Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: data protection

Posted in International/EU Privacy

Julie Brill Advocates in Support of Privacy Shield

The free flow of data is essential to an ever-growing segment of the global economy. Yet some policymakers and advocates, citing privacy concerns, have called for shutting off the faucet and restricting data flow, to the detriment of European consumers and European businesses, both small and large. After much debate, a major European court opinion, and at least one act of Congress to address the issue, a solution is at hand that will enhance real, enforceable privacy protections on both sides of the Atlantic.

Posted in News & Events

July 2016 Privacy and Cybersecurity Events

Please join us for July 2016 events and speaking engagements led by members of the Hogan Lovells Privacy and Cybersecurity team, detailed in this post.

Posted in International/EU Privacy

A Way Forward for UK Data Protection

The people of the UK have spoken and our collective choice is to leave the European Union. Some are dreading the likely tsunami of economic hardship. Others are excited about what may lie ahead. Most of us are shocked. But as numbing as the verdict of the UK electorate may be, there are crucial political, legal and economic decisions to be made. The ‘To Do’ list of the UK government will be overwhelming, not least because of the dramatic implications that each of the items on the list will have for the future of the country and indeed the world. Steering the economy will be a number one priority and with that, the direction of travel of the digital economy – which, at the end of the day, is one of the pillars of prosperity in the UK and everywhere else.

Posted in International/EU Privacy

CNIL’s New Role: Overseeing Website Blocking

In an April 15, 2016 report, the French Data Protection Authority, the CNIL, provided details about its little-known responsibility as overseer of the French police’s website-blocking powers. The French legislature gave the CNIL this new role in a November 13, 2014 law designed to enhance French police powers against terrorism. The 2014 law increased French police and intelligence agencies’ powers to collect data without a court order. A lesser-known aspect of the November 2014 law is the provision that allows the French police to order ISPs to block websites that either provoke terrorist acts or support (provide an “apologia” or defense for) terrorism. When the French police identify online content that violates these rules, they may order ISPs to block access. The police also have this power with regard to child pornography. Search engines can also be ordered to delist content from search results.

Posted in Consumer Privacy

What Will be the Impact of the New EU Data Protection Regulation on the UK’s Freedom of Information Act?

Undoubtedly one of the more mind-bending exemptions to apply under the Freedom of Information Act 2000 (FOIA) is the exemption for personal information (s.40) (although sections 30 and 36 are also up there!). This is partly due to s. 40’s close link with the Data Protection Act 1998 (DPA). Not one to hog the limelight, the DPA has typically been cited in past litigation as a secondary or even tertiary issue to the main action when there is a claim for breach of confidence or breach of privacy. This led to a scarcity of judicial rulings on the DPA prior to the FOIA. However, in the Tribunal and higher court decisions flowing from the FOIA, certain aspects of the DPA have frequently been examined when public authorities seek to rely on the s. 40 exemption. Consequently there have been a number of rulings on the scope of personal data and on the ‘legitimate interests’ ground as a legal basis for disclosing such information. These rulings have been based on the DPA which itself implements the EU Data Protection Directive 95/46/EC. But the Directive is due to be replaced by an EU Regulation in the next few years. What will this mean for how the s. 40 exemption under FOIA is interpreted?

Posted in International/EU Privacy

EU Data Protection Supervisor’s Workshop Examines Role of Privacy in Merger Reviews and Competition Investigations

In a recent client alert, Hogan Lovells partners from the firm’s London and Washington, D.C. offices highlighted key takeaways for businesses following the European Data Protection Supervisor’s Workshop on Privacy, Consumers, Competition, and Big Data. The workshop, hosted by EDPS in the European Parliament in Brussels on 2 June 2014, discussed the technological advances and market for ‘big data’ analytics and the policy implications for the fields of data protection, competition and consumer protection of the rapidly expanding digital economy in the EU and in other regions, particularly the in US. Around 70 experts attended, including representatives from the European regulators and the US Federal Trade Commission.

Posted in Consumer Privacy, International/EU Privacy

EU LIBE Committee Adopts EU Data Protection Compromises; Reform Package Set for Parliamentary Vote

The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) voted on Monday to adopt its report on the draft General Data Protection Regulation and the separate Directive for the law enforcement sector. This vote sets out the Parliament’s position for its negotiations with the Council and Commission (known as the “trialogue” stage). The Committee aims to have a plenary Parliamentary vote in March before the Parliamentary elections.

Posted in Consumer Privacy, International/EU Privacy

China’s Regulation on Personal Data Use by Commercial Websites Takes Effect Sept. 1

On September 1, China’s Provisions on the Protection of the Personal Information of Telecommunications and Internet Users will come into force, affecting a wide range of consumer-facing websites, including corporate sites, product information sites, and social media pages. This post examines some of the requirements of the Provisions, and provides a link to a comprehensive Hogan Lovells Corporate Alert describing recent privacy-related legislative developments in China.

