Tag archives: data protection

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report - Norton Rose FulbrightOn 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime.  The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading

Navigating Virginia’s new privacy law

NT Analyzer blog series, cookieVirginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

US banking regulators propose a rule for 36-hour notice of breach

US banking regulators propose a rule for 36-hour notice of breachOn December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” … Continue reading

Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act

On 14 May 2020, the Singapore Ministry of Communications and Information (MCI) and the Personal Data Protection Commission of Singapore (PDPC) announced a public consultation (the Public Consultation) on the draft Personal Data Protection (Amendment) Bill (the Draft Bill) and related amendments to the Spam Control Act (SCA). The Public Consultation will take place from … Continue reading

California AG Issues Significant Changes to Draft CCPA Regulations as of March 2020

Data Protection Report - Norton Rose FulbrightOn February 7, 2020, and again on March 11, 2020, the Office of the Attorney General (OAG) issued revisions to the proposed California Consumer Privacy Act (CCPA) regulations, and there are some surprises in both the additions and in the deletions.  For the CCPA regulations to become effective on July 1, the final regulation text … Continue reading

NYDFS Requires COVID-19 Plans by April 9

Norton Rose Fulbright - Data Protection Report blogOn March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, … Continue reading

Personal data protection in the time of coronavirus (Covid-19)

Norton Rose Fulbright - Data Protection Report blogOutbreak of the coronavirus and personal data privacy The fast-spreading coronavirus (Covid-19) has infected thousands of people in China and in over 20 other countries. This coronavirus outbreak, originating in Wuhan, a large city located in the central region of China, has been declared a Public Health Emergency of International Concern (PHEIC) by the World … Continue reading

The CNIL releases draft practical guidance on cookies consent

Data Protection Report - Norton Rose FulbrightThe CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here). The objective of the recommendations is to provide stakeholders with practical guidance and … Continue reading

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Data Protection Report - Norton Rose FulbrightOn October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE (Deutsche Wohnen),  the highest German GDPR fine to date. The infraction related to the over retention of personal … Continue reading

No surprises in the recent Planet49 European Court of Justice judgment

Data Protection Report - Norton Rose FulbrightOn 1 October 2019, the European Court of Justice (ECJ) delivered its judgement on Case C – 673/17 (the “Planet49” case), which relates to the consent and transparency requirements for the use of cookies and similar technologies. The ECJ largely followed the March 2019 Opinion of Advocate General Szpunar and the judgment is generally consistent … Continue reading

Data protection and cyber risk issues in arbitration – dealing with regulation, cyber attacks and hacked evidence

The GDPR has significantly altered the landscape of data protection. Its broad scope and potentially severe penalties have forced those who hold and process data to take note of its provisions. In certain instances, that will include many in the international arbitration community, such as arbitral institutions. In parallel, cyber attacks and instances of hacking … Continue reading

Deadline extended for compulsory registration on Data Controller registry

Norton Rose Fulbright - Data Protection Report blogObligations We previously reported that Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior … Continue reading

Turkey’s data protection legislation on data controller registry to impact data controllers outside of Turkey

Norton Rose Fulbright - Data Protection Report blogObligations Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior to processing any personal … Continue reading

The CNIL publishes new guidelines on cookies and other similar technologies

Data Protection Report - digital privacy, CCPA and cybersecurityOn 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading

Website operators joint controllers with third-party plugin providers

Norton Rose Fulbright - Data Protection Report blogOn 29 July 2019, the European Court of Justice (ECJ) issued its judgement on Case C-40/17 (the “Fashion-ID” case). In its ruling, the ECJ held that operators of websites embedding Facebook’s “Like” button act as data controllers jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors … Continue reading
LexBlog