Nicolas Colin, one of the authors of the report proposing a “privacy tax” in France that we blogged about on January 22nd, just explained his report in more detail in this Forbes blog entry. Readers interested in this issue may find the Forbes blog post of interest.
Tag Archives: data protection
French report recommends privacy tax
The French government released on January 18, 2013 a 200-page study prepared by Pierre Collin and Nicolas Colin proposing changes to international tax rules to take better account of value creation by digital firms. As a shorter term step, the report proposes that France create a tax that would affect all firms that create value… Continue Reading
French CNIL Publishes English Language Compliance Guides
France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, “Methodology for Privacy Risk Management”, provides a step-by-step guide for identifying risks and prioritising remedial actions. The second guide, “Measures for the Privacy Risk Treatment“, provides practical guidance on… Continue Reading
Right to be Forgotten Can’t be Enforced on the Internet, says European Security Agency
Europe’s Network and Information Security Agency, ENISA, released on November 20, 2012 its report on the technical aspects of the right to be forgotten. ENISA first points out that any technical solutions for the right to be forgotten would require an unambiguous definition of the personal data that is covered by the right to be… Continue Reading
Blogging from Brussels: Key European Officials Discuss Changes to EU Text
Prominent European government officials provided up-to-the-minute perspectives on the proposed European data privacy regulation at this week’s IAPP Europe Data Protection Congress in Brussels. The officials’ comments — summarized below –indicate how the proposal might evolve for the next steps in the policy process, which include the issuance of the European Parliament’s formal report on… Continue Reading
Duke Law School Upcoming Protected-Privacy Data Conference to Feature Hogan Lovells Partner
Duke Law School is hosting the Protected-Privacy Data Conference on November 29–30, 2012, addressing a range of privacy issues including especially U.S. litigation conflicts between discovery and foreign privacy protections, secrecy, and blocking laws. The event is part of The Duke Conference: Bench-Bar-Academy Distinguished Lawyers’ Series. Hogan Lovells partner Chris Wolf will participate on two panels… Continue Reading
European Court Says Austrian DPA Not independent
The European Court of Justice held on October 16, 2012 that Austria’s data protection authority is not sufficiently independent, and therefore fails to comply with the requirements of the European data protection directive. The Court found that Austria’s DPA has too many links to the Austrian Federal Chancellery and that the EU Data Protection Directive’s requirement of “complete independence” is violated.
Article 29 Working Party Issues Second Opinion on Proposed EU Regulation
In a recently-issued opinion, the Article 29 Working Party is pushing for a definition of personal data that would cover data that permits individuals to be “singled out and treated differently.” The Working Party also supports stringent consent conditions, and criticizes delegated acts of the Commission.
Right To Be Forgotten and Data Security Featured in Research Conference on Communication, Information and Internet Policy
On September 22, scholars gathered at George Mason University to present research papers on the right to be forgotten, HTTPS security, accessing data in the cloud, and “option value” as applied to privacy choices. This blog entry summarizes the program and links to the insightful papers.
CNIL Cloud Guidelines Address Controller vs. Processor Issues
The French CNIL’s new guidelines on cloud computing revisit the tricky question of whether a cloud provider is a data processor or a data controller under French data protection law. The CNIL’s guidelines contain seven recommendations for cloud customers, and a list of recommended contractual clauses. The CNIL points out that when the cloud provider is located in a non-European country “local government authorities can send requests to the provider to have access to the data.”
EU Regulation: Reding Says Right to be Forgotten Must Be Balanced; EP Committee Calls for Enhanced Extraterritoriality
Commissioner Reding says right to be forgotten must be balanced with other rights. European Parliament Committee says regulation should be a minimum, calling for class actions and expanded extra-territoriality.
Art 29 WP Applauds Sedona Discovery Initiative, Cites Hogan Lovells Partner
Europe’s Article 29 Working Party writes to Hogan Lovells partner Quentin Archer to comment on the Sedona Conference International Principles on Discovery, Disclosure and Data Protection. Working party supports of initiative, citing areas for further progress.
