This is a Data Protection Report post in a series of blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give … Continue reading
Websites go dark, complaints are filed within an hour, European Commission suffers an embarrassing data leak, and the US Commerce Secretary warns about the unintended trade impact of the law – all in the first week of the GDPR The European Union’s far-reaching General Data Protection Regulation (GDPR) went into effect on 25 May amid … Continue reading
The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the … Continue reading
A little more than one month from implementation of GDPR, companies may be tempted to relax and exhale (and if GDPR is still causing you headaches, consult our checklist). After all, the U.S. couldn’t be crazy enough to implement something as onerous and difficult, right? RIGHT?!? Enter California, which appears likely to place an initiative … Continue reading
The German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading
On February 12, 2018, the Article 29 Working Party (WP29) published guidance regarding Article 49 of the General Data Protection Regulation (GDPR) for public comment. The deadline for submitting comments on the draft is March 26, 2018, and responses should be emailed to JUST-ARTICLE29WP-SEC@ec.europa.eu. Like the current EU Data Protection Directive, the GDPR prohibits the … Continue reading
On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“BCRs“), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.… Continue reading
The GDPR will come into force exactly four months from Thursday. In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR. While much of the guidance is already known to privacy professionals, there are new insights as well.… Continue reading
On the 7th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill). The Statement anticipates the UK’s departure from the EU and makes … Continue reading
On April 27, 2017, the German Federal Parliament voted to approve the new proposed German Federal Data Protection Act (“new FDPA”). The law would adapt the current German data protection law to the EU General Data Protection Regulation (GDPR). The federal chamber of the states, the German Federal Council, is expected to approved the new … Continue reading
On 1 March 2017, the UK Information Commissioner’s Office (ICO) published a paper on big data, artificial intelligence, machine learning and data protection (replacing its early paper published in 2014). Although the paper is described as a “discussion paper”, it makes a number of recommendations that those involved in big data projects would be well … Continue reading
On March 2, 2017, the UK Information Commissioner’s Office (ICO) published its draft General Data Protection Regulation (GDPR) consent guidance, and called for comments on the guidance. The consultation is open until March 31, 2017. The ICO will issue final guidance in May 2017. The guidance is detailed, and references the various GDPR Articles and … Continue reading
Please join us as we host the upcoming New York IAPP KnowledgeNet Chapter meeting. A panel of industry legal and operational leaders will discuss the Article 29 Working Party’s guidance on the requirements of Data Protection Officers and Data Portability under the new EU General Data Protection Regulation (GDPR) and describe how best to prepare GDPR’s other enhanced … Continue reading
On 10 January 2017, the European Commission published the official proposal of the revised e-Privacy Regulation, which amends the current e-Privacy Directive. Many of the alarming changes that were included in the leaked December draft of the Regulation, which we covered, have been changed, resulting in a practical set of rules that align with the … Continue reading
On 15 December 2016, the Article 29 Working Party (WP29) issued guidelines and FAQs on the provisions in the General Data Protection Regulation (the GDPR) relating to data portability (Guidelines / FAQs), data protection officers (Guidelines / FAQs), and the lead supervisory authority (Guidelines / FAQs). WP29 will accept comments on these guidelines until the … Continue reading
Earlier this week, the first draft of the EU’s ePrivacy Regulation was leaked. ePrivacy laws in Europe aim to protect the right to privacy and confidentiality with respect to the processing of personal data in the electronic communications sector (e.g., relating to cookie usage and online direct marketing). The leaked draft is intended to bring the … Continue reading
The Article 29 Working Party (WP29) has issued an opinion on the evaluation and review of Directive 2002/58/EC (the ePrivacy Directive). In its opinion, WP29 notes the need for a thorough revision of the rules in the ePrivacy Directive to take into account the technological developments in the digital market and the recent adoption of … Continue reading
On Friday, June 24, the UK electorate voted through a referendum to leave the European Union by a 52% majority. The mechanics of leaving the European Union will be complex, given that the referendum question did not spell out what relationship the UK would have with the EU once it has left, and there is … Continue reading
Over four years in the making, the EU General Data Protection Regulation (GDPR) was finally published in the EU Official Journal on May 4, 2016, giving a concrete application date. It will apply directly in all EU Member States beginning May 25, 2018. The GDPR will repeal and replace Directive 95/46/EC and its Member State implementing … Continue reading
During their last Data Protection Conference, the German data protection authorities (DPAs) agreed on a resolution on data protection principles that providers of healthcare apps and wearables should consider. According to the resolution, almost a third of the German population 14 years or older uses wearables (body-worn devices that record an individual’s health data) and healthcare apps … Continue reading
On 8 April 2016 (see here), the Council of the European Union announced that it has formally adopted its position at the first reading on the EU General Data Protection Regulation, a key step in the data protection reform process. The Council’s position will now be sent to the European Parliament who will vote on … Continue reading
On January 26, 2016, the French National Assembly adopted the “Digital Republic” bill — a comprehensive bill introducing various provisions to regulate the digital sphere within the French society. Access to public data, neutrality of the Internet, access to the digital sphere and communication networks are some of the main subjects covered by this bill. … Continue reading
Today the European Council approved its version of the General Data Protection Regulation (GDPR). The next stage is for the European Commission, European Parliament and European Council (each has its own preferred version of the regulation) to jointly agree on the final text of the regulation. These discussions will commence officially on June 24, 2015, and … Continue reading