Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: one-stop shop

Posted in International/EU Privacy

Future-Proofing Privacy: Enforcement and the Risk of Non-Compliance

Part 10 of Future-Proofing Privacy: Enforcement and the Risk of Non-Compliance. One of the major purposes of the Regulation is to ensure a consistent application of data protection law throughout the EU, not only to provide a high level of data protection but also to guarantee legal certainty for businesses when handling personal data. This has presented legislators with one of their biggest challenges: how to maintain the existing network of independent national DPAs, whilst ensuring that they promote a consistent interpretation of the Regulation and minimising the number of different DPAs which a controller has to deal with. It remains to be seen whether they have devised a workable solution.

Posted in International/EU Privacy

Why Europe’s New Privacy Reg is a Business-Critical Issue

It has finally happened. Like that train you are waiting for that keeps getting delayed but eventually arrives. The all-powerful trio comprising the European Parliament, the Council of the EU and the European Commission arrived at their destination after a journey of four years, and on December 15th, 2015, agreed the final text of the EU General Data Protection Regulation. Once formally adopted in the coming weeks, the GDPR will create a completely new legal framework for the collection, use and sharing of personal information that will apply well beyond Europe.

Posted in International/EU Privacy

PART 10: Enforcement and the Risk of Non-Compliance

One of the major purposes of the Regulation is to ensure a consistent application of data protection law throughout the EU, not only to provide a high level of data protection but also to guarantee legal certainty for businesses when handling personal data. This has presented legislators with one of their biggest challenges: how to maintain the existing network of independent national DPAs, whilst ensuring that they promote a consistent interpretation of the Regulation and minimising the number of different DPAs which a controller has to deal with. It remains to be seen whether they have devised a workable solution. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”

Posted in International/EU Privacy

With EU Privacy Reform, the Marathon Is In Its Final Stretch

If the EU data protection legislative reform was a marathon, we would now be approaching the 20-mile mark. That is the critical point where one can start to think that the finish line is within reach in the knowledge that the hardest part is yet to come. At present, the EU legislative process that started more than three years ago is about to reach a crucial milestone: On 15 and 16 June, the Council of the EU—which shares legislative powers with the European Parliament—is due to reach an agreement on its own preferred draft for the General Data Protection Regulation.

Posted in International/EU Privacy

A Credible Strategy for One Stop Shop

It’s been said before but the CJEU’s decision on the Google Spain v. AEPD case was a real game changer. Every law student on the planet learns that there are a number of sources that contribute to the legal system of a given jurisdiction. First and foremost are the statutes adopted by – in the best of cases – democratically elected parliaments. Then there are a myriad of legal obligations that arise from various sources ranging from regulatory guidance to market practices. Ultimately, the most authoritative source is the case law that is constantly emerging from courts’ decisions. Data protection law is no exception and the CJEU has emerged as the ultimate interpreter of the legislator’s will.

Posted in International/EU Privacy

The Privacy Challenges of the New European Commission

The European Union’s executive branch has a brand new engine. Following the European Parliament’s election earlier this year and after months of political manoeuvring, a new European Commission is now in place and fully operational. The Commission’s functions remain as they were but under a revised structure of one president – Jean-Claude Juncker – seven vice-presidents responsible for designated policy areas and 20 commissioners. As the main policy making body in the European Union, the Commission continues to be in charge of pushing forward the ongoing data protection legislative reform that will lead to a new legal framework for privacy across the EU.

Posted in News & Events

Preview of the Global Data Protection Conference in Mauritius: Hogan Lovells Partner to Play Prominent Role

From 13 to 16 October 2014, privacy regulators and data protection authorities from around the world will be gathering together with experts in the field – including our London-based partner Eduardo Ustaran – to discuss, debate and hopefully agree on how to address the toughest privacy challenges of our time. The 36th International Conference of Data Protection and Privacy Commissioners is entitled “A World Order for Data Protection – Our Dream Coming True?” This year’s conference is taking place in Mauritius, a clear sign of the truly global nature of this issue.

Posted in International/EU Privacy

Is Appointing an EU Controller Still Valuable for Global Businesses?