Posted in International/EU Privacy

European Court Adviser: Right to Be Forgotten Can Infringe Freedom of Expression

The European Court of Justice (ECJ) is considering a critical case regarding the “right to be forgotten” and the application of EU data protection law to Internet intermediaries. The case involves a Spanish individual who is seeking to require Google to delete references to newspaper articles mentioning his prior involvement in debt collection proceedings from its search results. The ECJ’s adviser, Advocate General Niilo Jääskinen, recently issued a non-binding opinion stating that although EU law should apply to Google, the company should not be deemed a “data controller” for its search engine activities. The opinion also warned that the “right to be forgotten” can adversely affect freedom of expression.

Posted in Consumer Privacy, International/EU Privacy

Making Sense of China’s New Privacy Laws and Draft Internet Privacy Regulations

Although China does not have an omnibus privacy statute or framework, the Chinese government recently has released a number of new privacy guidelines and regulations. This blog posts discusses a number of those guidelines and regulations, including two draft rules: Provisions on the Protection of the Personal Information of Telecommunications, and Internet Users and the Provisions on Registration of the True Identity Information of Phone Users (“Provisions on Phone Users”).

Posted in International/EU Privacy

French report recommends privacy tax

The French government released on January 18, 2013 a 200-page study prepared by Pierre Collin and Nicolas Colin proposing changes to international tax rules to take better account of value creation by digital firms. As a shorter term step, the report proposes that France create a tax that would affect all firms that create value […]

Posted in Cybersecurity & Data Breaches, International/EU Privacy

French CNIL Publishes English Language Compliance Guides

France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, “Methodology for Privacy Risk Management”, provides a step-by-step guide for identifying risks and prioritising remedial actions. The second guide, “Measures for the Privacy Risk Treatment“, provides practical guidance on […]

Posted in International/EU Privacy

Right to be Forgotten Can’t be Enforced on the Internet, says European Security Agency

Europe’s Network and Information Security Agency, ENISA, released on November 20, 2012 its report on the technical aspects of the right to be forgotten. ENISA first points out that any technical solutions for the right to be forgotten would require an unambiguous definition of the personal data that is covered by the right to be […]

Posted in International/EU Privacy

Blogging from Brussels: Key European Officials Discuss Changes to EU Text

Prominent European government officials provided up-to-the-minute perspectives on the proposed European data privacy regulation at this week’s IAPP Europe Data Protection Congress  in Brussels. The officials’ comments — summarized below –indicate how the proposal might evolve for the next steps in the policy process, which include the issuance of the European Parliament’s formal report on […]

Posted in News & Events

Duke Law School Upcoming Protected-Privacy Data Conference to Feature Hogan Lovells Partner

Duke Law School is hosting the Protected-Privacy Data Conference on November 29–30, 2012, addressing a range of privacy issues including especially U.S. litigation conflicts between discovery and foreign privacy protections, secrecy, and blocking laws. The event is part of The Duke Conference: Bench-Bar-Academy Distinguished Lawyers’ Series. Hogan Lovells partner Chris Wolf will participate on two panels […]

Posted in International/EU Privacy

European Court Says Austrian DPA Not independent

The European Court of Justice held on October 16, 2012 that Austria’s data protection authority is not sufficiently independent, and therefore fails to comply with the requirements of the European data protection directive. The Court found that Austria’s DPA has too many links to the Austrian Federal Chancellery and that the EU Data Protection Directive’s requirement of “complete independence” is violated.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy, News & Events

Right To Be Forgotten and Data Security Featured in Research Conference on Communication, Information and Internet Policy

On September 22, scholars gathered at George Mason University to present research papers on the right to be forgotten, HTTPS security, accessing data in the cloud, and “option value” as applied to privacy choices. This blog entry summarizes the program and links to the insightful papers.

Posted in International/EU Privacy

CNIL Cloud Guidelines Address Controller vs. Processor Issues

The French CNIL’s new guidelines on cloud computing revisit the tricky question of whether a cloud provider is a data processor or a data controller under French data protection law. The CNIL’s guidelines contain seven recommendations for cloud customers, and a list of recommended contractual clauses. The CNIL points out that when the cloud provider is located in a non-European country “local government authorities can send requests to the provider to have access to the data.”

Posted in International/EU Privacy

CoE Conference Addresses Law Enforcement in the Cloud

The Council of Europe’s 2012 Octopus Cybercrime conference closed today in Strasbourg, France. Hogan Lovells partner Winston Maxwell presented the firm’s white paper on government access to data in the cloud. This blog contains links to the conference materials.