Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Legitimising data globalisation remains a top business priority in our uber-digitised world. The coming of age of cloud-based services, the continuous advance of mobile communications and the push by developed and developing countries to reach a global market have made international data transfers more essential than ever. At the same time, the level of regulation affecting those transfers is becoming more impenetrable and politically charged.

Against this background, what are the issues that need to be taken into account to develop a solid global data flows legal strategy? Eduardo Ustaran examines the future of international data transfers in this article for Privacy & Data Protection Journal.

Posted in International/EU Privacy

Cookie Consent Is the New Panic

Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating a website without cookies, the dilemma around what solution to deploy has become a serious business decision. Different business stakeholders are often at odds with each other and matters are getting escalated to decision makers who had never been involved in the technically complex and largely misunderstood world of cookies. The tension is rising and yet, no approach has emerged as the preferred one among all involved. So everyone is getting anxious to find a way to do what they have always done and comply with the law. Is this panic justified?

Continue Reading

Posted in News & Events

Privacy and Cybersecurity July 2018 Events

Please join us for our July 2018 Privacy and Cybersecurity Events.

July 9
Student Privacy Bootcamp
Bret Cohen will discuss the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA) at the Future of Privacy Forum (FPF) and the School Superintendents Association (AASA) Student Privacy Boot Camp.

This training program will feature detailed legal and policy presentations to help superintendents understand regulatory requirements as well as the best practices to properly handle student educational data.

Location: Washington, D.C.

 

July 12
Ransomware: Should You Pay?
 Nathan Salminen will be a panelist at the Hogan Lovells event, “Ransomware: Should You Pay?” where he will explore the major debate on whether victims should pay the ransom for a cyber attack or not.
Location: Washington, D.C.

 

Posted in Consumer Privacy

California Enacts Sweeping New Comprehensive Privacy Legislation

California continues to be a first mover in privacy in the United States, enacting the US’s toughest and most comprehensive privacy legislation on Thursday, June 28, 2018. Unlike existing state and federal privacy legislation that has generally focused on specific sectors or privacy issues, the California Consumer Privacy Act of 2018 (AB 375), applies broadly to businesses that collect personal information about California consumers and aims to create significant new consumer privacy rights. In doing so, it creates significant new obligations for businesses.

Continue Reading

Posted in International/EU Privacy

Asia Pacific Data Protection and Cybersecurity Regulation: 2017 in Review and Looking Ahead to 2018

2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific (APAC) region were over the course of the year.

Much of the focus internationally was on preparations for the May, 2018 implementation of the European Union’s General Data Protection Regulation (GDPR). However, the APAC region was noteworthy in particular for China’s introduction of its Cyber Security Law, for a noticeable region-wide trend towards tighter, more strictly enforced regulation and for concrete efforts towards greater inter-operability of national data protection regimes.

Continue Reading

Posted in International/EU Privacy

Hogan Lovells Updates Practical GDPR Guide

With the coming into effect of the GDPR on 25 May 2018, the modernisation of European privacy laws has reached a critical milestone. Businesses operating in Europe or targeting European customers now need to comply with the new regime. At stake are not only the consequences of non-compliance, but also the ability to take advantage of new technologies, data analytics and the immense value of personal information. From determining when European law applies to devising a workable cooperation strategy with national regulators, there are many intricate novelties to understand and address.

We have updated our guide “Future-proofing privacy,” which aims to be a useful starting point for organisations seeking to understand the GDPR and comply with it. Twenty-four authors from 10 European Hogan Lovells offices have contributed their knowledge, efforts, and advice to compile a unique resource of practical guidance. We have identified the key issues and explained why they matter. Crucially, we have approached the new framework with a practical mindset, providing concrete suggestions for actions to take now.

For Hogan Lovells’ Future-Proofing Privacy: A guide to complying with the EU Data Protection Regulation, click here.

Posted in Consumer Privacy, Privacy & Security Litigation

U.S. Supreme Court Holds that Historical Cell Site Location Data Is Subject to a Reasonable Expectation of Privacy

In a landmark 5-4 decision, the United States Supreme Court held that the government conducts a search under the Fourth Amendment and therefore, absent exigent circumstances, needs a warrant supported by probable cause when obtaining cell-site location information (CSLI) (i.e., records of the cell towers to which mobile devices connect). The majority reached that conclusion based on the determination that such location records are subject to a reasonable expectation of privacy that continues to apply even though the location records are disclosed to the cell phone user’s wireless carrier, a third party.

Continue Reading

Posted in Consumer Privacy

California Consumer Privacy Bill Fast-Tracked to Replace November Ballot Initiative

On June 22, California lawmakers announced Assembly Bill 375, a broad-based consumer privacy bill that is intended to serve as an alternative to the California Consumer Privacy Act (CCPA), a far-reaching consumer privacy initiative that is on track to be on the California ballot this November. The chief sponsor of the CCPA, Alastair Mactaggart, has stated that he will withdraw the initiative from the ballot if AB 375 is passed this week.

Continue Reading

Posted in News & Events

Privacy and Cybersecurity June 2018 Events

Please join us for our June 2018 Privacy and Cybersecurity Events

June 12
Data Breach Response & Notification
Harriet PearsonMichelle KisloffJoke Bodewits, and Martin Strauch will host a webinar entitled, “Data Breach Response & Notification Under the EU GDPR and U.S. laws.” They will address the GDPR’s breach notification requirements, compare to U.S. breach notification requirements, provide compliance tips and benchmarks, discuss litigation strategies for when an incident occurs, and look ahead at notification requirements under the EU’s Network and Information Systems (NIS) Directive.

 

June 21
Breach Notification Under the GDPR and Privacy and Cybersecurity Litigation
Michelle Kisloff will speak on two panels at the ABA’s Third National Institute on Cybersecurity Law. The first panel, “Breach Notifications under the GDPR,” will cover data breach response under the GDPR. The second panel, “Litigation Round-Up,” will discuss privacy and cybersecurity litigation developments. Tim Tobin will moderate both panels.
Location: New York

 

Continue Reading

Posted in International/EU Privacy

GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation

The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR). With the GDPR having come into force, the EDPB thus replaces the Art. 29 Data Protection Working Party (Art. 29 Group) which was established under the EU Data Protection Directive and other previously applicable data protection laws. More information about the EDPB can be found on its website.

Continue Reading