The dust has yet to settle but much has already been said about the implications of the Google Spain decision by the Court of Justice of the European Union and the right to be forgotten. The controversy has focused on the impact of this judgment on freedom of expression and the right of access to information, as well as the potentially devastating effect of a large amount of deletion requests. EU regulators are wondering – like everybody else – how big and unmanageable this is going to get, whilst search engines scramble for resources to deal with the unknown. With the prospect of an even more demanding EU privacy framework looming over the horizon, the right to be forgotten decision is a potential game changer for the whole Internet industry. But the CJEU did not just enable an unprecedented level of control by individuals over their data, it shook the basis on which the applicability of EU data protection law has been understood until now.

Posted in International/EU Privacy

European Parliament Overwhelmingly Approves Data Protection Regulation

On 12 March 2014, the European Parliament voted overwhelmingly in favour of the European Commission’s data protection reform with 621 votes for, 10 against, and 22 abstentions for the proposed General Data Protection Regulation. The vote is significant because it confirms the approval of the European Parliament, one of the required participants in the s0-calle “trilogue” process along with the Commission and the Council, which will not change even if the composition of the Parliament changes following the European elections in May.

Posted in International/EU Privacy

Commissioner’s Roadmap for Conclusion of EU Data Protection Reform Package Announced

Data Protection Day in Europe, 28 January 2014, saw the announcement by EU Justice Commissioner Viviane Reding of a more precise timetable for the adoption of the EU’s data protection reform package, comprising a Regulation governing general data protection and a Directive governing the use of personal data in the area of law enforcement and crime. The Council of the EU will agree upon a formal negotiating mandate by the end of June 2014, with a view to inter-institutional negotiations concluding by the end of 2014.

Posted in Consumer Privacy

Progress Falters on EU Data Protection Regulation at Council Meeting

The Council of the EU failed to make any progress towards the adoption of an agreed negotiating position on the Data Protection Regulation at its meeting on Friday, 6 December 2013. While momentum had begun to build following the vote by the EU Parliament’s LIBE Committee in October, expectations of progress within the Council were dampened by the formal agenda circulated before the Justice and Home Affairs (JHA) Committee met, which tabled a review of the current state of play and detailed discussion of the one-stop-shop issue.

Posted in Consumer Privacy, International/EU Privacy

EU Parliamentarian Releases “Highlights” of Data Protection Amendments

On October 17, Jan Albrecht, rapporteur to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”), issued a release in which he claims that “Edward Snowden and the PRISM scandal laid the ground” for including a prohibition against telecommunications and Internet companies transferring data to other countries’ governmental authorities unless otherwise permitted by EU law. Albrecht’s release offers 10 points to describe the draft Regulation that LIBE is scheduled to vote upon on October 21. If LIBE adopts the draft, the Parliament, Council, and Commission will begin work on negotiating the final legislation, which parliamentarians hope will be adopted before elections in May 2014.

Posted in International/EU Privacy

Draft EU Data Protection Regulation Discussions Stall on One-Stop-Shop Issue

On 7 October 2013, the Ministries for Justice and Home Affairs of the 28 Member States of the European Union met in Luxembourg to further discuss the draft General Data Protection Regulation that is intended to replace the current European data protection framework, particularly debating the controversial “one-stop-shop” principle that would provide organization’s one lead regulator in Europe.

Posted in Consumer Privacy, International/EU Privacy

French Government Has Serious Reservations About the Draft EU Regulation, Putting its Adoption in Doubt

On June 11, the French Minister for Digital Economy indicated during questioning by a French Member of Parliament about the status of the draft data protection regulation that the Minister of Justice had rejected, during the meeting of the European Council held last week, the latest version of the draft regulation.

Posted in Consumer Privacy, International/EU Privacy, Privacy & Security Litigation

German Court Holds Presence of Irish Subsidiary Precludes Application of German Data Protection Law to Facebook

In a decision with important implications not only for Facebook but potentially for many companies not primarily located in Europe but with European customers, on February 14 the Administrative Court (Verwaltungsgericht) for the German State Schleswig-Holstein decided that German data protection law is not applicable to U.S.-based Facebook Inc. as well as its European subsidiary, Facebook Ireland Ltd., […]