Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: GDPR

Posted in International/EU Privacy

Belgian DPA Issues Guidance on Temperature Measurements in the Context of COVID-19

On 5 June 2020, the Belgian Data Protection Authority issued a guidance regarding temperature screenings within the context of the return-to-work policies developed by companies following the COVID-19 pandemic. In the guidance, the Belgian DPA addresses, among others, the privacy concerns arising from different methods of temperature screening.

Posted in International/EU Privacy

Facial Recognition Challenged by French Administrative Court

In a decision dated 27 February 2020, the French Administrative Court of Marseille invalidated the deliberation of the Provence-Alpes-Côte d’Azur Regional Council which allowed to set up, on an experimental basis, a facial recognition mechanism in two high schools in order to (i) better control and speed up entry of students into the high schools and (ii) control access to premises of occasional visitors. This decision is important as this is the first administrative court decision in France about facial recognition.

Posted in International/EU Privacy

EDPB Signals Efforts on International Data Transfers as CJEU Review of Current Tools Draws Near

The European Court of Justice recently published plans to issue its much awaited decision in CJEU case C-311/18 on July 16. The ruling will impact how organizations lawfully transfer personal data from the EEA to jurisdictions not providing an “adequate” level of data protection in accordance with the GDPR. The ruling will specifically address the validity of the European Commission’s standard contractual clauses and it may also affect operation of the EU-US Privacy Shield. On May 18, the European Data Protection Board published a report on its 2019 activities that may signal whether it plans to influence further development of this area.

Posted in International/EU Privacy

New Data Protection-Friendly eCommercial Model Clinical Trial Agreements Now Available

Updated versions of the UK model Clinical Trial Agreement and the Clinical Research Organisation model Clinical Trial Agreement have been published. Given the increasing importance of safe but swift clinical trials in the time of coronavirus, this post outlines the main changes introduced from a data protection perspective and what they mean for contracting parties.

Posted in News & Events

Now Available — AdTech and Privacy: Managing Risk in a Complex and Evolving Digital Economy (Webinar Materials)

On Wednesday April 15, Hogan Lovells and Ankura hosted a webinar about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. James Denvil from Hogan Lovells’ Privacy and Cybersecurity practice was joined by senior directors from Ankura to share best practices and perspectives. The webinar recording and slides are now available on our blog.

Posted in International/EU Privacy

CNIL’s New Guidelines on HR Processing

The French Data Protection Authority has recently released new guidelines (French only) regarding human resources processing operations. When the GDPR became effective, the CNIL’s previous set of HR Data guidelines became out of date as they did not incorporate new law’s requirements (e.g. obligations relating to records of processing activities and Data Protection Impact Assessments). These new guidelines replace several older HR guidelines issued by the CNIL, including and in particular the well-known Simplified Norm NS-46 and the Notification Exemption for payroll, both of which are no longer applicable.

Posted in News & Events

Webinar Invitation — Prepare for Global Data Class Actions

Please join us on Tuesday, April 28, 2020 for a one-hour webinar discussion during which Partners from Hogan Lovells will provide a general overview of data class actions in the United States, Europe, Mexico, and Russia.

Posted in International/EU Privacy

Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2020

Today’s urgent focus on COVID-19 makes it easy to forget that data protection regulation saw significant development in the APAC region through 2019, with important legislative reforms and a number of new laws. What do you need to be doing to prepare your organization for the future? Our Asia Pacific Data Protection and Cyber Security Guide 2020 (linked in this blog post) takes you through the developments and key initiatives of APAC countries and discuss the implications of an ever-shifting landscape.

Posted in International/EU Privacy

Coronavirus and Data Protection: Europe’s Data Protection Authorities’ Views

Data protection authorities from around the world are stepping in to provide their input and guidance on the matter of data processing activities and the fight against the coronavirus.  Hogan Lovells’ global Privacy and Cybersecurity team has compiled the guidance from various European authorities, which we are making available with this post.

Posted in International/EU Privacy

The Future of UK Data Protection

As with anything Brexit-related, the UK government is facing a dilemma in relation to data protection law. Shall we follow the direction of travel of the past 25 years and opt for the continuity and certainty provided by the GDPR or shall we use the departure from the EU to make radical changes to the regulation of data uses and privacy? On the one hand, it would be reassuring to know that despite Brexit’s uncertainties, the current framework is here to stay and it will develop in a familiar way. On the other hand, it must be tempting to use this opportunity to completely re-think what is in the best national interest. For an area of law and policy that is so closely related to technological development and prosperity, it would be foolish not to consider whether a different formulation would lead to better outcomes. A dilemma indeed.

