On June 12, a French Court of Appeals upheld a decision ordering Twitter to divulge the identities of the authors of anti-Semitic tweets, which are illegal under French law. In a detailed analysis of the court’s order for the IAPP Privacy Perspectives blog, Winston Maxwell and Christopher Wolf describe how the order, issued directly by the French court to California-based Twitter, which does not have a French establishment, implicates jurisdictional issues and calls into question the use of anonymity as a privacy shield to post hate speech online.
On June 11, the French Minister for Digital Economy indicated during questioning by a French Member of Parliament about the status of the draft data protection regulation that the Minister of Justice had rejected, during the meeting of the European Council held last week, the latest version of the draft regulation.
Concerned that the prescriptive nature of the proposed EU Data Protection Regulation will impose a significant additional administrative burden on regulators, the UK Information Commissioner’s Office as published on its website a letter to the Secretary of State for Justice which re-states the Information Commissioner’s concerns about the proposed Regulation.
In February 2013 the European Union published the EU Cyber Security Strategy and accompanying proposed Directive. Now, in anticipation of the implementation of the Directive, the UK’s Department for Business, Innovation and Skills (BIS) has published a call for evidence to look at the impact of the Directive upon businesses in the UK.
Hogan Lovells has published a White Paper demonstrating that, contrary to recent reports, the limitations applied to U.S. law enforcement access to data stored in the Cloud during national security and foreign intelligence investigation surpass in many cases restrictions applied during similar investigations in other countries. “A Sober Look at National Security Access to Data in the Cloud,” written by Christopher Wolf and Winston Maxwell, lawyers in Hogan Lovells’ Privacy and Information Management Practice based out of the Washington D.C. and Paris offices, was released today at a panel of the authors which was presented by the OpenForum Academy in Brussels. The authors also will discuss the paper tomorrow in Paris at a roundtable discussion comparing U.S. and French government access to data in the cloud presented by the American Chamber of Commerce in France.
The New York Times reported on May 13 that U.S. companies showed up in force at the International Data Protection Day conference that day in Berlin. The Times article also mentioned the presence of Hogan Lovells at the conference. In addition to the heightened interest in data protection evidenced by U.S. business that is described in the NY Times, the Berlin conference showcased the continued sparring between the EU and the U.S. on the adequacy of U.S. privacy laws and also provided a comprehensive update on data protection developments worldwide. The topics for the day began with the proposed EU data protection regulation and ended with U.S. privacy and security enforcement, with numerous developments in other countries sandwiched in between.
On April 19, the European Union’s Article 29 Working Party adopted Explanatory Document WP204 on processor Binding Corporate Rules (BCRs). Processor BCRs provide a new avenue for data controllers to transfer EU personal data to processors (such as cloud service providers) located in third countries not considered to ensure an adequate level of protection under the 1995 EU Data Protection Directive. The Article 29 Working Party, noting the success of controller BCRs and citing the “growing interest of industry in such a tool,” provided initial guidance on processor BCRs in June 2012 through Working Document WP195 (which we previously covered here). WP195 presented a “toolbox” that laid out the criteria for approval of processor BCRs, as well as explanatory notes on the content expected in the processor BCRs. As of January 1, 2013, the EU began accepting applications for approval of processor BCRs.
On April 23, the French data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), published its annual report for 2012, emphasizing a significant increase in complaints, audits, and sanctions. In this blog post, we review each of these topics addressed by the CNIL’s report.
The European Union’s Article 29 Data Protection Working Party (“WP29″), which consists of the 27 data protection authorities of the EU Member States, has published the “Opinion 03/2013 on purpose limitation” (Working Paper WP203), adopted on 2 April 2013 (the “Opinion”). The WP29 analyzes and interprets the elements of this principle, and gives numerous examples with [...]
The legislative process for the European Commission’s (EC’s) proposed Data Protection Regulation is heating up. The European Parliament’s lead committee on the EU’s draft Data Protection Regulation has received more than 3,000 proposed amendments to the reform measure. As a result, the committee has moved its vote on the Regulation from April to the end of May. Some of the 3,000 amendments were submitted last week by Parliament’s Legal Affairs Committee (JURI), which has adopted an opinion generally supporting the proposed Regulation. Viviane Reding, Vice-President of the EC and EU Justice Commissioner, said that JURI’s adoption of the proposed Regulation brings the EU “another step towards the swift adoption of modern data protection reform in Europe.” In an unrelated announcement, the French Minister of Justice stated that France “actively supports” the proposed Regulation, including its provision on the right to be forgotten. The Minister said that France will be vigilant that the Regulation will “not introduce a step backwards” from current French law.
