On October 27, 2015, the Cybersecurity Information Sharing Act of 2015 (CISA), passed the Senate, by a 74-21 vote. The bill’s passing by such an overwhelming majority is a crucial step towards the controversial CISA becoming law, with support from some security experts and to the chagrin of other privacy advocates.
2015
DIFC Data Protection Commissioner issues guidance on US data exports following Schrems case
The Dubai International Financial Centre (DIFC) Commissioner for Data Protection has issued guidance to DIFC entities on the export of personal data outside the DIFC in light of a landmark data protection ruling by the European Court of Justice (ECJ).
Reports suggest US-EU agreement on cross-border data transfers near, but will it stick?
It is being reported that the EU and the US have reached an agreement in principle on the revised cross-border data transfer framework, commonly referred to as Safe Harbor 2.0. Both sides expect further progress on the specifics in November of this year. Some of the thornier issues, however,regarding US surveillance activities, that are critical to addressing the concerns the ECJ raised in Schrems, are yet to be firmed up with verifiable compliance commitments.
German Data Protection Authorities Suspend BCR approvals, question Model Clause transfers
Following on from the EU Article 29 Working Party Statement of 16 October 2015, the Conference of the German Data Protection Authorities – (“DPAs”) has today issued guidance (referred to as a Position Paper) on the consequences of the CJEU decision in the Schrems case (Case C-362/14).
South Africa places limits on internet activity tracking
Each device which accesses the internet is allocated a unique number (Internet Protocol or IP address) by its internet service provider (ISP). A record is created each time this IP address accesses a webpage, including the date, time and URL (website address) accessed. These records are stored by the ISP.
Five new privacy laws on tap in California
This month, California Governor Jerry Brown signed into law five new privacy bills that the Governor said are intended to strengthen data protections for the state’s residents. The laws, effective as of January 1, 2016, implement California’s Electronic Communications Privacy Act and amend the state’s breach notification statute, among other things.
In this post, our Data Protection, Privacy & Cybersecurity team members discuss these new laws and what they mean for companies.
Australia: Metadata retention commences, but breach notification is delayed
On 13 October 2015, substantial amendments to the Australian Telecommunications (Interception and Access) Act 1979 (Cth) (TIA) took effect to introduce a new metadata retention scheme into the TIA. This scheme requires telecommunications carriers and internet service providers (telcos) operating in Australia to maintain records of certain telecommunications data, known as ‘metadata’, for a period of two years.
WP29 Issues Post-Safe Harbor Guidance
The following is the statement of WP29 on the Schrems decision. It is a short opinion that we replicated here in full. We note that WP29 appears to suggest that model clauses and BCRs remain viable through at least January …
Challenges to banking and tech: data and cybercrime
The proliferation of data gives rise to two challenges:
- Companies need to manage the vast amounts of data they now control and turn it to useful purposes.
- The availability of so much data has been an ideal environment for an explosion of various forms of cybercrime.
A German data protection authority questions model clauses
The German data protection authority from the northern state Schleswig-Holstein has released guidance in connection with the ECJ’s decision on Safe Harbor.