Archives: New Privacy Laws

Subscribe to New Privacy Laws RSS Feed

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only … Continue Reading

Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean?

Written by Sydney White and Jim Halpert This week the US House of Representatives passed a Congressional Review Act (CRA) resolution of disapproval of the US Federal Communications Commission (FCC) broadband privacy rules that were approved by the FCC in a straight partisan vote at the end of the Obama Administration, but have not yet … Continue Reading

CHINA DATA PROTECTION UPDATE (JANUARY 2017)

Guidance on who is a “key information infrastructure operator” under the PRC Cybersecurity Law, and draft regulations on handling minors’ data In the rapidly evolving data protection compliance environment in the People’s Republic of China, this month has seen some helpful clarification around two areas of uncertainty – namely:  some further indications as to whom … Continue Reading

France’s Law for a Digital Republic expands transparency rules – significant changes for platforms, telecoms, online providers

Written By Caroline Chancé and Carol A. F. Umhoefer France’s newly published Law for a Digital Republic includes key provisions that aim to foster more consumer and user trust in the digital ecosystem by requiring enhanced transparency and fairness obligations for online platforms and heightened confidentiality of private electronic  correspondence. These provisions will be fully effective … Continue Reading

US COMMERCE DEPARTMENT, EC RELEASE PRIVACY SHIELD DETAILS; EC RELEASES ADEQUACY DECISION ON SHIELD’S PROTECTIONS

On February 29, 2016, the Department of Commerce and European Commission released the details of the new US-EU Privacy Shield program, intended to replace the now defunct US-EU Safe Harbor program. According to the materials released, the new program includes an expanded set of privacy principles, increased operational vetting to be conducted by the Commerce … Continue Reading

WP29 Says to Continue Using MCs and BCRs to transfer EU Data to US

Following on from yesterday’s announcement regarding the political agreement of the EU-US Privacy Shield, to replace the Safe Harbor program, European data protection authorities met today to be briefed on this. Their view at present seems to be cautiously optimistic. The group, called the Article 29 Working Party, welcomed the political agreement but noted that … Continue Reading

AGREEMENT REACHED ON REPLACEMENT TO EU-US SAFE HARBOR;

EU Justice Commissioner Vera Jourová and her colleague Andius Ansip gave a press conference this afternoon (local time) announcing that the long-running negotiations between the EU and US to find a replacement to the invalidated Safe Harbor program have reached a successful conclusion. The US Department of Commerce gave a subsequent briefing about the agreement … Continue Reading

NETHERLANDS – Legislation on mandatory data breach notification adopted by the Dutch Senate

Written by Richard van Schaik, Robin de Wit and Charlotte van Triest On May 26, the Dutch Senate adopted the legislative bill on Data Breach Notifications, thereby amending the Dutch Data Protection Act and the Telecommunications Act (Wetsvoorstel meldplicht datalekken en uitbreiding bestuurlijke boetebevoegdheid Cbp). Content bill The bill introduces the mandatory obligation for all … Continue Reading

European Data Protection Supervisor launches its 2015-2019 strategy

The European Data Protection Supervisor (EDPS) launched it data protection strategy, summarizing it in three strategic objectives and 10 accompanying measures for the next five years. The EDPS stated that it is a crucial moment for data protection, a period of unprecedented change and political importance, not only in the EU but globally. 1. Data … Continue Reading

FRANCE: Right To Be Forgotten – Application Of The Balancing Test Derived From The Google v. Costeja Case

Written By Caroline Chancé and Carol Umhoefer In a December 2014 decision, a French judge ruling in injunctive proceedings gave a new and interesting illustration of how national judges may use the ECJ’s Costeja v. Google case, as well as the related guidelines adopted by the Article 29 Working Party (“WP29″), to grant individuals’ requests … Continue Reading

Big Data, Big Privacy Issues

By Patrick Van Eecke & Mathieu Le Boudec Last week, a resolution on big data was adopted under the auspices of the 36th International Conference of Data Protection and Privacy Commissioners (hereafter: “ICDPPC”). After earlier guiding documents released this year by, among others, the Executive Office of the President of the United States, the Information … Continue Reading

BELGIUM: Belgian government’s new focus on privacy and technology laws

By Patrick Van Eecke and Antoon Dierick Almost five months after federal parliamentary elections took place, the negotiators from the four political parties around the negotiating table (Flemish parties NVA, CD&V and Open VLD and Walloon party MR) reached a coalition agreement which contains quite a few interesting policy initiatives from a privacy and IT … Continue Reading

EU: Update on Google’s Right to be forgotten

Written by Patrick Van Eecke and Anthony Cornette June 15, 2014 In an earlier blog post, Patrick Van Eecke and Anthony Cornette discussed the impact of the ECJ Case C-131/12. The authors now provide some further insight on the latest developments relating to the ECJ case on the ‘Right to be Forgotten’ Privacy Commissioners’ Guidelines … Continue Reading

FRANCE: The CNIL adopts new rules on whistleblowing, simplifying significantly hotline implementation in France

Written by Carol A. F. Umhoefer The CNIL has vastly simplified formalities for most employers by allowing companies that are not subject to Sarbanes-Oxley Section 301(4) to be eligible to self-certify their hotline compliance under the Single Authorization. The CNIL has enlarged considerably the scope of permissible whistleblowing subjects to include workplace discrimination, harassment and … Continue Reading

California Issues Guidance To Companies on Disclosing Privacy Practices

Written By:  Michelle Anderson This week, California Attorney General (AG) Kamala Harris released a series of recommendations designed to help businesses make their privacy policies meaningful to consumers: Making Your Privacy Practices Public.  As interpreted by the AG’s Office, a “meaningful” privacy policy is one that helps consumers “make informed decisions about which companies they … Continue Reading

Bill of law on Internet-related matters is voted in Brazil

Written by Adriano Chaves  and Maria Paula Souza, Campos Mello Advogados law firm (Brazil)* The so-called “Marco Civil da Internet” (i.e. the Bill of Law 2,126/2011, which establishes a civil rights framework for the Internet) was voted and approved by the Brazilian House of Representatives (Câmara dos Deputados) this week. Now it will be submitted … Continue Reading

Belgium: Beware of the barking Privacy Watchdog, she’s biting

MORE ENFORCEMENT POWERS FOR BELGIAN PRIVACY COMMISSION By Patrick Van Eecke and Julie De Bruyn (DLA Piper – Brussels) The quietness in the privacy landscape in Belgium is about to drastically change. Reason for the change of pace are the recent major data breaches that were published by the media. The Privacy Commission announced it … Continue Reading

DLA Launches New Edition of Data Protection Laws of the World Handbook

DLA Piper’s Data Protection & Privacy group are delighted to announce the launch of the third edition of the Data Protection Laws of the World Handbook – a great way to celebrate Data Protection Day! This edition is particularly exciting as it is available via our new online site, which has a number of new … Continue Reading

Malaysia’s Personal Data Protection Act Finally in Effect

Malaysia’s first ever comprehensive privacy law,  the Personal Data Protection Act of 2010 (“PDPA“), came into force on November 15, 2013. The Malaysia Parliament passed the PDPA in 2010.  However, it was passed with no set effective date and uncertainty as to when it would come into force. Now that the law is in force, there is … Continue Reading
LexBlog