On June 22, 2012, Harriet Pearson, who becomes a Hogan Lovells privacy partner on August 1 and Chris Wolf, co-director of the firm’s Privacy and Information Management Practice, presented at the University of Maine Center for Law and Innovation Program on “Privacy in Practice.” This blog entry containes the videos of their presentations, Harriet’s on Global Data Management Concerns for All Enterprises, Everywhere and Chris’ on the proposed EU Data Protection Regulation.
For over a year companies have been trying to determine how to achieve compliance with the UK Information Commissioner’s Office’s (ICO) amended Privacy and Electronic Communications Regulations (the “cookies law”), which implemented 2009 amendments to the EU’s Privacy and Electronic Communications Directive of 2002. Last week, the ICO made it clear that reliance on implied consent would be an acceptable form of consent.
Are BCRs the key to global interoperability? Some think so at the IAPP London conference. This post discusses opinions from conference presenters — will BCRs will become more and more popular as corporations implement new accountability measures, or will they fade under the weight of continued bureaucracy?
CNIL, Falque-Pierrotin, ‘data protection’, privacy, Europe, EU, regulation, BCR, accountability, sanctions, interoperability
Chris Wolf, Hogan Lovells Privacy and Information Management Practice Director, has a column in Slate, the daily Web magazine addressing the tension between privacy laws and other societal interests, and the potential for inflexible application of privacy laws in the EU. His discussion is in the context of the prosecution of two reporters for invading the privacy of a former Nazi commando who had been in hiding for decades. A link to the column is included in this blog entry.
This blog entry reports on an industry push against “digital protectionism” that can result from overly-restrictive privacy rules, on a speech by a senior US government official promoting enforceable industry codes of conduct, and the APEC cross-border recognition agreement.
The German data protection authorities on September 26, 2011 adopted an “Orientation guide – cloud computing.” The guide sets out mandatory and recommended content for any agreement between German users of cloud computing services and cloud computing serving providers. It highlights the customer’s responsibility for full compliance with German data protection requirements for the cloud. Based on this orientation guide, customers and providers will have to review existing agreements in the German market.
Winston Maxwell, a partner in Hogan Lovells’ Paris Office prepared this entry. On July 13, 2010 the EU’s Article 29 Data Protection Working Party adopted a report (http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp172_en.pdf ) describing how ISPs and telecom carriers retain traffic data for law enforcement purposes in Europe. The European Data Retention Directive 2006/24/EC (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML) was supposed to harmonize national […]
On 16 February 2010, the Article 29 Working Party adopted an opinion on the concepts of data “controller and “processor”, which are crucial for determining who is responsible for compliance with EU data protection rules. The opinion provides a comprehensive analysis as well as practical examples and rules of thumb on how to approach the concepts pragmatically.
On February 5th, the European Commission decided to modify the standard contractual clauses for transfers of personal data, repealing the original decision (Decision 2002/87/EU) that introduced these clauses back in 2002. The European Commission considered it necessary to adjust the existing standard contractual clauses to meet the growing challenges of global outsourcing.
The Article 29 working party of European data protection authorities published a roadmap listing areas of future reform of privacy legislation in the EU. “Privacy by design,” increased accountability and a reduction in administrative filing obligations are among the WP29’s proposals.
As reported in the press, “the Council of the European Union has approved new legislation that would require Web users to consent to Internet cookies.” But it is not quite as clear-cut as that quote suggests. The consent requirement relates cookies that collect personal data — an important qualification — and some cookies appear to fall outside of the consent requirement. We detail the fine points of what has happened in this blog entry.
As the 31st annual International Conference of Data Protection and Privacy Commissioners wraps up in Madrid, capped by the announcement that next year’s conference will occur in Jerusalem, to be hosted by the Israeli Information and Technology Authority, some reflections: • Security vs. Privacy There continues to be a tension between the need for security from […]
American-style data security breach notification laws may be coming to the EU, affecting all companies holding personal data
The Federal Trade Commission settles with 6 companies over Safe Harbor misrepresentations and lapsed certifications.
In the United States, regulators and policy makers are taking a close look at the issues surrounding behavioral advertising and how to protect the privacy of consumers. A vigorous debate is occurring over self-regulation versus the asserted need for legislation or regulation. So it is interesting to see what is going on in Europe in the realm of self-regulation.