In a press release published on March 12, 2019, the European Parliament and its member states reached a provisional agreement on new rules that will guarantee a high level of protection for whistleblowers who report breaches of EU law. The draft establishes a three-tier reporting system (that potentially allows the whistleblower to inform publicly or through media … Continue Reading
A hospital became one of the first organisations to face GDPR enforcement in Portugal in July 2018. The hospital received a €400,000 fine from the Portuguese regulator, Comissão Nacional de Protecção de Dados (“CNPD”) for various breaches of the GDPR. The hospital was fined for the following three violations of the GDPR: Breach of the … Continue Reading
The European Commission announced on 23 January 2019 that it has adopted an adequacy decision on Japan (its press release can be found here).[1] This is a result of the assessment process which began on 5 September 2018, the background of which can be found in our previous blog here. Japan’s data protection authority, the … Continue Reading
As users increasingly use nontraditional modes of communication, such as social media and instant messaging applications, email and VoIP, in place of traditional telephone and data services, so too must privacy laws evolve. The European Electronic Communications Code, proposed on December 4, 2018, expands the definition of electronic communications services to include these “over-the-top services.” … Continue Reading
Many data controllers would like to use the consent of data subjects to transfer data to countries outside the European Economic Area. Has the General Data Protection Regulation 2016/679 (“GDPR”) made it easier use consent as a basis for international transfer than was the case under the Directive 95/46? Rules on international transfer under GDPR … Continue Reading
The European Data Protection Board (EDPB) has finally published its long-awaited draft guidelines 3/2018 on the territorial scope of GDPR (article 3) (“Draft Guidelines”). These are now subject to consultation until 18 January 2019. These Draft Guidelines are pertinent to companies outside of the EU seeking to determine whether the General Data Protection Regulation “GDPR” … Continue Reading
Since 25 May 2018, controllers experiencing a personal data breach must – as a general rule – notify it to the appropriate supervisory authority. Not all breaches will require notifications: those that do not pose a risk to the rights and freedoms of natural persons will generally fall under the radar. However, if such risk … Continue Reading
The GDPR has impacted how organizations in many industries, including advertising, operate. For example, the Committee of Advertising Practice, which authors the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing “CAP Code”, is in the process of updating its prize promotion rules to comply with the stricter requirements under the GDPR, primarily as … Continue Reading
Article 35(4) of the EU General Data Protection Regulation (“GDPR”) states that the supervisory authorities of the EU Member States (“SAs”) shall establish, publish and communicate to the European Data Protection Board (“EDPB”) a list of processing operations that are subject to a requirement for a data protection impact assessment (“DPIA”) under the GDPR.… Continue Reading
What’s New? On 5 September 2018, the EU Commission commenced proceedings to adopt an Adequacy Decision in relation to Japan’s protection of personal data by issuing a draft ‘Commission Implementing Decision’. This is an important step towards the culmination of discussions between the EU and Japan that were initiated in January 2017, with the aim … Continue Reading
The General Data Protection Regulation (GDPR) was incorporated into the EEA Agreement by the EEA Joint Committee in Brussels and entered into force in mid-July. The European Economic Area (EEA) currently includes all EU Member States, including, for the time being, the UK, as well as the three out of four EFTA States meaning Iceland, Liechtenstein and … Continue Reading
The final countdown has started, there are a few days left before GDPR takes effect on Friday 25 May 2018. What are you doing about compliance? If you need assistance, in the EU or outside the EU, for your GDPR compliance program do not hesitate to contact a member of our global Data Protection … Continue Reading
In Part 1 of an upcoming series of posts on our sister Anticorruption Blog, DC-based associate Ericka Johnson explores the recently proposed CLOUD Act and the increasing gap between technology and the law. Of special interest to our readers, The CLOUD Act updates standards for when governments may be able to obtain information stored outside … Continue Reading
What is CCTV? CCTV means closed-circuit television, also known as video surveillance. Video surveillance systems monitors the behavior, activities, or other changing information, usually, of people from a distance by means of electronic equipment. Video surveillance can include anything from closed circuit television or automatic number-plate recognition systems, to any other system for recording, storing, … Continue Reading
Happy New Year! With 2018 off to a rapid start, companies now have fewer than five months to become GDPR-compliant. Although the basic principles and obligations enshrined in the GDPR are not new, the GDPR contains a complex, interlinked series of requirements whose practical application to real world situations is often very unclear. The Article … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 11 December 2017.… Continue Reading
On 12 December 2017, Article 29 Working Party (WP29) published its draft guidelines on transparency under the GDPR. As with the draft guidance on consent, published on the same day, WP29 invites comments to be submitted by 23 January 2018.… Continue Reading
On 12 December 2017, Article 29 Working Party (WP29) published its long-awaited draft guidelines on consent under the GDPR. The guidelines build on WP29’s ‘Opinion on the definition of consent’, adopted in July 2011. As with the draft guidance on transparency, published the same day, WP29 invites comments to be submitted by 23 January 2018. … Continue Reading
Nearly a year ago, on 10 January 2017, the EU Commission released the proposed ePrivacy Regulation (ePR). The three main areas covered by the legislation are the use of electronic communications data by telecommunications operators and other specified entities, the use of tracking applications, and unsolicited direct marketing communications. The ePR aims to ensure a … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
To allow Data Protection Officers (“DPOs”) to interact with one another and share best practices, the European Data Protection Supervisor (“EDPS”) has published a list of DPOs currently appointed by EU agencies. This list identified notably the DPOs for the EDPS as well as the European Court of Justice. The publication of this information not … Continue Reading
The French National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the creation of a “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software.… Continue Reading
On the 22 November, the CNIL released on its website an open source ready to use software tool for DPIAs, which can be downloaded for free. The explanations on the website are currently only in French, but the CNIL’s intention is to have an English explanations as well.… Continue Reading
