Global Privacy & Security Compliance Law Blog

Tag Archives: Privacy Regulators

Hong Kong Privacy Regulator Highlights Data Security Guidance as Cyberattacks Increase

The Privacy Commissioner for Personal Data reminds organisations to review and implement appropriate data security measures amidst more data breaches. By Kieran Donovan, Anthony Liu, and Jacqueline Van On 13 February 2023, the Privacy Commissioner for Personal Data of Hong Kong (PCPD) published an article titled “Guidance on Data Security – Heightened Importance of Data … Continue Reading

Takeaways From Hong Kong PCPD’s 2021-22 Annual Report

The Office of the Privacy Commissioner for Personal Data of Hong Kong summarised enforcement trends and plans to further amend the Personal Data (Privacy) Ordinance. By Kieran Donovan and Jacqueline Van On 9 November 2022, the Office of the Privacy Commissioner for Personal Data of Hong Kong (Commissioner) published its annual report titled “A New … Continue Reading

Russia Introduces New Definition and Obligations for Audiovisual Service Owners

By Gail Crawford and Ksenia Koroleva The Federal Law No. 87-FZ of May 1, 2017, on Amendments to the Federal Law on Information, Information Technologies, and Information Protection (the Law) came into force on July 1, 2017. The Law introduces the definition of an audiovisual service owner and regulates their activities, including imposing ownership restrictions. The Notion of … Continue Reading

European Commission Proposes ePrivacy Regulation

By Ulrich Wuermeling On January 10, 2017, the European Commission proposed a new ePrivacy Regulation (Proposal). Compared to the internal draft that was leaked in December, the official Proposal has been substantially modified. However, the general approach taken by the European Commission has not changed. The Proposal includes provisions with a broad scope of application covering … Continue Reading

GDPR Guidance: DPOs, Data Portability & the One-Stop-Shop

By Fiona Maclean & Calum Docherty The Article 29 Working Party (WP29) – the group that represents the data protection authorities of all EU Member States – has published guidance and FAQs on a number of issues under the General Data Protection Regulation (GDPR). Data Protection Officers (DPOs) (Guidance & FAQs) DPOs are the cornerstone … Continue Reading

FCC Issues New Privacy Regulations for Broadband Providers

By Matt Murchison and Alex Stout Today, the US Federal Communications Commission (FCC) approved far-reaching new information privacy rules that will govern how providers of broadband Internet access service collect, use, protect, and share data from their subscribers. These new rules, which were adopted by a 3 to 2 vote, are intended to fill a … Continue Reading

Anonymous or Not: Court of Justice Issues Ruling on IP Addresses

By Gail Crawford and Ulrich Wuermeling On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a ruling on the question of whether IP addresses constitute personal data. The ruling has direct implications on the general question of when data can be regarded as anonymous and, thus, fall outside the scope of data … Continue Reading

“Yarovaya” Law – New Data Retention Obligations for Telecom Providers and Arrangers in Russia

By Ksenia Koroleva On July 6, 2016, Russian President Vladimir Putin signed Federal Law No 374-FZ. This law is also known as the “Yarovaya” law (named after a Russian senator who was the main driving force for the law to come into existence). The Yarovaya law introduces amendments to certain Russian federal laws. The majority … Continue Reading

“Hacking” Warrants: A Question of Procedure or Substance?

By Serrin Turner Typically, the process for amending the Federal Rules of Criminal Procedure is a sleepy affair. Proposed amendments wend their way through a series of judicial committees and, if approved by the Supreme Court, take effect automatically by the end of the year. Theoretically, Congress may choose to intervene and block the change – … Continue Reading

The Countdown to the General Data Protection in Europe Has Begun

By Gail Crawford and Lore Leitner Today, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR will introduce a rigorous, far-reaching privacy framework for businesses that operate, target customers or monitor individuals in the EU. The Regulation sets out a suite of new … Continue Reading

Are Changes in Store for the Stored Communications Act?

