Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: data protection

Posted in Consumer Privacy, International/EU Privacy

EU LIBE Committee Adopts EU Data Protection Compromises; Reform Package Set for Parliamentary Vote

The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) voted on Monday to adopt its report on the draft General Data Protection Regulation and the separate Directive for the law enforcement sector. This vote sets out the Parliament’s position for its negotiations with the Council and Commission (known as the “trialogue” stage). The Committee aims to have a plenary Parliamentary vote in March before the Parliamentary elections.

Posted in Consumer Privacy, International/EU Privacy

China’s Regulation on Personal Data Use by Commercial Websites Takes Effect Sept. 1

On September 1, China’s Provisions on the Protection of the Personal Information of Telecommunications and Internet Users will come into force, affecting a wide range of consumer-facing websites, including corporate sites, product information sites, and social media pages. This post examines some of the requirements of the Provisions, and provides a link to a comprehensive Hogan Lovells Corporate Alert describing recent privacy-related legislative developments in China.

Posted in International/EU Privacy

European Court Adviser: Right to Be Forgotten Can Infringe Freedom of Expression

The European Court of Justice (ECJ) is considering a critical case regarding the “right to be forgotten” and the application of EU data protection law to Internet intermediaries. The case involves a Spanish individual who is seeking to require Google to delete references to newspaper articles mentioning his prior involvement in debt collection proceedings from its search results. The ECJ’s adviser, Advocate General Niilo Jääskinen, recently issued a non-binding opinion stating that although EU law should apply to Google, the company should not be deemed a “data controller” for its search engine activities. The opinion also warned that the “right to be forgotten” can adversely affect freedom of expression.

Posted in Consumer Privacy, International/EU Privacy

Making Sense of China’s New Privacy Laws and Draft Internet Privacy Regulations

Although China does not have an omnibus privacy statute or framework, the Chinese government recently has released a number of new privacy guidelines and regulations. This blog posts discusses a number of those guidelines and regulations, including two draft rules: Provisions on the Protection of the Personal Information of Telecommunications, and Internet Users and the Provisions on Registration of the True Identity Information of Phone Users (“Provisions on Phone Users”).

Posted in International/EU Privacy

French report recommends privacy tax

The French government released on January 18, 2013 a 200-page study prepared by Pierre Collin and Nicolas Colin proposing changes to international tax rules to take better account of value creation by digital firms. As a shorter term step, the report proposes that France create a tax that would affect all firms that create value [...]

Posted in Cybersecurity & Data Breaches, International/EU Privacy

French CNIL Publishes English Language Compliance Guides

France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, “Methodology for Privacy Risk Management”, provides a step-by-step guide for identifying risks and prioritising remedial actions. The second guide, “Measures for the Privacy Risk Treatment“, provides practical guidance on [...]

Posted in International/EU Privacy

Right to be Forgotten Can’t be Enforced on the Internet, says European Security Agency

Europe’s Network and Information Security Agency, ENISA, released on November 20, 2012 its report on the technical aspects of the right to be forgotten. ENISA first points out that any technical solutions for the right to be forgotten would require an unambiguous definition of the personal data that is covered by the right to be [...]

Posted in International/EU Privacy

Blogging from Brussels: Key European Officials Discuss Changes to EU Text

Prominent European government officials provided up-to-the-minute perspectives on the proposed European data privacy regulation at this week’s IAPP Europe Data Protection Congress  in Brussels. The officials’ comments — summarized below –indicate how the proposal might evolve for the next steps in the policy process, which include the issuance of the European Parliament’s formal report on [...]

Posted in News & Events

Duke Law School Upcoming Protected-Privacy Data Conference to Feature Hogan Lovells Partner

Duke Law School is hosting the Protected-Privacy Data Conference on November 29–30, 2012, addressing a range of privacy issues including especially U.S. litigation conflicts between discovery and foreign privacy protections, secrecy, and blocking laws. The event is part of The Duke Conference: Bench-Bar-Academy Distinguished Lawyers’ Series. Hogan Lovells partner Chris Wolf will participate on two panels [...]

Posted in International/EU Privacy

European Court Says Austrian DPA Not independent

The European Court of Justice held on October 16, 2012 that Austria’s data protection authority is not sufficiently independent, and therefore fails to comply with the requirements of the European data protection directive. The Court found that Austria’s DPA has too many links to the Austrian Federal Chancellery and that the EU Data Protection Directive’s requirement of “complete independence” is violated.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy, News & Events

Right To Be Forgotten and Data Security Featured in Research Conference on Communication, Information and Internet Policy

On September 22, scholars gathered at George Mason University to present research papers on the right to be forgotten, HTTPS security, accessing data in the cloud, and “option value” as applied to privacy choices. This blog entry summarizes the program and links to the insightful papers.

Posted in International/EU Privacy

CNIL Cloud Guidelines Address Controller vs. Processor Issues

The French CNIL’s new guidelines on cloud computing revisit the tricky question of whether a cloud provider is a data processor or a data controller under French data protection law. The CNIL’s guidelines contain seven recommendations for cloud customers, and a list of recommended contractual clauses. The CNIL points out that when the cloud provider is located in a non-European country “local government authorities can send requests to the provider to have access to the data.”

Posted in International/EU Privacy

CoE Conference Addresses Law Enforcement in the Cloud

The Council of Europe’s 2012 Octopus Cybercrime conference closed today in Strasbourg, France. Hogan Lovells partner Winston Maxwell presented the firm’s white paper on government access to data in the cloud. This blog contains links to the conference materials.

Posted in Consumer Privacy, International/EU Privacy

EU Sets Timeline for Consideration of Data Protection Reform

Jan Philipp Albrecht, the rapporteur to the European Parliament for the proposed EU Data Protection Regulation, has set forth a draft calendar that indicates how long debate over the Regulation may last. It is anticipated that by summer 2013 the Regulation should be ready for trilogue with the Council and Commission, and that the Regulation shall be put to a vote in the plenary session of the European Parliament in early 2014.

Posted in International/EU Privacy

Tension Between Privacy Law and Other Interests Highlighted in Recent German Episode

Chris Wolf, Hogan Lovells Privacy and Information Management Practice Director, has a column in Slate, the daily Web magazine addressing the tension between privacy laws and other societal interests, and the potential for inflexible application of privacy laws in the EU. His discussion is in the context of the prosecution of two reporters for invading the privacy of a former Nazi commando who had been in hiding for decades. A link to the column is included in this blog entry.

Posted in News & Events

Hogan Lovells Lawyers Speaking at IAPP

Hogan Lovells is proud to have six lawyers from its Privacy and Information Management group presenting at various sessions of this year’s IAPP Global Privacy Summit. For those attending the Summit, please consider attending the sessions this week to hear from members of the Hogan Lovells team about various cutting edge topics, as well as about how you can get involved in the IAPP’s public service initiative.

Posted in International/EU Privacy

London Privacy Workshop Seeks Input for UK Consultation

Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.

Posted in International/EU Privacy

New Article by Hogan Lovells Partner Examines Proposed EU Regulation

We are pleased to provide an English language translation of Paris Office Partner Winston Maxwell’s article examining the European Commission’s proposed regulation on data protection, focusing on the Commission’s choice of a regulation as opposed to a directive, and the new obligations that will be imposed on companies, including the accountability principle, privacy by design and the obligation to conduct privacy impact assessments (PIA) for certain kinds of processing. The article describes the proposed changes to the rules on applicable law, which are designed to bring certain non-European websites within the scope of European privacy rules, the proposed “right to be forgotten” and right to data portability.