Global Privacy & Security Compliance Law Blog

Tag Archives: personal data

UK Data Protection Bill: Overview of Proposed Changes (Part 1)

The bill would largely build on the UK data protection regime’s EU GDPR-style framework, albeit with UK-specific provisions. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK government introduced the Data Protection and Digital Information Bill (the Bill) to Parliament on 18 July 2022, following the publication … Continue Reading

UK Data Protection Bill: Examination of Key Provisions (Part 2)

Areas of interest include anonymisation, “recognised legitimate interests”, and the ICO’s role. By James Lloyd, Fiona M. Maclean, Calum Docherty, Irina Vasile, Alex Ford-Cox, and Amy Smyth The UK Data Protection and Digital Information Bill (the Bill) sets out the government’s proposals for reforming the current UK data protection regime (consisting primarily of the UK … Continue Reading

Virginia Consumer Data Protection Act: Second US State Passes Comprehensive Data Privacy Legislation

The Act represents an accelerating trend among US states to attempt to pass comprehensive privacy legislation in the wake of the CCPA. By Jennifer C. Archie, Michael H. Rubin, Marissa R. Boynton, and Alexander L. Stout On March 2, 2021, Virginia Governor Ralph Northam signed comprehensive state privacy legislation titled the Consumer Data Protection Act … Continue Reading

Extensive Changes to Singapore’s Data Protection Regime Take Effect

Amendments to the PDPA significantly change Singapore’s data protection landscape, including mandatory data breach notification and criminal offences for mishandling of personal data. By Farhana Sharmeen, Esther Franks, and Gen Huong Tan On 1 February 2021, certain sections of the Personal Data Protection (Amendment) Act 2020 (the Act) took effect, implementing the following changes to … Continue Reading

Data Protection Brexit Checklist: Businesses Can Rely on Personal Data Transfer Grace Period

As the Brexit transition period draws to a close, businesses will need to consider their data protection efforts to comply with both UK and EU regimes. By Gail Crawford, Fiona Maclean, and Amy Smyth The end of the Brexit transition period on 31 December 2020 will have several data protection consequences. The impact of one … Continue Reading

The Commission’s Draft Updated Standard Contractual Clauses — A Close Look

The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan, and Amy Smyth On 12 November 2020, the European Commission (the Commission) published a draft implementing decision, annexing a draft set of updated standard contractual … Continue Reading

The EDPB’s Draft Data Transfer Guidance Following Schrems II – A Close Look

The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses. By Gail Crawford, Ian Felstead, Fiona Maclean, Serrin Turner, Tim Wybitul, Victoria Wan and Amy Smyth On 10 November, the European Data Protection Board (EDPB) released its much anticipated draft guidance on … Continue Reading

French Data Protection Authority Hands Down First Sanction as Lead Authority

The CNIL has imposed a €250,000 fine on an online retailer for GDPR infringements in cooperation with other EU supervisory authorities. By Myria Saarinen and Charlotte Guerin Founded in 2006 and headquartered in France, Spartoo SAS (Spartoo) is one of the leaders of the European online shoe retail market. On 31 May 2018, a week … Continue Reading

Hong Kong Privacy Regulator Responds to Personal Data Privacy Issues Arising From COVID-19

Hong Kong regulator declares that the disclosure of personal data of potential COVID-19 carriers is permissible under law. By Kieran Donovan COVID-19 is having a profound impact not only on the way the world interacts socially, but also in the way it interacts in business. Businesses are choosing to protect the health and well-being of … Continue Reading

UK MRC Clarifies When Health Data Is Anonymised in Research Context

Research participants must identify which data sets constitute personal data to ensure compliance with the GDPR. By Frances Stocks Allen and Mihail Krepchev The UK Medical Research Council (MRC) has published a useful guidance note on the identifiability, anonymisation, and pseudonymisation of personal data in the context of research activities (the Guidance). The Guidance reminds … Continue Reading

Adtech and Real Time Bidding in the Regulatory Crosshairs

UK data protection regulator demands companies in the RTB ecosystem re-evaluate privacy notices, use of personal data, and lawful basis. By Robert Blamires, Calum Docherty, Laura Holden, and Lucy Tucker The UK Information Commissioner’s Office’s (ICO’s) latest report into adtech and real time bidding (RTB) (the ICO Report) provides a stark assessment of the adtech … Continue Reading

Clinical Trials Under the GDPR: What Should Sponsors Consider?

Sponsors outside the European Union conducting clinical trials in the EU should consider current guidelines and the Breyer case to understand whether GDPR requirements will apply to them. By Gail Crawford and Frances Stocks Allen Many sponsors of clinical trials believe that companies based outside the EU who sponsor clinical trials conducted in the EU … Continue Reading
LexBlog