The European Union’s Article 29 Data Protection Working Party (“WP29“), which consists of the 27 data protection authorities of the European Union Member States, has published its “Opinion on Apps in Smart Devices“, adopted on 27 February 2013 (the “Opinion“). Applicability of EU laws According to WP29, the 1995 Data Protection Directive applies to all [...]
Hogan Lovells today announced the formation of the Coalition for Privacy and Free Trade. The formation of the new coalition follows the announcement by President Obama that the United States and the European Union soon will commence negotiations for a Transatlantic Free Trade Agreement (formally, the Transatlantic Trade and Investment Partnership (TTIP)), and Japan’s announcement of its [...]
In a decision with important implications not only for Facebook but potentially for many companies not primarily located in Europe but with European customers, on February 14 the Administrative Court (Verwaltungsgericht) for the German State Schleswig-Holstein decided that German data protection law is not applicable to U.S.-based Facebook Inc. as well as its European subsidiary, Facebook Ireland Ltd., [...]
Privacy and trade will be considered as linked issues during the looming EU-U.S. trade negotiations, reports Hogan Lovells privacy leader Chris Wolf in one of the inaugural blog posts on the first-ever blog of the International Association of Privacy Professionals, Privacy Perspectives, which just launched. An investigation has begun at the United States International Trade [...]
The European Commission’s DG Justice recently issued an explanation of how the proposed “consistency mechanism” in the General Data Protection Regulation will work, explaining that “the main innovations of the proposed  Regulation relate to the institutional system it creates rather than to the substance of data protection law.” In summary, the Commission explained that ” [...]
On January 25, 2013 the Hong Kong Privacy Commissioner for Personal Data published its “New Guidance on Direct Marketing” to help organizations comply with the direct marketing provisions of the Personal Data Amendment Ordinance. The “Amendment Ordinance” was passed on June 27, 2012; while most of its provisions have already been implemented, the provisions relating [...]
Noting that security incidents affecting information systems “are becoming bigger, more frequent, and more complex,” and that the majority of respondents to its consultation on the topic reported having experienced such an incident in the past year, today the European Commission released a proposal for a Directive “concerning measures to ensure a high common level [...]
A February 4, 2013 article published by the specialized healthcare news site “Actusoins” revealed data breaches at several French hospitals and clinics, demonstrating that such incidents can occur even in a highly-regulated jurisdiction. The journalist was researching another article, and entered the name of a physician into Google. The journalist was astonished to find at [...]
Nicolas Colin, one of the authors of the report proposing a “privacy tax” in France that we blogged about on January 22nd, just explained his report in more detail in this Forbes blog entry. Readers interested in this issue may find the Forbes blog post of interest.
Yesterday in Spain, the Government Department for Telecommunications and Information Society hosted an event to commemorate the 20th anniversary of the introduction of the first Spanish data protection law and also to recognize EU Data Protection Day. Information about the event, titled: “20 years of data protection in Spain” is available (in Spanish) here. The first Spanish data [...]
The Spanish Constitutional Court has ruled against two company employees who claimed an infringement of their privacy right and their right to secrecy of communications, in a recent judgement from 17 December 2012, published in the States’ Official Gazette on 22 January 2013. The Constitutional Courts’ Decision 241/2012 (the “Decision“), is available (in Spanish) here: [...]
The Hong Kong Government commenced the rewrite of the Companies Ordinance in 2006 with a view to modernising Hong Kong’s company law. The new Companies Ordinance (the “New Ordinance”, a copy of which can be accessed here) was passed by the Legislative Council on 12 July 2012 and gazetted on 10 August 2012. Among the [...]
Hogan Lovells Privacy Leader Christopher Wolf, founder and co-chair of the Future of Privacy Forum (FPF), a Washington, DC-based think tank dedicated to advancing personal privacy, convened a “Who’s Who” of governmental privacy officials at an FPF session in Brussels on 23 January to discuss the proposed EU General Data Protection Regulation. Chis led the session with FPF Senior Fellow [...]