Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Paul Maynard

Posts by Paul Maynard
Posted in International/EU Privacy

Transfers on Trial: Privacy Shield and Standard Contractual Clauses go before the European Courts

July is set to be a busy month in Luxembourg. On the first and second of the month, the General Court of the European Union (which is part of the Court of Justice of the European Union) will hear a case against the EU-U.S. Privacy Shield brought by three French NGOs, La Quadrature du Net, French Data Network and Fédération FDN. A week later, on 9 July, the CJEU will hear arguments in Schrems II, in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses provide an adequate level of protection for personal data which is transferred to the US.

Posted in International/EU Privacy

Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49

It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic, and on 21 March the Court of Justice of the European Union released Advocate-General Szpunar’s opinion in the case of Planet49, which discusses the requirements for valid consent, in the context of both cookies under the e-Privacy Directive and more general data processing under the GDPR.

Posted in International/EU Privacy

Dark Side of the Moon: Extraterritorial Applicability of the UK Data Protection Act 2018 After Brexit

Subject to the deadlock in parliament being broken, or an extension of the Article 50 Brexit process, the UK’s 46-year European Union membership will cease in a matter of days. In the privacy world, the primary focus for most companies to date has, quite rightly, been on ensuring that data flows in and out of the UK can continue lawfully after that date. But for companies operating across Europe, and indeed across the world, with establishments or customers in the UK, Brexit also has implications in terms of the applicability of the UK data protection framework to their operations. The UK government has published its catchily-titled draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, which amend the territorial applicability provisions of the UK’s Data Protection Act 2018 to ensure the law applies appropriately after the exit day.

Posted in International/EU Privacy

EU and Japan Create World’s Largest Area of Safe Data Transfers

On 23 January, the European Commission announced that it had adopted an adequacy decision in relation to Japan, to enter into force immediately. The mutual agreement, which covers Japan’s 127m citizens as well as the whole of the EU, allows personal data to be transferred between Japan and the EU without the need for additional safeguards such as Standard Contractual Clauses, and creates the largest area of safe data transfers in the world.

Posted in International/EU Privacy

UK Government Releases Statement of Intent on Proposed Data Protection Bill

On 7 August 2017, the UK Department for Culture, Media and Sport published its Statement of Intent on a proposed Data Protection Bill, which will replace the current UK Data Protection Act 1998. The Bill is designed to fully implement the two new laws emanating from the EU – the General Data Protection Regulation and the Data Protection Law Enforcement Directive – in an effort to make the UK’s transition out of the EU as smooth as possible from a data protection perspective and to ensure that both commercial and law enforcement data flows ‘remain uninterrupted after the UK’s exit from the EU’.

Posted in International/EU Privacy

Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments, the full text of which is available on the Working Party website. Comments can be submitted to the Working Party by 23 May 2017, after which the guidance will be finalised.

Posted in International/EU Privacy

State of the Cyber Nation: UK Government Report on Cybersecurity Breaches

On 19 April 2017, the UK Government’s Department for Culture, Media and Sport (DCMS) published a report on cyber security breaches and how they affected UK companies in the last year. The report indicates that a number of UK companies have not implemented comprehensive cybersecurity policies or implemented strong safeguards to protect against cyber attacks. The General Data Protection Regulation — in particular the requirement to ensure all personal data is protected by appropriate technical and organisational measures — provides a real opportunity for any organisation to build a new cyber security strategy. Documenting the decisions taken on these measures will be useful for showing compliance with the new requirements for data protection by design and by default.

Posted in International/EU Privacy

UK Department for Transport Launches Consultation on Regulations for Civil Drone Usage

The 2016 holiday gift guides have heavily featured consumer drones; as such, it is not unfeasible that you or someone you know will receive a drone in the coming weeks. In anticipation of that happy event, on 21 December the UK Department for Transport gave its own gift: a consultation paper on ensuring the safe use of drones, to help the UK to tap into this growing market.