The New York Times reported on May 13 that U.S. companies showed up in force at the International Data Protection Day conference that day in Berlin. The Times article also mentioned the presence of Hogan Lovells at the conference. In addition to the heightened interest in data protection evidenced by U.S. business that is described in the NY Times, the Berlin conference showcased the continued sparring between the EU and the U.S. on the adequacy of U.S. privacy laws and also provided a comprehensive update on data protection developments worldwide. The topics for the day began with the proposed EU data protection regulation and ended with U.S. privacy and security enforcement, with numerous developments in other countries sandwiched in between.
On April 23, the French data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), published its annual report for 2012, emphasizing a significant increase in complaints, audits, and sanctions. In this blog post, we review each of these topics addressed by the CNIL’s report.
Jan Albrecht, the rapporteur for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, released a draft report last month with key proposals to amend the European Commission’s proposed Regulation on data protection. The report includes a total of 350 amendments to the original proposal. Highlights of the 215-page report include the following:
Europe’s Network and Information Security Agency, ENISA, released on November 20, 2012 its report on the technical aspects of the right to be forgotten. ENISA first points out that any technical solutions for the right to be forgotten would require an unambiguous definition of the personal data that is covered by the right to be… Continue Reading
On September 22, scholars gathered at George Mason University to present research papers on the right to be forgotten, HTTPS security, accessing data in the cloud, and “option value” as applied to privacy choices. This blog entry summarizes the program and links to the insightful papers.
CNIL’s recently-released annual report gives insight from France’s authority into sanctions, the right to be forgotten, whistleblowing, and what it believes are several shortcomings in the proposed EU regulation.
Commissioner Reding says right to be forgotten must be balanced with other rights. European Parliament Committee says regulation should be a minimum, calling for class actions and expanded extra-territoriality.
The Article 29 Working Party released on March 29, 2012 its opinion on the European Commission’s proposed new data protection Regulation and Directive (WP191 – Opinion 01/2012 on the data protection reform proposals). The Working Party expresses strong reservations about the proposed Directive on data processing for police and criminal justice matters, criticizing the Commission’s… Continue Reading
Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.
We are pleased to provide an English language translation of Paris Office Partner Winston Maxwell’s article examining the European Commission’s proposed regulation on data protection, focusing on the Commission’s choice of a regulation as opposed to a directive, and the new obligations that will be imposed on companies, including the accountability principle, privacy by design and the obligation to conduct privacy impact assessments (PIA) for certain kinds of processing. The article describes the proposed changes to the rules on applicable law, which are designed to bring certain non-European websites within the scope of European privacy rules, the proposed “right to be forgotten” and right to data portability.
The European Commission today published its proposal for a new Data Protection Regulation. The Regulation, which is not likely to come into force before 2014, is intended to harmonise data protection law in all 27 EU Member States and thus remove current differences which have proved problematic for business and individuals.
Despite rumors of delay, the formal announcement of a proposed comprehensive reform of the data protection framework in the European Union is now set for this Wednesday, January 25 at 12:30 CET (6:30 AM EST). This blog entry contains a link to the videostream of the announcement, as well as a synopsis and link to a video of a speech on Saturday by EU Justice Vice-President Viviene Reding. The Commission’s Data Privacy Day video on personal responsibility to protect privacy also is linked to.
Although the European Commission was expected to release its overhaul of the 1995 Data Protection Directive (95/46/EC) next month, some of the details of those changes emerged earlier than expected this week. In this post, we summarize the many key changes between the Data Protection Directive and the Commission’s draft Data Protection Regulation.
In a recent article Christopher Wolf looks back at the e-G8 conference and pleads for better transatlantic cooperation on privacy matters, explaining the tension between U.S. First Amendment traditions, and certain European proposals including the right to be forgotten.
After a year of hearings, including meetings in Washington with the FTC and DOJ, a French parliamentary commission released its findings on the protection of individual rights in the digital revolution. The 384-page report from the French National Assembly contains recommendations on cloud-computing, privacy by design, and EU privacy law reform.
French Senators propose a new law that would declare all IP addresses to be personal information, increase the sanctioning powers of the CNIL, introduce new data breach obligations, and make the use of certain cookies subject to opt-in.