Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

Brexit – A Data Protection Action Plan

“There is a cliff, whose high and bending head looks fearfully in the confined deep. Bring me but to the very brim of it” says the blinded Earl of Gloucester in Shakespeare’s King Lear, thinking that he is at the edge of the famous white cliffs of Dover.

Right now, the whole of the UK appears to be on the same spot looking over a precipice. However, this is not the moment to be blind. As politicians struggle to find a magic formula for a prosperous Brexit, businesses are stepping up their efforts to mitigate the damage of a possible “no-deal Brexit.” The data protection community is no different.

The proposed withdrawal agreement would have preserved the status quo in data protection terms, at least until the end of the transition period in December 2020. However, if the UK leaves the EU without a deal, the implications for international data flows and privacy compliance generally will be severe. Therefore, British pragmatism demands an urgent and thorough approach to preparing for the eventuality of a no-deal Brexit.

A comprehensive action plan in this situation should consider the following: Continue Reading

Posted in International/EU Privacy

Privacy, Cybersecurity, and the Internet of Things in Asia: What to Expect in 2019

Increasing numbers of initiatives, devices, and solutions related to the Internet of Things (IoT) are substantially impacting the development of cybersecurity and data privacy regulations throughout Asia. After the implementation of the General Data Protection Regulation (GDPR) in Europe, for example, Asian lawmakers are considering strengthening their own data protection laws. The region is also characterized by a push in a number of jurisdictions towards data localization requirements driven more by “cyber sovereignty,” national security considerations, and protectionist impulses than data protection considerations. Restrictions on the collection and free use of data may pose a challenge for IoT models, particularly if data is required to be kept onshore.

At the same time, it is clear that many Asian jurisdictions see IoT as a key driver for economic growth. A number of jurisdictions have “smart city” initiatives and interests in areas such as automotive telematics. Japan, South Korea, and China, in particular, have strong automotive sectors and are focused on maintaining technological leadership. Unmanned aerial vehicles (UAV) are also an area of focus, both in terms of the supply of vehicles and components and in terms of their deployment as part of these “smart” initiatives.

In this hoganlovells.com interview, Mark Parsons, a Hogan Lovells partner based in Hong Kong, summarizes the current status of IoT-related policies in the Asia-Pacific region and discusses changes anticipated in 2019. Continue Reading

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Hogan Lovells publishes Demystifying the U.S. CLOUD Act

Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions.

Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura. Continue Reading

Posted in International/EU Privacy

Brazil Creates a Data Protection Authority

On 14 August 2018 Brazil approved its new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) – a comprehensive law that closely mirrors the European Union’s General Data Privacy Regulation (“GDPR”). Although the LGPD significantly expands Brazil’s data protection framework and places the country among one of the few jurisdictions to provide similar data privacy protections as those offered in the European Union, the new law did not create a data protection authority.

Continue Reading

Posted in Consumer Privacy

California Department of Justice to Hold Six Public Forums on the CCPA

The California Attorney General Xavier Becerra and the California Department of Justice will hold six public forums about the California Consumer Privacy Act (CCPA) that are open to all members of the public.

These public forums are being held pursuant to Section 1798.185 of the CCPA, which requires the Attorney General to “solicit broad public participation and adopt regulations to further the purposes” of the CCPA, including, but not limited to, the following areas: Continue Reading

Posted in International/EU Privacy

Are You Ready for Brazil’s New Data Protection Law?

The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection Regulation (“GDPR”) implemented in the European Union, the LGPD imposes strict regulations on the collection, use, processing, and storage of electronic and physical personal data. In conjunction with the passing of the LGPD, the National Data Protection Authority will be created in order to adequately implement the new legislation. Continue Reading

Posted in Employment Privacy

Data Privacy Considerations for Diversity and Inclusion Initiatives

Hogan Lovells partner Bret Cohen recently participated in the webinar “HR Data Privacy – Protecting Privacy in Global Diversity and Inclusion Initiatives,” hosted by BrightTALK. In this webinar, Bret and Jackie Wilkosz of Aleada Consulting discussed issues that arise at the intersection of global privacy laws and diversity and inclusion initiatives.

Many companies have initiatives or programs designed to enhance the diversity and inclusiveness of their workforce or applicant pools. To implement and evaluate the success of these programs, companies often must collect, use, and store personal information about their employees and applicants, such as race, gender, and ethnicity. In some jurisdictions, these types of personal information may be subject to special requirements and restrictions. For example, in countries across the EU, there are restrictions on the use of “sensitive” or “special categories” of personal information, which include race, disability, and sexual orientation.

The webinar explores the ethical and privacy implications of corporate diversity and inclusion programs, with a focus on GDPR restrictions and requirements. It also discusses best practice solutions that can help companies protect individual privacy interests while still advancing a global diversity and inclusion agenda.

To read a copy of the slide deck, click here.

To watch a recording of the webinar, click here.

Posted in Health Privacy/HIPAA

HHS Seeking Input on HIPAA Changes

The Department of Health and Human Services (HHS) announced a Request for Information (RFI) regarding how the HIPAA Privacy, Security, and Breach Notification Rules could be modified to reduce regulatory burdens and to improve care coordination, case management, and value-based health care.

In addition to opening the door for public comments on current challenges and potential modifications to the HIPAA Rules, the RFI specifically requests feedback on anticipated changes to several specific provisions of the Privacy Rule including: Continue Reading

Posted in International/EU Privacy

UK Government Aims for Data Protection Continuity Despite No Deal Brexit Prospect

Amid the constitutional and political uncertainties surrounding the Brexit process, the UK Government has provided welcome assurance on the data protection front. Guidance issued by the Department for Digital, Culture, Media & Sport (DCMS) confirms how UK data protection law will work in the event the UK leaves the EU without a deal. Whilst the Government still regards a No Deal Brexit as “unlikely”, given the extremely severe implications of that scenario for transfers of personal data into and out of the UK, the DCMS confirmation is hugely helpful in terms of the preparations needed for that eventuality. Continue Reading