Selling and utilising personal data in an insolvency situation

Marcus Evans (UK)Rebecca Oliver (UK)By Marcus Evans (UK), Janine Regan (UK), Rebecca Oliver (UK) and Alice Routh (UK) on Posted in Compliance and risk management
Data Protection Report - Norton Rose Fulbright

Many businesses are suffering serious financial difficulties as a result of COVID-19, particularly those in the retail, hospitality and tourism sectors.  For many of these businesses the one asset that will undoubtedly retain value, despite the pandemic, will be their customer database.  This valuable commodity could help attract potential purchasers.

But this is a tricky area to navigate, particularly following the General Data Protection Regulation (GDPR), since both the ICO and the FCA have started to pay more attention to this area.  For example, in February of this year, the FCA and ICO issued a joint statement warning … Continue Reading

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

Wilson Ang (SG)Stella Cramer (SG)Jessica Paulin (SG)Jeremy Lua (SG)By Wilson Ang (SG), Stella Cramer (SG), Jessica Paulin (SG) and Jeremy Lua (SG) on Posted in General

On 14 May 2020, the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) announced a public consultation (the Public Consultation) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill) and related amendments to the Spam Control Act (SCA). The Public Consultation will take place from 14 May 2020 to 28 May 2020.

The Draft Bill is the culmination of a series of consultations between the MCI, PDPC and public and industry stakeholders over the past three years. In this post, we briefly … Continue Reading

Contact tracing apps: A new world for data privacy

Anna Gamvros (HK)Steven Hadwin (UK)By Anna Gamvros (HK) and Steven Hadwin (UK) on Posted in General

May 12, 2020

Norton Rose Fulbright today launched its survey analysing regulatory and policy issues applicable to COVID-19 contact tracing and related tracking technology across 18 jurisdictions.

The global survey explores key issues across Australia, Canada, China, France, Germany, Hong Kong, Italy, Indonesia, Russia, Poland, Singapore, South Africa, Thailand, The Netherlands, Turkey, UAE, UK and US, including:

  • How are governments using technology to monitor and control the spread of COVID-19?
  • What are the major privacy concerns in relation to the utilisation of apps by both governments and private sector organisations?
  • How will the apps collect data and how is the
Continue Reading

How to process employees’ health data in France after lockdown: dos and don’ts for employers

Cécile Auvieux (FR)Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blog

A few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown.

On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of the lockdown approaches.

Could an employer require its employees to use StopCovid or a similar private app and require to see the results?

No.  The CNIL stated in its opinion of 24 April 2020, that the “voluntary” mode of the app implied that no negative … Continue Reading

StopCovid: the French contact-tracing app

Cécile Auvieux (FR)Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blog

Following the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”.  The app is designed to be used by people once they leave the confinement of their homes with the aim of preventing the spread of COVID-19. StopCovid is being developed within the INRIA, the French national research institute for digital sciences and technologies.

This blog post summarises the status of the project and the discussions from legal, political, scientific and technological perspectives.

How will StopCovid work?

For each smartphone on which the app is downloaded, temporary crypto-identifiers will be generated … Continue Reading

How contact tracing apps in Asia are being used to fight COVID-19 – is the reward worth the risk?

Anna Gamvros (HK)By Anna Gamvros (HK) and Libby Ryan (HK) on Posted in General
Data Protection Report - Norton Rose Fulbright

The COVID-19 pandemic has seen governments across the world restricting civil liberties and movement to unprecedented levels. To aid the safe lifting of current public health restrictions, new technologies are being developed and rolled out to automate labour intensive tasks critical to containing the spread of the virus, such as contact tracing.

Contact tracing applications essentially work using either Bluetooth technology or GPS to log every time two or more users are close to each other for a certain period of time. If a person is diagnosed with COVID-19, other users who were close to that person can then be … Continue Reading

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

Christoph Ritzer (DE)Nadège Martin (FR)Marcus Evans (UK)By Janine Regan (UK), Christoph Ritzer (DE), Nadège Martin (FR) and Marcus Evans (UK) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blog

Last week, the Irish Data Protection Commission (“DPC”) published its much anticipated guidance note on cookies and similar tracking technologies (the “Guidance”).  It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “Report”).  The cookie sweep requested information from the data controllers and examined the deployment of cookies on their websites to understand how and whether they were complying with the cookie rules. It is clear the Report significantly influenced the Guidance and, as such, the Report provides an indication of … Continue Reading

California AG Issues Significant Changes to Draft CCPA Regulations as of March 2020

Jeewon Kim Serrato (US)Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in CCPA
Data Protection Report - Norton Rose Fulbright

On February 7, 2020, and again on March 11, 2020, the Office of the Attorney General (OAG) issued revisions to the proposed California Consumer Privacy Act (CCPA) regulations, and there are some surprises in both the additions and in the deletions.  For the CCPA regulations to become effective on July 1, the final regulation text must be filed with the Secretary of State by May 29.

Click here for the text of modified regulations.  Our white paper with a summary of the changes is available for download here.… Continue Reading

Obtaining and sharing employee health status information in a pandemic

Marcus Evans (UK)Miranda Byrne Hill (UK)By Marcus Evans (UK) and Miranda Byrne Hill (UK) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blog

Employers across the world are facing extremely difficult challenges in keeping their workplaces safe for their employees, contractors and visitors during the COVID-19 pandemic.

Although the prevailing instinct is likely to be to protect and to prevent the spread of the virus at all costs, under data protection laws this still needs to be weighed against the privacy rights of employees. Depending on where their employees are located, employers may have to favor privacy over virus detection. This blog sets out a few of the key issues and a snapshot of how they are dealt with across five European jurisdictions … Continue Reading

NYDFS Requires COVID-19 Plans by April 9

Susan Ross (US)Kathleen Scott (US)By Susan Ross (US) and Kathleen Scott (US) on Posted in Compliance and risk management, Cybercrime, Cybersecurity, Dispute resolution and litigation, Enforcement, General
Norton Rose Fulbright - Data Protection Report blog

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, 2020.… Continue Reading

LexBlog