Amid the constitutional and political uncertainties surrounding the Brexit process, the UK Government has provided welcome assurance on the data protection front. Guidance issued by the Department for Digital, Culture, Media & Sport (DCMS) confirms how UK data protection law will work in the event the UK leaves the EU without a deal. Whilst the Government still regards a No Deal Brexit as “unlikely”, given the extremely severe implications of that scenario for transfers of personal data into and out of the UK, the DCMS confirmation is hugely helpful in terms of the preparations needed for that eventuality.
Please join us for our June 2016 Privacy and Cybersecurity Events.
On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services, issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee. The FBIIC members work together to enhance the reliability and security of financial sector infrastructure. Mr. Albanese’s letter outlines potential new cybersecurity regulations that would impact NYDFS-regulated financial institutions. The letter, which follows numerous steps taken by the NYDFS in recent years to better understand and mitigate cybersecurity risks, further positions the NYDFS as a leading regulator on cybersecurity issues in the U.S., particularly with respect to the financial sector. While no precise timeline was specified for enacting the potential regulations outlined, it appears likely that the NYDFS may formally propose comprehensive cybersecurity regulations in the months ahead.
Last month, the Court of Justice of the European Union (ECJ) issued a ruling on the scope of EU member states’ jurisdiction over internet services. In Football Dataco Ltd v. Sportradar GmbH, the ECJ considered a jurisdictional issue related to the Database Directive, but its opinion could have broader implications for how the EU considers […]
Europe’s Network and Information Security Agency, ENISA, released on November 20, 2012 its report on the technical aspects of the right to be forgotten. ENISA first points out that any technical solutions for the right to be forgotten would require an unambiguous definition of the personal data that is covered by the right to be […]
Prominent European government officials provided up-to-the-minute perspectives on the proposed European data privacy regulation at this week’s IAPP Europe Data Protection Congress in Brussels. The officials’ comments — summarized below –indicate how the proposal might evolve for the next steps in the policy process, which include the issuance of the European Parliament’s formal report on […]
At a meeting of civil society in Uruguay today, Article 29 Working Party Chair Jacob Konstamm decried the “fierce lobbying” by the US government and IT companies on the pending EU Regulation and spoke directly to the issue of the explicit consent requirement in the proposed Regulation; the definition of personal data; and the issue of purpose limitation.
In a recently-issued opinion, the Article 29 Working Party is pushing for a definition of personal data that would cover data that permits individuals to be “singled out and treated differently.” The Working Party also supports stringent consent conditions, and criticizes delegated acts of the Commission.
Eric Bukstein, who is in the Privacy and Information Management Practice at Hogan Lovells recenly gave a video interview to Colin O’Keefe of LXBN (Lexblog Network) TV to discuss the FTC’s supplemental proposed changes to the COPPA Rule. The video can be viewed in this blog entry.
CNIL’s recently-released annual report gives insight from France’s authority into sanctions, the right to be forgotten, whistleblowing, and what it believes are several shortcomings in the proposed EU regulation.
In a just-published article for the American Bar Association Antitrust magazine entitled “So Close Yet So Far, The EU and US Visions of a New Privacy Framework.” available through a link in this blog entry, Hogan Lovells Privacy partners Winston Maxwell (Paris) and Chris Wolf (Washington) compare and contrast the pending proposals on both sides of the Atlantic for improvements to the privacy frameworks.
Commissioner Reding says right to be forgotten must be balanced with other rights. European Parliament Committee says regulation should be a minimum, calling for class actions and expanded extra-territoriality.
CNIL, Falque-Pierrotin, ‘data protection’, privacy, Europe, EU, regulation, BCR, accountability, sanctions, interoperability
The Article 29 Working Party released on March 29, 2012 its opinion on the European Commission’s proposed new data protection Regulation and Directive (WP191 – Opinion 01/2012 on the data protection reform proposals). The Working Party expresses strong reservations about the proposed Directive on data processing for police and criminal justice matters, criticizing the Commission’s […]
Chris Wolf, Hogan Lovells Privacy and Information Management Practice Director, has a column in Slate, the daily Web magazine addressing the tension between privacy laws and other societal interests, and the potential for inflexible application of privacy laws in the EU. His discussion is in the context of the prosecution of two reporters for invading the privacy of a former Nazi commando who had been in hiding for decades. A link to the column is included in this blog entry.
The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March. On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients.
Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.
We are pleased to provide an English language translation of Paris Office Partner Winston Maxwell’s article examining the European Commission’s proposed regulation on data protection, focusing on the Commission’s choice of a regulation as opposed to a directive, and the new obligations that will be imposed on companies, including the accountability principle, privacy by design and the obligation to conduct privacy impact assessments (PIA) for certain kinds of processing. The article describes the proposed changes to the rules on applicable law, which are designed to bring certain non-European websites within the scope of European privacy rules, the proposed “right to be forgotten” and right to data portability.
Despite rumors of delay, the formal announcement of a proposed comprehensive reform of the data protection framework in the European Union is now set for this Wednesday, January 25 at 12:30 CET (6:30 AM EST). This blog entry contains a link to the videostream of the announcement, as well as a synopsis and link to a video of a speech on Saturday by EU Justice Vice-President Viviene Reding. The Commission’s Data Privacy Day video on personal responsibility to protect privacy also is linked to.