friendly changes regarding data localization and legitimate interests. By Brian Meenagh and Lucy Tucker On November 20, 2022, the Saudi Data and AI Authority (SDAIA) published an amended version of the Kingdom of Saudi Arabia’s (KSA or the Kingdom) Personal Data Protection Law (PDPL) for consultation (the Amended Draft). The Amended Draft … Continue Reading

The European Health Data Space — Panacea or Poison Pill?

The proposal provides a uniform basis for secondary research and clarifies uncertainty over implementation and interpretation of the GDPR but also raises many questions. By Oliver Mobasser and Gail Crawford On 3 May 2022, the European Commission launched its proposal for a Regulation for the European Health Data Space to “unleash the full potential of … Continue Reading

Austrian Court Submits Questions on GDPR Civil Damages Claims to CJEU

The CJEU’s decision is likely to have significant implications for ongoing and future proceedings for damages claims under Art. 82 GDPR. By Tim Wybitul, Christoph Baus, Stefan Patzer, and Isabelle Brams On April 15, 2021, the Austrian Supreme Court (OGH) referred key questions regarding non-material damages for data protection infringements under Art. 82 GDPR to … Continue Reading

German Court: CJEU Must Clarify Whether GDPR Provides Materiality Threshold

The decision means the CJEU will need to clarify the framework for GDPR damages claims. By Tim Wybitul, Dr. Christoph Baus, and Dr. Isabelle Brams The German Federal Constitutional Court has ruled that the Court of Justice of the European Union (CJEU) needs to clarify if the General Data Protection Regulation (GDPR) provides for a … Continue Reading

The EDPB’s Draft Data Transfer Guidance Following Schrems II – A Close Look

The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan and Amy Smyth On 10 November, the European Data Protection Board (EDPB) released its much anticipated draft guidance on … Continue Reading

China Issues Draft Data Security Law for Public Comment

The proposed Data Security Law has a broad jurisdictional scope and will expand the PRC’s regulatory framework for information and data. By Hui Xu, Gail E. Crawford, Jennifer C. Archie, Kieran Donovan, and Aster Y. Lin On July 3, 2020, the Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) … Continue Reading

French State Council Upholds CNIL’s €50M Fine for GDPR Violations

The Council decision contains useful considerations and clarifications on the “one-stop shop” mechanism, transparency obligations, and consent for targeted advertising. By Myria Saarinen and Camille Dorval On 19 June 2020, France’s Highest Administrative Court (Council) handed down its decision on the appeal filed by Google LLC (Google) against the French Data Protection Authority’s (CNIL’s) decision … Continue Reading

Adtech and Real Time Bidding in the Regulatory Crosshairs

UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. By Robert Blamires, Calum Docherty, Laura Holden, and Lucy Tucker The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real time bidding (RTB) (the ICO Report) provides a stark assessment of the adtech … Continue Reading

China Issues New Cybersecurity Law to Protect Children

China’s PCPPIC protects children’s personal information in much the same way as COPPA and the GDPR, but with a few differences. By Wei-Chun (Lex) Kuo, Weina (Grace) Gao, and Cheng-Ling Chen On August 22, 2019, the Cyberspace Administration of China (CAC) released a new data privacy regulation related to children, the Provisions on Cyber Protection … Continue Reading

RuNet Law: New Russian Law Could Significantly Impact Telecom and Internet Providers and Social Media Platforms

Broadly written rules would allow the Russian government greater central control over content and data flows, and greater access to users’ information. By Fiona M. Maclean and Ksenia Koroleva On May 1, 2019, the Russian President signed draft law No. 608767-7, commonly referred to as the Russian Internet Law, or “RuNet Law” (Federal Law No. … Continue Reading