Posted in International/EU Privacy

Whistleblowing Schemes: New Guidelines Issued by the CNIL

The French Data Protection Authority published new Guidelines on December 10, 2019 applicable to whistleblowing schemes, following a public consultation process. The Guidelines replace the former Single Authorization AU-004, which has not applied since arrival of the General Data Protection Regulation. The CNIL has also published a useful Frequently Asked Questions webpage regarding the Guidelines. The CNIL’s new Guidelines import certain aspects of its former position on whistleblowing schemes.

Posted in International/EU Privacy

Should I Be Worried About the GDPR? – EDPB’S Guidelines on the GDPR’S Territorial Scope

Does the GDPR really apply to my company? From a data protection standpoint, this is the first thing that comes to mind within non-EU companies. In many cases, the GDPR seems like an issue of the Old Continent, so it does not affect non-EU companies. In others, companies apply the GDPR to all their processing activities just to avoid the possibility of being addressed by EU authorities. Neither decision is per se correct.

Posted in International/EU Privacy

Getting Cookie Consent Right

One could be forgiven for thinking that knowing how to comply with a legal obligation that has been in place for nearly a decade would be clear cut. However, widespread practice tells us that this is far from the truth. In November 2009, as part of wider reforms to the European telecommunications regulatory framework, the European Union introduced various amendments to the existing Directive 2002/58/EC (e-Privacy Directive), including to the provisions regulating the use of cookies.

Posted in International/EU Privacy

Spanish DPA on Use of Cookies: Continued Browsing is Consent

On November 8, the Spanish data protection authority published new Guidelines on the Use of Cookies. The Guidelines have been prepared in collaboration with different organisations in the marketing and online advertising industries, and aim to provide some direction on the use of cookies and similar technologies in compliance with information society services laws and regulations.

Posted in International/EU Privacy

Spanish DPA Publishes Guide for Satisfying PbD Obligation

On October 17, the Spanish data protection authority published the Guide to Privacy by Design. While Privacy by Design first became a legal requirement in the EU with implementation of the General Data Protection Regulation, it is a well-known concept among privacy professionals that dates back to the 1990s. PbD should be construed as “the need to consider privacy and the principles of data protection from the inception of any type of processing.” It is a concept focused on risk management and accountability that aims to incorporate privacy protections throughout the life cycle of systems, services, products, and processes. It involves the application of measures for privacy protection among all business processes and practices associated to personal data.

Posted in Health Privacy/HIPAA, International/EU Privacy

Medical Research Council Advises on How to Anonymise Information for Research Purposes

Anonymisation has always been (and still is) a real challenge for those carrying out clinical research. To shed some light on this matter, the Medical Research Council – which is part of UK Research and Innovation – has recently published guidance on Identifiability, anonymisation and pseudonymisation. Although the guidance itself states that it has been developed with the participation of the Information Commissioner’s Office, it is not ICO-approved and so institutes and organisations should be cautious when relying on the criteria set out in the guidance.

Posted in International/EU Privacy

CJEU: Consent on the Internet Means ‘Opt-In’

On 1 October 2019, the Court of Justice of the European Union handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17. In the Planet49 case, the German Federal Court referred a number of questions to the CJEU regarding the validity of consent to cookies placed by a website operating an online lottery.

Posted in News & Events

Hogan Lovells at IAPP Privacy. Security. Risk. 2019

Join members from our award-winning Privacy and Cybersecurity practice at this week’s IAPP Privacy. Security. Risk. 2019 conference in Las Vegas. We hope to see you at one of our sessions listed below.

Posted in News & Events

Privacy and Cybersecurity September 2019 Events

Join us in September as we will be at the IAPP Privacy. Security. Risk. 2019 conference in Las Vegas discussing the CCPA, the GDPR, and traits of effective privacy and security professionals. We will also be exploring the latest thinking on key privacy and cybersecurity topics as well as cybersecurity as it relates to medical devices and patients, and more. We hope you can join us.

Posted in International/EU Privacy

The ICO Updates Its Data Sharing Code of Practice

On 9 July 2019 the UK data protection authority updated its Data Sharing Code of Practice (first published in 2011). On the same day, the ICO also announced its intention to fine Marriott International just over £99m for infringements of the General Data Protection Regulation, highlighting the importance of due diligence in the context of data sharing.

Posted in International/EU Privacy

New French Guidelines on Cookies and Trackers

On 19 July the French Data Protection Authority published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral recommendations setting out practical methods for obtaining consent. These sectoral recommendations will be included in a final version of the guidelines on cookies and trackers open for public consultation, which will then be subject to final adoption by the CNIL (expected early 2020).