Tag archives: EU

EU Data Protection Reform: EU Council of Ministers Publishes Updated Version of the GDPR, Formally Adopts Its Position at First Reading, Announces Crucial Second Reading to Take Place on 14 April

By Marcus Evans (UK) on April 8, 2016 Posted in Compliance and risk management, Regulatory response

Data Protection Report - Norton Rose Fulbright

On 8 April 2016 (see here), the Council of the European Union announced that it has formally adopted its position at the first reading on the EU General Data Protection Regulation, a key step in the data protection reform process. The Council’s position will now be sent to the European Parliament who will vote on … Continue reading

EU Article 29 Working Party prepares for General Data Protection Regulation and responsibilities as European Data Protection Board

By Marcus Evans (UK) and Jay Modrall (BE) on February 15, 2016 Posted in Compliance and risk management, Data breach, General, Regulatory response

On February 11, 2016, the Article 29 Working Party (WP29) issued a statement setting out its 2016 action plan for implementation of the General Data Protection Regulation (GDPR) and its work programme for 2016-2018. WP29 will have 8 working groups leading the implementation of the 2016-2018 work programme. The statement highlights the following points: WP29 … Continue reading

Political agreement on EU Data protection reforms: the real count-down to compliance has started

By Marcus Evans (UK) and Jay Modrall (BE) on December 17, 2015 Posted in Data breach, Regulatory response

On December 15, the Civil Liberties Committee (LIBE) of the European Parliament issued a press release announcing a provisional political agreement between the European Parliament and Council negotiators on the texts of both the General Data Protection Regulation and the Police & Judicial Cooperation Data Protection Directive. Formal approval by the Council is expected shortly and … Continue reading

Council and European Parliament reach agreement on NIS Directive

By Jay Modrall (BE) and Marcus Evans (UK) on December 10, 2015 Posted in Cybercrime, Regulatory response

On December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union … Continue reading

Day-after-Safe Harbor action plan: anticipating ECJ Schrems decision

By Marcus Evans (UK) and Jay Modrall (BE) on October 5, 2015 Posted in Regulatory response

As we have written extensively, the European Court of Justice’s (ECJ’s) ruling in the Schrems case on October 6, 2015 may effectively invalidate the US-EU Safe Harbor framework. While we believe that the Advocate General’s rationale for the proposal is weak, organizations that rely on the Safe Harbor are anxious about the consequences such a … Continue reading

Schrems Counterpoint: ECJ has good reasons to reject Safe Harbor invalidation

By Jay Modrall (BE) and Marcus Evans (UK) on October 1, 2015 Posted in Regulatory response

The European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015. In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing … Continue reading

Europe and US slated to agree on revised US-EU/US-Swiss Safe Harbor framework

By on August 12, 2015 Posted in Regulatory response

It is being reported that the European Union and the United States are nearing an agreement on the revised US-EU/US-Swiss Safe Harbor framework. Thousands of US companies that have certified compliance with the Safe Harbor should be encouraged that the framework – which has been the subject of sustained criticism by European data protection regulators … Continue reading

Russia signs controversial “right to be forgotten” bill into law

By Vera Shaftan (RU) on July 23, 2015 Posted in Regulatory response

Russian President Vladimir Putin has signed into law the “right to be forgotten” legislation, which allows individuals in Russia to demand removal of a search engine’s links to personal information deemed irrelevant or inadequate. The law will go into effect on January 1, 2016.… Continue reading

European Union data protection regime reform: What should businesses be doing now to get ready? – web seminar

By on July 7, 2015 Posted in Regulatory response

On Wednesday, July 29, 2015, Norton Rose Fulbright partners Boris Segalis and Marcus Evans will present a web seminar on European Union (EU) General Data Protection Regulation reform.… Continue reading

Dispute resolution mechanisms for SAs and individuals are key part of proposed EU regulation

By Marcus Evans (UK) on April 21, 2015 Posted in Regulatory response

This is Part 5 — the final part — of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without … Continue reading

EU regulation proposal seeks to encourage consistency in data protection enforcement

By Marcus Evans (UK) on April 16, 2015 Posted in Regulatory response

This is Part 4 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without an EU establishment. In Part … Continue reading

EU focuses on authority of SAs to enforce “One Stop Shop,” proposes a replacement for WP29

By Marcus Evans (UK) on April 16, 2015 Posted in Regulatory response

This is Part 3 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without … Continue reading

EU’s “One Stop Shop” Proposal Focuses on “Main Establishment” as Nexus of DPA Enforcement Authority

By Marcus Evans (UK) on April 14, 2015 Posted in Regulatory response

This is Part 2 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In this Part we examine the concept of main establishment and the position of entities without … Continue reading

EU Proposes “One Stop Shop” for Data Protection Supervision and Enforcement

By Marcus Evans (UK) on April 13, 2015 Posted in Regulatory response

This is Part 1 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. The Council of the European Union (the Council) has recently published a partial general agreement on its version of the so-called ‘One Stop Shop’ mechanism. The Council’s internal deliberations are expressly caveated to the … Continue reading