By Serrin Turner Last week saw action on two fronts regarding the Stored Communications Act (SCA) – the US federal statute regulating government searches of online accounts in criminal investigations. In Congress, a proposal to reform the SCA advanced in the House; and in the courts, Microsoft sued to challenge a provision of the SCA as … Continue Reading

Analysis of the FCC’s Proposed Broadband Privacy Regulations

By Amanda Potter and Alex Stout As we highlighted in a post last month, the FCC has proposed sweeping new privacy rules on broadband providers. Since our last post, the FCC has released its proposal in the form of a Notice of Proposed Rulemaking. This proposal would institute new customer privacy and data breach rules … Continue Reading

Recent Amendments to the Russian Personal Data Protection Legislation: The Right to be Forgotten

By Mikhail Turetsky, Ksenia Koroleva and Lore Leitner On July 13, 2015, the Russian President signed Federal Law No. 264-FZ (the Law), which introduced a range of amendments into Russian legislation (the Amendments). In particular, the principle of the “right to be forgotten”, a concept not previously recognized under Russian law came into effect on … Continue Reading

Privacy Shield is on its Way

By Ulrich Wuermeling, Jennifer Archie & Lore Leitner On March 17, 2016, the Civil Liberties Committee convened to discuss whether the Privacy Shield framework that will replace Safe Harbor provides adequate protection to the data of EU citizens. A number of experts were questioned including: the US lead negotiator, the EU Data Protection Supervisor, members of the … Continue Reading

FCC Proposes Broad Privacy Regulations for Broadband Providers

By Matt Murchison and Alex Stout Last week, the FCC announced that Chairman Tom Wheeler had circulated a Notice of Proposed Rulemaking (NPRM) on implementing Section 222’s privacy obligations for broadband providers. Section 222’s requirements were originally crafted for telephone companies, and were first applied to broadband providers as part of the 2015 Open Internet … Continue Reading

Proposal of EU-US Privacy Shield Leaves Businesses in State of Uncertainty

By Ulrich Wuermeling, Gail Crawford and Jennifer Archie Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor regime, such as more direct and active oversight by US … Continue Reading

Political Agreement on European Data Protection Regulation

By Ulrich Wuermeling A political compromise has been reached on the new European Data Protection Regulation. On December 15, 2015, the negotiators in the so-called “informal trilogue” between the Council, the Parliament and the European Commission closed the final issues. Meanwhile, the Luxembourg Presidency informed the LIBE-Committee of the Parliament as well as the Permanent Representatives Committee … Continue Reading

MEPs Agree to Europe’s First-Ever EU Cybersecurity Law

By Gail Crawford and Andrea Stout On December 7th, members of the European Parliament (MEPs) and the Luxembourg Presidency of the EU Council of Ministers provisionally agreed to the text of the long awaited network and information security directive also known as the cybersecurity directive (Directive). While the text of the proposed Directive has yet … Continue Reading

Final Negotiations on European Data Protection Regulation

By Ulrich Wuermeling Almost four years after the European Commission introduced their draft for a new European Data Protection Regulation, negotiators of the European Parliament and Council are close to agreeing on a compromise text, set for December 15, 2015. If the final negotiations in the so-called “informal trilogue” are successful, the legislative process can be formally … Continue Reading

FTC Administrative Law Judge Issues Initial Decision in LabMD Matter

By Jennifer Archie, Scott Jones and Alex Stout In a stunning victory, an administrative law judge has recommended the dismissal of a long-pending US Federal Trade Commission (FTC) complaint against LabMD, Inc. (LabMD). In a strongly worded opinion in a case that had become highly politicized following 2014 congressional hearings, ALJ D. Michael Chappell found … Continue Reading

European Commission Defends Model Contracts

By Ulrich Wuermeling On November 6, the European Commission issued a comprehensive Communication on the consequences of the Schrems Judgment of the Court of Justice of the European Union (ECJ). In the Communication, the Commission puts national data protection authorities in their place by stating that Model Contracts are a valid alternative measure to provide … Continue Reading

DIFC in Dubai Says Transfer to US Cannot Rely on Safe Harbor

By Brian Meenagh On October 26, 2015, Raja Al Mazrouei, the Commissioner for Data Protection for the Dubai International Financial Centre (the DIFC), issued guidance on the adequacy of US Safe Harbor for the purpose of exporting personal data from the DIFC. The guidance is significant for organisations that transfer personal data from the DIFC to the … Continue Reading
LexBlog