Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: implied consent

Posted in International/EU Privacy

Cookie Consent Is the New Panic

Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating a website without cookies, the dilemma around what solution to deploy has become a serious business decision. Different business stakeholders are often at odds with each other and matters are getting escalated to decision makers who had never been involved in the technically complex and largely misunderstood world of cookies. The tension is rising and yet, no approach has emerged as the preferred one among all involved. So everyone is getting anxious to find a way to do what they have always done and comply with the law. Is this panic justified?

Posted in International/EU Privacy

China’s Revised Draft Data Localisation Measures

On 19 May 2017, the Cyberspace Administration of China released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures. The draft emerged just over a week after public comments closed on the first draft of the measures. the Second Draft Export Review Measures do, to an extent, relax some of the more stringent requirements stated in the First Draft Export Review Measures and originally due to become law on 1 June, 2017 when China’s Cyber Security Law takes effect. However, the revised draft measures as set out in the Second Draft Export Review Measures still leave a significant compliance challenge for multi-national businesses operating in China . We explore the Second Draft Export Review Measures below.

Posted in International/EU Privacy

Future-Proofing Privacy: Justifying Data Uses

Part 4 of Future-Proofing Privacy: Justifying Data Uses – From Consent to Legitimate Interests. Currently, under the Data Protection Directive, each instance of data processing requires a legal justification – a “ground for processing”. This fundamental feature of EU data protection law will remain unchanged under the Regulation. However, the bar for showing the existence of certain grounds for processing will be set higher. This is especially true with regards to consent.

Posted in International/EU Privacy

Cookie Consent—What’s Changed?

Almost five years ago, EU legislators shocked the Internet world by changing the legal requirement for the use of cookies and similar device identification techniques from “notice and opt-out” to “notice and consent.” At first, there was a sense of disbelief about whether this sudden legal twist was for real. As the dust settled, it became clear that what had been common practice until then—sticking a generic paragraph about the use of cookies in the privacy policy and referring users to the browser’s menu for further control—was no longer enough to comply with the new requirement.