Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: implied consent

Posted in International/EU Privacy

China’s Revised Draft Data Localisation Measures

On 19 May 2017, the Cyberspace Administration of China released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures. The draft emerged just over a week after public comments closed on the first draft of the measures. the Second Draft Export Review Measures do, to an extent, relax some of the more stringent requirements stated in the First Draft Export Review Measures and originally due to become law on 1 June, 2017 when China’s Cyber Security Law takes effect. However, the revised draft measures as set out in the Second Draft Export Review Measures still leave a significant compliance challenge for multi-national businesses operating in China . We explore the Second Draft Export Review Measures below.

Posted in International/EU Privacy

Future-Proofing Privacy: Justifying Data Uses

Part 4 of Future-Proofing Privacy: Justifying Data Uses – From Consent to Legitimate Interests. Currently, under the Data Protection Directive, each instance of data processing requires a legal justification – a “ground for processing”. This fundamental feature of EU data protection law will remain unchanged under the Regulation. However, the bar for showing the existence of certain grounds for processing will be set higher. This is especially true with regards to consent.

Posted in International/EU Privacy

Cookie Consent—What’s Changed?

Almost five years ago, EU legislators shocked the Internet world by changing the legal requirement for the use of cookies and similar device identification techniques from “notice and opt-out” to “notice and consent.” At first, there was a sense of disbelief about whether this sudden legal twist was for real. As the dust settled, it became clear that what had been common practice until then—sticking a generic paragraph about the use of cookies in the privacy policy and referring users to the browser’s menu for further control—was no longer enough to comply with the new requirement.