Archives: International Privacy

Subscribe to International Privacy RSS Feed

CHINA DATA PROTECTION UPDATE (JANUARY 2017)

Guidance on who is a “key information infrastructure operator” under the PRC Cybersecurity Law, and draft regulations on handling minors’ data In the rapidly evolving data protection compliance environment in the People’s Republic of China, this month has seen some helpful clarification around two areas of uncertainty – namely:  some further indications as to whom … Continue Reading

France’s Law for a Digital Republic expands transparency rules – significant changes for platforms, telecoms, online providers

Written By Caroline Chancé and Carol A. F. Umhoefer France’s newly published Law for a Digital Republic includes key provisions that aim to foster more consumer and user trust in the digital ecosystem by requiring enhanced transparency and fairness obligations for online platforms and heightened confidentiality of private electronic  correspondence. These provisions will be fully effective … Continue Reading

CASL made clearer: CRTC releases its first compliance and enforcement decision under Canada’s Commerce Messages Law

Written by Kelly Friedman, Tamara Hunter and Jim Halpert The Canadian Radio-Television and Telecommunications Commission (CRTC) has issued its first Compliance and Enforcement Decision for violation of Canada’s anti-spam legislation (CASL). Until now, CRTC CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the  Enforcement Branch and the company. But this decision, … Continue Reading

EUROPE: ECJ – Dynamic IP addresses may constitute personal data

Written by Jan Pohle and Jan Spittka In its landmark decision in the case Breyer v. Federal Republic of Germany (decision dated 19 October 2016, case number C-582/14), the European Court of Justice (ECJ) not only ended the long and tricky debate whether dynamic IP addresses constitute personal data even if the data controller processing … Continue Reading

Belgian Privacy Commission issues a 13 steps plan for companies preparing for GDPR compliance

Following a series of guidance published by fellow national DPAs, the Belgian Privacy Commission launched a 13 step GDPR-readiness roadmap helping companies processing personal data to start preparing themselves. The Privacy Commission will also create a GDPR-themed section on its website where data controllers and processor can consult additional guidelines, instruments and frequently asked questions. … Continue Reading

Singapore’s enforcement of data protection law on the rise

Written by: Scott Thiel and Carolyn Biggs Singapore’s Personal Data Protection Commission (PDPC) is stepping up its efforts to enforce the Personal Data Protection Act 2012 (PDPA). Following the release of its first nine enforcement decisions in April this year, the PDPC has published a further enforcement decision in June and two decisions in July, … Continue Reading

Data Protection Working Party Announces decision to reject EU-US Privacy Shield

Written by Sydney White On April 13, the Article 29 Data Protection Working Party announced a decision to reject the EU-US Privacy Shield agreement as drafted and requested changes based upon the following concerns, on which we provide some initial analysis. The Privacy Shield lacks clarity due to its format (the European Commission adequacy decision … Continue Reading

EUROPE – US: EU Data Protection Authorities voice strong concerns about Privacy Shield

EU Data Protection Authorities demand improvements before EU – US transfer mechanism will be approved. The Article 29 Working Party (“WP29“), which comprises the national data protection authorities of the EU member states, issued a statement on Wednesday strongly criticizing the draft “EU – US Privacy Shield” proposal. Privacy Shield is intended to be the … Continue Reading

US COMMERCE DEPARTMENT, EC RELEASE PRIVACY SHIELD DETAILS; EC RELEASES ADEQUACY DECISION ON SHIELD’S PROTECTIONS

On February 29, 2016, the Department of Commerce and European Commission released the details of the new US-EU Privacy Shield program, intended to replace the now defunct US-EU Safe Harbor program. According to the materials released, the new program includes an expanded set of privacy principles, increased operational vetting to be conducted by the Commerce … Continue Reading

UAE: The intersection between UAE privacy laws and new technologies

Eamon Holley, Legal Director at DLA Piper Middle East (Dubai), spoke on Dubai Eye’s “The Agenda” radio show on February 2, 2016. On the show, he discussed how UAE privacy laws are intersecting with new technologies and innovations, such as cameras on drones, cameras in taxis, and dashcams. To access a recording of this segment, … Continue Reading

WP29 Says to Continue Using MCs and BCRs to transfer EU Data to US

Following on from yesterday’s announcement regarding the political agreement of the EU-US Privacy Shield, to replace the Safe Harbor program, European data protection authorities met today to be briefed on this. Their view at present seems to be cautiously optimistic. The group, called the Article 29 Working Party, welcomed the political agreement but noted that … Continue Reading

AGREEMENT REACHED ON REPLACEMENT TO EU-US SAFE HARBOR;

