Happy Data Privacy Day! Data Privacy Day represents a timely opportunity to highlight anticipated significant developments in Canadian privacy law in 2020 that we are monitoring following two major developments from the Government of Canada.
January 2020
Interim proprietary injunction granted over bitcoin cyber extortion payment
An interim proprietary injunction has been granted by the English High Court over a bitcoin ransom payment paid to a third-party wallet.…
Changes to Hong Kong’s data protection law discussed by government panel
The discussion paper on the proposed changes to Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO) was debated by the Legislative Council’s Panel on Constitutional Affairs’ (the Panel) on 20 January. The proposals set out in LC Paper. No. CB(2) 512/19-20(03) (the Paper) are summarised in our earlier post.
Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)
2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. We have set out below the key highlights of the year and what to look out for in 2020.
Discussion paper published on Hong Kong’s data protection law
Written by Partner Anna Gamvros and Associate Libby Ryan, both based in the Hong Kong office.
Earlier this week, the Constitutional and Mainland Affairs Bureau (the CMAB) released its discussion paper (LC Paper. No. CB(2) 512/19-20(03) (the Paper)…
State of the Union: CCPA and Beyond in 2020
On New Year’s Day, you may have received emails from numerous companies saying their privacy policies have changed, or noticed a link at the bottom of many companies’ homepages stating “Do Not Sell My Info.” These are two of the more visible requirements of the California Consumer Protection Act (CCPA) and companies are still in the process of rolling out other requirements. For those of you that are in the EU or doing business with companies that offer products or services to EU residents, this might have felt like the movie “Groundhog Day.”
To understand the various approaches to CCPA compliance, we reviewed the websites of 50 companies in the Fortune 500® and noticed a few trends:
The Privacy Officers’ New Year’s Resolutions
1. Brace yourself (for export turbulence)
2020 could well be a year of data export turmoil – so brace yourself.
The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) (Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).
The Advocate General (AG) delivered his non-binding opinion on the SCCs just before Christmas (see our blog post). Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. He also raised serious doubts over the validity of the Privacy Shield. If the CJEU shares these doubts, it could influence the outcome of La Quadrature du Net.
Data localisation issues are also set to resurface during 2020. China’s requirements are tricky, the Russian Data Localisation law now has monetary penalties and the draft Indian data protection bill also imposes localisation requirements in certain circumstances.