CoE Conference Addresses Law Enforcement in the Cloud
The Council of Europe’s 2012 Octopus Cybercrime conference closed today in Strasbourg, France. Hogan Lovells partner Winston Maxwell presented the firm’s white paper on government access to data in the cloud. This blog contains links to the conference materials.
EU Sets Timeline for Consideration of Data Protection Reform
Jan Philipp Albrecht, the rapporteur to the European Parliament for the proposed EU Data Protection Regulation, has set forth a draft calendar that indicates how long debate over the Regulation may last. It is anticipated that by summer 2013 the Regulation should be ready for trilogue with the Council and Commission, and that the Regulation shall be put to a vote in the plenary session of the European Parliament in early 2014.
Tension Between Privacy Law and Other Interests Highlighted in Recent German Episode
Chris Wolf, Hogan Lovells Privacy and Information Management Practice Director, has a column in Slate, the daily Web magazine addressing the tension between privacy laws and other societal interests, and the potential for inflexible application of privacy laws in the EU. His discussion is in the context of the prosecution of two reporters for invading the privacy of a former Nazi commando who had been in hiding for decades. A link to the column is included in this blog entry.
Hogan Lovells Lawyers Speaking at IAPP
Hogan Lovells is proud to have six lawyers from its Privacy and Information Management group presenting at various sessions of this year’s IAPP Global Privacy Summit. For those attending the Summit, please consider attending the sessions this week to hear from members of the Hogan Lovells team about various cutting edge topics, as well as about how you can get involved in the IAPP’s public service initiative.
London Privacy Workshop Seeks Input for UK Consultation
Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.
New Article by Hogan Lovells Partner Examines Proposed EU Regulation
We are pleased to provide an English language translation of Paris Office Partner Winston Maxwell’s article examining the European Commission’s proposed regulation on data protection, focusing on the Commission’s choice of a regulation as opposed to a directive, and the new obligations that will be imposed on companies, including the accountability principle, privacy by design and the obligation to conduct privacy impact assessments (PIA) for certain kinds of processing. The article describes the proposed changes to the rules on applicable law, which are designed to bring certain non-European websites within the scope of European privacy rules, the proposed “right to be forgotten” and right to data portability.
Draft House Bill Would Impose New Requirements on Mobile Data Collection and Create Joint FTC-FCC Oversight
A draft bill circulating on the Hill would impose new regulations on companies involved in the mobile “app” ecosystem, including wireless service providers, equipment manufacturers, device retailers, operating system providers, website operators, and other online service providers.
Geolocation services: a five country survey
Hogan Lovells privacy attorneys examine the challenges of deploying geolocation services in five jurisdictions, including France, Spain, Germany, the United States and Hong Kong.
CNIL Cites French Yellow Pages Operator for Illegal Use of Social Media Data
The French CNIL found the French provider of universal telephone directory services “Pages Jaunes” guilty of violating several provisions of the French data protection law due to Pages Jaunes’ collection of personal data in social media sites.
France Implements EU Requirements for Data Breach Notification, Audits and Cookies Applicable to Electronic Communications Service Providers
On August 26, 2011 France implemented new EU provisions on data breach notifications for electronic communications providers, as well as new provisions requiring prior consent for cookies. The French measure also gives the government power to order security audits for electronic communications providers.
Financial Services Industry Group Issues Social Media Guidance
A financial services industry group recently released guidance on managing the risks associated with using social media such as Facebook and Twitter. The guidance, titled “Social Media Risks and Mitigation,” was released this week by BITS, a division of the Financial Services Roundtable, which represents 100 of the largest financial services companies. The guidance includes tips on managing numerous concerns specific to financial institutions, which are increasingly using social media in their marketing and customer relationship activities.
Collection and use of personal data for direct marketing — Lessons from the Octopus Case in Hong Kong
Hong Kong Data protection is currently a hot topic in Hong Kong. This is largely due to the furor caused by the discovery of the large scale sale of personal data by Hong Kong’s Octopus Rewards Limited (a company owned by Octopus Holdings Limited) over a number of years. We reported previously that the Hong… Continue Reading