August 2015

While the Duke of Cambridge’s request for global media to respect the privacy of his son, Prince George, has started a debate over the extent to which individuals in the UK can rely on legal measures to prevent the publication of intrusive photographs, the position is somewhat clearer in the United Arab Emirates with specific provisions of the UAE Copyright Law granting protection to persons who appear in photographs.

In January, we commented on the release of a consultation paper by Abu Dhabi Global Market (ADGM) relating to proposed employment regulations. At the time, ADGM indicated that it would not be introducing more general legislation to regulate the handling and processing of personal data in the new free zone.

The Board of Directors of ADGM has subsequently reconsidered the issue and issued a consultation paper inviting public comment on a proposed set of standalone data protection regulations. This would be an alternative to the individual provisions currently legislating for a limited level of data protection on the employment regulations.

It is being reported that the European Union and the United States are nearing an agreement on the revised US-EU/US-Swiss Safe Harbor framework. Thousands of US companies that have certified compliance with the Safe Harbor should be encouraged that the framework – which has been the subject of sustained criticism by European data protection regulators – will live another day. At the same time, certified organizations should prepare for enhanced requirements and a more robust enforcement climate that might come with the revised framework.

Russia’s data protection authority, Roscomnadzor, has held a number of meetings with business associations to respond to the wave of questions that have arisen about the interpretation and application of Russia’s personal data localization law.

The law, which enters into force on September 1, 2015, requires that an operator, while collecting personal data, ensures the recording, systematization, accumulation, storage, rectification (update, change) and extraction of Russian citizens’ personal data using databases located in Russia.  The meetings sought to address at least two key concerns — whether data stored locally could also be transferred outside of Russia, and the reach of the law’s jurisdiction.

In a recent blog post, reflecting on Google’s ongoing dispute with France’s CNIL about the scope of the “right to be forgotten,” Peter Fleisher, Google’s Global Privacy Counsel, announced that Google will maintain its position that that company would not comply with the CNIL’s formal notice dated May 21, 2015 to implement individuals’ requests to exercise their “right to be forgotten” on the company’s sites worldwide.