On July 6, 2020, the U.S. Supreme Court upheld most of the federal law that prohibits “robocalls” to cell phones but struck down the exception for collection of debts owed to the federal government. (Barr v. American Association of Political Consultants, No. 19–631 (July 6, 2020) (2020 WL 3633780).) Previously, on June 25, a Bureau of the Federal Communications Commission issued some guidance on what constitutes an “autodialer” (or “automatic telephone dialing system“—“ATDS”) relating to that law’s prohibition on text messages. (In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, P2P Alliance Petition … Continue Reading
UPDATE: Registration deadlines for VERBİS extended
Posted in Data breach
The deadline for data controllers to register with the Data Protection Authority’s publicly accessible data controller registry, known as VERBİS, has been extended. In its June 23, 2020 decision, the Authority extends the VERBİS registration deadline until September 30, 2020 for the following data controllers:
Turkish data controllers employing more than 50 people annually or whose annual total financial statement exceeds TL 25 million (approx. USD 3.7 million), and
Data controllers not located in Turkey.
With the exception of some exempt classes, all data controllers (individuals as well as legal entities) must register with VERBİS prior to processing any personal … Continue Reading
Schrems II judgement due in July – what this might mean for your outsourcing deal
Posted in Compliance and risk management
Just when we thought our summers might have been looking a bit dull, it was announced that the Court of Justice of the European Union (CJEU) will be making its final ruling in Case C-311/18, Data Protection Commissioner v Facebook Ireland & Schrems on 16 July 2020. This judgement concerns the legality of the European Commission approved Standard Contractual Clauses (SCCs) which many organisations rely on to transfer personal data outside of the UK and the European Economic Area (EEA), particularly in relation to outsourcing services.
On 19 December 2019, the Advocate General (… Continue Reading
Selling and utilising personal data in an insolvency situation
Posted in Compliance and risk management
Many businesses are suffering serious financial difficulties as a result of COVID-19, particularly those in the retail, hospitality and tourism sectors. For many of these businesses the one asset that will undoubtedly retain value, despite the pandemic, will be their customer database. This valuable commodity could help attract potential purchasers.
But this is a tricky area to navigate, particularly following the General Data Protection Regulation (GDPR), since both the ICO and the FCA have started to pay more attention to this area. For example, in February of this year, the FCA and ICO issued a joint statement warning … Continue Reading
Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act
Posted in GeneralOn 14 May 2020, the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) announced a public consultation (the Public Consultation) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill) and related amendments to the Spam Control Act (SCA). The Public Consultation will take place from 14 May 2020 to 28 May 2020.
The Draft Bill is the culmination of a series of consultations between the MCI, PDPC and public and industry stakeholders over the past three years. In this post, we briefly … Continue Reading
Contact tracing apps: A new world for data privacy
Posted in GeneralMay 12, 2020
Norton Rose Fulbright today launched its survey analysing regulatory and policy issues applicable to COVID-19 contact tracing and related tracking technology across 18 jurisdictions.
The global survey explores key issues across Australia, Canada, China, France, Germany, Hong Kong, Italy, Indonesia, Russia, Poland, Singapore, South Africa, Thailand, The Netherlands, Turkey, UAE, UK and US, including:
- How are governments using technology to monitor and control the spread of COVID-19?
- What are the major privacy concerns in relation to the utilisation of apps by both governments and private sector organisations?
- How will the apps collect data and how is the
How to process employees’ health data in France after lockdown: dos and don’ts for employers
Posted in Compliance and risk management
A few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown.
On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of the lockdown approaches.
Could an employer require its employees to use StopCovid or a similar private app and require to see the results?
No. The CNIL stated in its opinion of 24 April 2020, that the “voluntary” mode of the app implied that no negative … Continue Reading
StopCovid: the French contact-tracing app
Posted in Compliance and risk management
Following the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”. The app is designed to be used by people once they leave the confinement of their homes with the aim of preventing the spread of COVID-19. StopCovid is being developed within the INRIA, the French national research institute for digital sciences and technologies.
This blog post summarises the status of the project and the discussions from legal, political, scientific and technological perspectives.
How will StopCovid work?
For each smartphone on which the app is downloaded, temporary crypto-identifiers will be generated … Continue Reading
How contact tracing apps in Asia are being used to fight COVID-19 – is the reward worth the risk?
Posted in General
The COVID-19 pandemic has seen governments across the world restricting civil liberties and movement to unprecedented levels. To aid the safe lifting of current public health restrictions, new technologies are being developed and rolled out to automate labour intensive tasks critical to containing the spread of the virus, such as contact tracing.
Contact tracing applications essentially work using either Bluetooth technology or GPS to log every time two or more users are close to each other for a certain period of time. If a person is diagnosed with COVID-19, other users who were close to that person can then be … Continue Reading
Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon
Posted in Compliance and risk managementLast week, the Irish Data Protection Commission (“DPC”) published its much anticipated guidance note on cookies and similar tracking technologies (the “Guidance”). It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “Report”). The cookie sweep requested information from the data controllers and examined the deployment of cookies on their websites to understand how and whether they were complying with the cookie rules. It is clear the Report significantly influenced the Guidance and, as such, the Report provides an indication of … Continue Reading
