Tag archives: GDPR

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

Photo of Spencer Persson (US)Photo of Jeewon Kim Serrato (US)Photo of Steve Roosa (US)Photo of Arleen Fernandez (US)Photo of Anna Rudawski (US)By Spencer Persson (US), Jeewon Kim Serrato (US), Steve Roosa (US), Arleen Fernandez (US) and Anna Rudawski (US) on Posted in CCPA
Norton Rose Fulbright - Data Protection Report blogThis is a Data Protection Report post in a series of blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give … Continue reading

One week into GDPR – what you need to know

Photo of Jeewon Kim Serrato (US)Photo of Marcus Evans (UK)Photo of Ffion Flockhart (UK)Photo of Steven Hadwin (UK)By Jeewon Kim Serrato (US), Marcus Evans (UK), Ffion Flockhart (UK) and Steven Hadwin (UK) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogWebsites go dark, complaints are filed within an hour, European Commission suffers an embarrassing data leak, and the US Commerce Secretary warns about the unintended trade impact of the law – all in the first week of the GDPR The European Union’s far-reaching General Data Protection Regulation (GDPR) went into effect on 25 May amid … Continue reading

GDPR is upon us: are you ready for what comes next?

Photo of Jeewon Kim Serrato (US)Photo of Steven Hadwin (UK)Photo of Marcus Evans (UK)By Jeewon Kim Serrato (US), Steven Hadwin (UK) and Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogThe wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the … Continue reading

California privacy initiative likely to increase costs of civil litigation if passed in November

Photo of Spencer Persson (US)By Spencer Persson (US) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogA little more than one month from implementation of GDPR, companies may be tempted to relax and exhale (and if GDPR is still causing you headaches, consult our checklist). After all, the U.S. couldn’t be crazy enough to implement something as onerous and difficult, right? RIGHT?!? Enter California, which appears likely to place an initiative … Continue reading

German DPAs publish templates and guidance on records of processing activities pursuant to Art. 30 GDPR

Photo of Christoph Ritzer (DE)By Christoph Ritzer (DE) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightThe German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading

Working party publishes draft of GDPR guidelines for Article 49 (export derogations)

Photo of David Kessler (US)Photo of Anna Rudawski (US)By David Kessler (US) and Anna Rudawski (US) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightOn February 12, 2018, the Article 29 Working Party (WP29) published guidance regarding Article 49 of the General Data Protection Regulation (GDPR) for public comment.  The deadline for submitting comments on the draft is March 26, 2018, and responses should be emailed to JUST-ARTICLE29WP-SEC@ec.europa.eu. Like the current EU Data Protection Directive, the GDPR prohibits the … Continue reading

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Photo of Marcus Evans (UK)Photo of Shiv Daddar (UK)By Marcus Evans (UK) and Shiv Daddar (UK) on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn the 7th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill). The Statement anticipates the UK’s departure from the EU and makes … Continue reading

Germany’s Parliament Approves Local Data Protection Law to Operate Alongside GDPR

Photo of Christoph Ritzer (DE)Photo of Sven Jacobs (DE)By Christoph Ritzer (DE) and Sven Jacobs (DE) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogOn April 27, 2017, the German Federal Parliament voted to approve the new proposed German Federal Data Protection Act (“new FDPA”). The law would adapt the current German data protection law to the EU General Data Protection Regulation (GDPR). The federal chamber of the states, the German Federal Council, is expected to approved the new … Continue reading

UK Information Commissioner Updates Paper on Big Data, Artificial Intelligence, Machine Learning, and Data Protection

Photo of Marcus Evans (UK)By Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 1 March 2017, the UK Information Commissioner’s Office (ICO) published a paper on big data, artificial intelligence, machine learning and data protection (replacing its early paper published in 2014). Although the paper is described as a “discussion paper”, it makes a number of recommendations that those involved in big data projects would be well … Continue reading

UK Information Commissioner Publishes Draft GDPR Consent Guidance

Photo of Marcus Evans (UK)By Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn March 2, 2017, the UK Information Commissioner’s Office (ICO) published its draft General Data Protection Regulation (GDPR) consent guidance, and called for comments on the guidance. The consultation is open until March 31, 2017. The ICO will issue final guidance in May 2017. The guidance is detailed, and references the various GDPR Articles and … Continue reading

IAPP New York KnowledgeNet Event – GDPR Deep Dive

By on Posted in General
Please join us as we host the upcoming New York IAPP KnowledgeNet Chapter meeting. A panel of industry legal and operational leaders will discuss the Article 29 Working Party’s guidance on the requirements of Data Protection Officers and Data Portability under the new EU General Data Protection Regulation (GDPR) and describe how best to prepare GDPR’s other enhanced … Continue reading

