How do you balance sharing and protecting your business’ data? Unlike tangible assets, which can be protected primarily through physical means, intangible assets such as data require additional considerations. One key strategy to protect your business’ data is to characterize, and protect, that data as intellectual property. Data as IP Copyright Original compilations of data … Continue reading
On 26 August 2021, in a move that puts it on a potential collision course with the EU, the UK Government made a number of announcements relating to the future of the UK’s data protection regime, with the stated intention of “seizing the opportunity” by “developing a world leading data policy that will deliver a … Continue reading
Given global trends in the development of privacy laws and enforcement, Canada and several provinces are looking at modernizing their respective privacy regimes. Ontario’s new proposed privacy law, which would govern commercial activities more broadly than current legislation (i.e., our federal legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s health privacy … Continue reading
China’s much anticipated Personal Information Protection Law (PIPL) is very likely to pass this month after the conclusion of the 30th meeting of the Standing Committee of the National People’s Congress, which is to be held in Beijing on 17-20 August. This follows the enactment earlier this year of the Data Security Law (DSL), which … Continue reading
Germany’s highest civil court, the Federal Court Of Justice (Bundesgerichtshof, the FCJ), has just published a decision specifying the scope of data subject access requests (DSARs). The FCJ held that Article 15 of the EU General Data Protection Regulation (GDPR) has a broader scope than previously understood in Germany. Pursuant to the court’s decision, Article 15 … Continue reading
The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) was gazetted today, 16 July 2021. The Bill aims to combat doxxing acts through (i) criminalisation of doxxing acts; (ii) empowering the Privacy Commissioner for Personal Data to conduct criminal investigation and institute prosecution for doxxing cases; and (iii) conferring on the Commissioner statutory powers to … Continue reading
Yesterday, the European Data Protection Board (EDPB) published its opinion on the European Commission’s draft Decision that the UK ensures an adequate level of protection for personal data (the Opinion). The Opinion was adopted by the EDPB on 13 April 2021, a couple of days before the Opinion’s official publication on 15 April 2021. The … Continue reading
Following nine months of assessment of the UK’s data protection laws (including the rules on access to data by public authorities), the European Commission has today published its draft decision on the adequate protection of personal data by the United Kingdom. The draft decision can be found here. The draft decision is welcome news to … Continue reading
Eureka! After burning the midnight oil, we’ve built an automated scanner to identify and sort the Schrems II risk of data flows for further legal handling. The scanner uses more than 20 different data points derived from network metadata to scan and classify data flows based on mass surveillance risk under the NSA’s so-called “Upstream” … Continue reading
Algorithmic decision-making has been in the news of late. From Ofqual’s downgrading of students’ A-level results[1] to the complaint lodged by None of Your Business’ against the credit rating agency CRIF for failing (amongst other things) to be transparent about the reasons why a particular applicant had been given a negative rating[2]. We have been … Continue reading
On 11 August 2020, the Court of Appeal (CA) handed down its judgement in the case of R (on the application of Edward BRIDGES) v The Chief Constable of South Wales Police. The court found that the use of automated facial recognition technology (AFT) by South Wales Police (SWP) was unlawful and did not comply … Continue reading
On 10 August, the European Commission and the US Department of Commerce confirmed that talks have begun between the EU and US for an “enhanced” Privacy Shield. This will be the third attempt to revise this framework, following the invalidation of Safe Harbor in 2015 and Privacy Shield in July 2020. Third time a charm? … Continue reading
The Court of Justice of the European Union (CJEU) has today published its decision in the landmark case, known as Schrems II. While Privacy Shield has been completely invalidated, the Standard Contractual Clauses (SCCs) remain valid, but the court has emphasised obligations on the parties to the SCCs and Data Protection Authorities which have the … Continue reading
On 14 May 2020, the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) announced a public consultation (the Public Consultation) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill) and related amendments to the Spam Control Act (SCA). The Public Consultation will take place from … Continue reading
May 12, 2020 Norton Rose Fulbright today launched its survey analysing regulatory and policy issues applicable to COVID-19 contact tracing and related tracking technology across 18 jurisdictions. The global survey explores key issues across Australia, Canada, China, France, Germany, Hong Kong, Italy, Indonesia, Russia, Poland, Singapore, South Africa, Thailand, The Netherlands, Turkey, UAE, UK and … Continue reading
The COVID-19 pandemic has seen governments across the world restricting civil liberties and movement to unprecedented levels. To aid the safe lifting of current public health restrictions, new technologies are being developed and rolled out to automate labour intensive tasks critical to containing the spread of the virus, such as contact tracing. Contact tracing applications … Continue reading
On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, … Continue reading
On 21 January 2020 at a meeting at the World Economic Forum, the Personal Data Protection Commission (PDPC) and Infocommunications Media Development Authority (IMDA) released the second edition of its Model Artificial Intelligence (“AI”) Governance Framework (“Model Framework”).… Continue reading
Happy Data Privacy Day! Data Privacy Day represents a timely opportunity to highlight anticipated significant developments in Canadian privacy law in 2020 that we are monitoring following two major developments from the Government of Canada.… Continue reading
2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws. In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. We … Continue reading
What has happened? Yesterday, the Advocate General (“AG”) concluded that, in his opinion, the EU Standard Contractual Clauses (“SCCs”) are a valid mechanism to transfer personal data outside of the European Economic Area (“EEA”). However, the AG suggested new obligations for those using SCCs. They need to examine the national security laws of the country … Continue reading
The Grand Chamber of the ECHR held that Spanish shop workers’ right to privacy under Article 8(1) of the ECHR was not violated when their employer obtained evidence of theft from covert CCTV footage of the employees.… Continue reading
On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019.… Continue reading
Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. S.B. 5575). Anyone with personal information about a New York resident is potentially affected by … Continue reading