EU Justice Commissioner Vera Jourová and her colleague Andius Ansip gave a press conference this afternoon (local time) announcing that the long-running negotiations between the EU and US to find a replacement to the invalidated Safe Harbor program have reached a successful conclusion. The US Department of Commerce gave a subsequent briefing about the agreement … Continue Reading

Safe Harbor: European Commission issues guidance to clarify the EU-US data transfer conundrum

On 6 November 2015, the European Commission issued guidance in the form of a Communication on the transfer of personal data from the EU to the US following the Schrems Judgment at the beginning of October (for information on the Judgment, see DLA Piper’s Privacy Matters blog post).… Continue Reading

EUROPE – UNITED STATES: 10 practical proposals for bridging the US-EU data privacy ocean

Nineteen renowned privacy experts from the US and the EU, amongst them DLA Piper’s Patrick Van Eecke, have developed ten practical proposals to increase the transatlantic level of protection of personal data. Most proposals can be implemented within existing different legal systems and are applicable worldwide. It concerns pragmatic bridges that benefit people, companies, governments … Continue Reading

GERMANY: New Data Retention Act – Retention Obligations for Telecommunications and Internet Access Service Providers

Written by Dr. Jan Geert Meents, Dr. Thomas Jansen and Dr. Reka Hatala Today the German Bundestag passed a highly disputed law on the retention of personal data. 404 out of 559 MEPs voted for the bill pursuant to which German providers of publicly available telecommunication and internet access services must store call detail records … Continue Reading

Ground-breaking European Court Decision – US Safe Harbor declared invalid

On October 6th, in a ground-breaking Decision, the Court of Justice of the European Union (CJEU) declared the US Safe Harbor scheme to be invalid, as well as confirming that individuals have the right to challenge any similar schemes that may be established by the European Commission through their national data protection authorities. The US … Continue Reading

Getting foggy in the Safe Harbor – Privacy agreement between EU and US at stake?

By Patrick Van Eecke & Loretta Marschall Today an important statement was issued endangering the free flow of personal data from the European Union to the United States. Advocate General Bot issued his opinion to the Court of Justice of the European Union (CJEU) in the Facebook case on whether or not a national supervisory … Continue Reading

FRANCE: New Law on Intelligence Adopted

By Florence Guthfreund-Roland and Mathilde Hallé On June 24th, 2015 a new bill regarding intelligence was adopted in the French Parliament by a vote of 438 to 86 (the “Intelligence Law”). The new legal framework set forth by the Intelligence Law The necessity of reforming the legal framework surrounding intelligence-gathering had been highlighted in several … Continue Reading

NETHERLANDS – Legislation on mandatory data breach notification adopted by the Dutch Senate

Written by Richard van Schaik, Robin de Wit and Charlotte van Triest On May 26, the Dutch Senate adopted the legislative bill on Data Breach Notifications, thereby amending the Dutch Data Protection Act and the Telecommunications Act (Wetsvoorstel meldplicht datalekken en uitbreiding bestuurlijke boetebevoegdheid Cbp). Content bill The bill introduces the mandatory obligation for all … Continue Reading

China Adopts the New National Security Law – A Top Legislative Effort To Control Cyber Security

Written by Scott Thiel On 1 July, 2015, the Standing Committee of the National People’s Congress, China’s top legislature, approved the new National Security Law of the People’s Republic of China (中华人民共和国国家安全法, the “New Law”) which became effective on the same day. This New Law is very high-level in its nature covering a wide range … Continue Reading

Internet Sweep Days: Focus on Children’s Data

Written by Carol Umhoefer Between May 12 and May 15, 2015, as part of the annual Internet Sweep Days, nearly 30 Data Protection Authorities (“DPAs”) audited child-oriented websites and mobile apps to check compliance with data privacy rules. Results are expected in Q3 2015. The Global Privacy Enforcement Network (“GPEN”), which brings together numerous countries’ … Continue Reading

DRONES IN THE UAE: THE LEGAL PITFALLS

Written by Eamon Holley, Legal Director, and Mohamed Moussallati, Legal Consultant, both based in Dubai, UAE Drones (also known as unmanned aerial vehicles, or UAVs) of different shapes, sizes and specifications are definitely one of ‘the’ gadgets of the year and over the last few years have become increasingly available and affordable in the UAE. … Continue Reading

EUROPE: EU-US data flows at risk? European Court of Justice today heard Facebook case.

By Patrick Van Eecke and Julie De Bruyn Today the Schrems v. Irish Data Protection Commission case was brought before the Court of Justice of the European Union (‘CJEU’) for an oral hearing, following referral by the Irish High Court. While the final ruling by the CJEU is to be awaited until June 24, it … Continue Reading
LexBlog