European Commission Publishes Proposal for the New e-Privacy Regulation

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 10 January 2017, the European Commission published the official proposal of the revised e-Privacy Regulation, which amends the current e-Privacy Directive. Many of the alarming changes that were included in the leaked December draft of the Regulation, which we covered, have been changed, resulting in a practical set of rules that align with the … Continue reading

Article 29 Working Party Releases GDPR Implementation Guidance

Photo of Lara White (UK)Photo of Marcus Evans (UK)By Lara White (UK) and Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 15 December 2016, the Article 29 Working Party (WP29) issued guidelines and FAQs on the provisions in the General Data Protection Regulation (the GDPR) relating to data portability (Guidelines / FAQs), data protection officers (Guidelines / FAQs), and the lead supervisory authority (Guidelines / FAQs). WP29 will accept comments on these guidelines until the … Continue reading

Leaked Draft of ePrivacy Regulation Published

Photo of Lara White (UK)By Lara White (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightEarlier this week, the first draft of the EU’s ePrivacy Regulation was leaked. ePrivacy laws in Europe aim to protect the right to privacy and confidentiality with respect to the processing of personal data in the electronic communications sector (e.g., relating to cookie usage and online direct marketing). The leaked draft is intended to bring the … Continue reading

Article 29 Working Party Releases Opinion on the Revision of the ePrivacy Directive

Photo of Lara White (UK)Photo of Marcus Evans (UK)By Lara White (UK) and Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe Article 29 Working Party (WP29) has issued an opinion on the evaluation and review of Directive 2002/58/EC (the ePrivacy Directive). In its opinion, WP29 notes the need for a thorough revision of the rules in the ePrivacy Directive to take into account the technological developments in the digital market and the recent adoption of … Continue reading

EU GDPR will apply beginning May 25, 2018: Norton Rose Fulbright publishes GDPR Checklist, announces events and master classes

Photo of Marcus Evans (UK)Photo of Nadège Martin (FR)Photo of Christoph Ritzer (DE)Photo of Floortje Nagelkerke (NL)By Marcus Evans (UK), Nadège Martin (FR), Christoph Ritzer (DE) and Floortje Nagelkerke (NL) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOver four years in the making, the EU General Data Protection Regulation (GDPR) was finally published in the EU Official Journal on May 4, 2016, giving a concrete application date. It will apply directly in all EU Member States beginning May 25, 2018. The GDPR will repeal and replace Directive 95/46/EC and its Member State implementing … Continue reading

German DPAs: Healthcare Apps and Wearables Create High Risks for Users

Photo of Christoph Ritzer (DE)Photo of Sven Jacobs (DE)By Christoph Ritzer (DE) and Sven Jacobs (DE) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightDuring their last Data Protection Conference, the German data protection authorities (DPAs) agreed on a resolution on data protection principles that providers of healthcare apps and wearables should consider. According to the resolution, almost a third of the German population 14 years or older uses wearables (body-worn devices that record an individual’s health data) and healthcare apps … Continue reading

EU Data Protection Reform: EU Council of Ministers Publishes Updated Version of the GDPR, Formally Adopts Its Position at First Reading, Announces Crucial Second Reading to Take Place on 14 April

Photo of Marcus Evans (UK)By Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 8 April 2016 (see here), the Council of the European Union announced that it has formally adopted its position at the first reading on the EU General Data Protection Regulation, a key step in the data protection reform process. The Council’s position will now be sent to the European Parliament who will vote on … Continue reading

French National Assembly adopts “Digital Republic” bill

Photo of Nadège Martin (FR)Photo of Geoffroy Coulouvrat (FR)By Nadège Martin (FR) and Geoffroy Coulouvrat (FR) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightOn January 26, 2016, the French National Assembly adopted the “Digital Republic” bill  — a comprehensive bill introducing various provisions to regulate the digital sphere within the French society. Access to public data, neutrality of the Internet, access to the digital sphere and communication networks are some of the main subjects covered by this bill. … Continue reading

European Council approves EU General Data Protection Regulation draft;  final approval may come by end of 2015

Photo of Marcus Evans (UK)By Marcus Evans (UK) on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightToday the European Council approved its version of the General Data Protection Regulation (GDPR). The next stage is for the European Commission, European Parliament and European Council (each has its own preferred version of the regulation) to jointly agree on the final text of the regulation. These discussions will commence officially on June 24, 2015, and … Continue reading
LexBlog