ICO Launches Consultation on Age-Appropriate Design: A Code of Practice for ISS

Online services have until 31 May to respond to 16 draft standards of age-appropriate design. By Fiona Maclean and Olga M. Phillips The ICO is required by s123 of the Data Protection Act 2018 to prepare a code of practice which contains guidance on standards of age-appropriate design of relevant information society services likely to … Continue Reading

EDPB Clarifies Use of Consent and Other Legal Grounds for Clinical Trials, but Challenges Remain

European regulators are expected to align their processes and guidance to accommodate the EDPB’s recommended approach to processing special categories of personal data. By Gail E. Crawford, Frances Stocks Allen, and Mihail Krepchev In January, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the General Data Protection Regulation (GDPR) and … Continue Reading

No Deal Brexit and Data Transfers: Companies Must Prepare Now

Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. By Fiona M. Maclean and Jane Bentham Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data Protection Board (EDPB) has published two information notes on data transfers in the event … Continue Reading

4 Questions to Consider When Dealing With Children’s Data in the US

The FTC and many state attorneys general aggressively monitor apps, websites, and internet-connected products for COPPA compliance. By Jennifer C. Archie, Michael H. Rubin, and Alexander L. Stout In the United States, collecting data directly from children under 13 years of age is tightly regulated by a federal statute, which is aggressively monitored and enforced. … Continue Reading

What a ‘No Deal’ Brexit Means for UK Data Privacy

Understanding the practical implications of a “No Deal” Brexit (as compared to an exit under an approved Withdrawal Agreement) following last week’s vote against the current withdrawal proposal. By Gail E. Crawford and Jane Bentham “No Deal” Brexit Unless the UK can agree on a deal with the EU that meets the approval of the … Continue Reading

Clinical Trials Under the GDPR: What Should Sponsors Consider?

Sponsors outside the European Union conducting clinical trials in the EU should consider current guidelines and the Breyer case to understand whether GDPR requirements will apply to them. By Gail Crawford and Frances Stocks Allen Many sponsors of clinical trials believe that companies based outside the EU who sponsor clinical trials conducted in the EU … Continue Reading

EDPB Publishes Regulatory Guidance on Territorial Scope of GDPR

The Guidance provides helpful clarifications for service providers and their customers on both sides of the Atlantic. By Robert Blamires, Fiona M. Maclean, and Danielle van der Merwe Long-awaited guidance on the territorial scope of the General Data Protection Regulation (GDPR) has been published by the European Data Protection Board (EDPB) for public consultation (Guidance). … Continue Reading

California Consumer Privacy Act of 2018 May Usher in Sweeping Change

Businesses active in California should promptly assess whether the law applies to their practices and start planning towards compliance with the new law. By Jennifer Archie, Michael Rubin, and Scott Jones Key Points: A sweeping new privacy law — the California Consumer Privacy Act of 2018 — was signed into law on June 28, 2018. … Continue Reading

Russia Introduces New Definition and Obligations for Audiovisual Service Owners

By Gail Crawford and Ksenia Koroleva The Federal Law No. 87-FZ of May 1, 2017, on Amendments to the Federal Law on Information, Information Technologies, and Information Protection (the Law) came into force on July 1, 2017. The Law introduces the definition of an audiovisual service owner and regulates their activities, including imposing ownership restrictions. The Notion of … Continue Reading

The Countdown Continues: One Year to the GDPR

By Gail Crawford, Ulrich Wuermeling, Calum Docherty The General Data Protection Regulation (GDPR or Regulation) will become applicable in one year, as of May 25, 2018. A lot has happened since we set out the key provisions of the Regulation last year. As companies implement compliance programmes in efforts to protect data subjects and avoid … Continue Reading

6 Key Requirements of China’s First Network Security Law

By Jennifer Archie, Gail Crawford, Serrin Turner, Hui Xu & Lex Kuo The Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) has introduced China’s first and comprehensive Network Security Law (also referred to as Cybersecurity Law). The law will have far-reaching implications for parties that utilize the internet and … Continue Reading
LexBlog