A new German law, which grants authority to the country’s consumer and business associations to enforce compliance with data protection laws, goes into force on February 24, 2016. A representative of the German Ministry of Justice pointed out that the new enforcement powers are specifically aimed at foreign companies having their headquarters or operating from outside Germany, including the U.S.
On February 11, 2016, the Article 29 Working Party (WP29) issued a statement setting out its 2016 action plan for implementation of the General Data Protection Regulation (GDPR) and its work programme for 2016-2018. WP29 will
Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.
On February 5, 2016, Article 29 Working Party member and head of the Hamburg Data Protection Authority, Prof. Dr. Johannes Caspar, spoke about the EU-US Privacy Shield.
Caspar observed that, once approved, the EU-US Privacy Shield system will initially
Security researchers have been discussing medical device security for some time now, with some even predicting that there will be medical device ransomware attacks this year. It is therefore timely that the US Food and Drug Administration (FDA) – which oversees medical devices – recently issued two pieces of draft guidance.
On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.
On February 2, 2016, the European Commission and the United States reached an agreement on a new framework to permit transatlantic transfers of personal data. The new framework — named “EU-US Privacy Shield” — is slated to replace the US-EU Safe Harbor framework that was invalidated by the Court of Justice for the European Union.
On December 18, 2015, President Barack Obama signed into law the Cybersecurity Information Sharing Act of 2015 (CISA) as part of the 2016 omnibus spending bill. CISA encourages businesses and the federal government to share cyber threat information in the interest of national security.
On December 15, the Civil Liberties Committee (LIBE) of the European Parliament issued a press release announcing a provisional political agreement between the European Parliament and Council negotiators on the texts of both the General Data Protection Regulation and the Police & Judicial Cooperation Data Protection Directive. Formal approval by the Council is expected shortly and by the European Parliament in early 2016, after which the legislation will be published in the Official Journal. The new provisions will apply two years later, in the first quarter of 2018.
The Office of the Privacy Commissioner for Personal Data (PCPD) announced on 1 December 2015 that it has commenced an investigation on a data breach incident of VTech Holdings Limited (VTech), a Hong Kong stock exchange listed supplier of children’s learning products that is based in Hong Kong. The scope of the data breach is unclear, but it is likely that data subjects other than Hong Kong residents are affected. It was reported that the attorneys-general in the US states of Connecticut and Illinois have also announced plans to conduct their own investigation into this security breach.