Tag archives: personal data

CJEU Judgement: Dynamic IP Addresses Constitute Personal Data

By Christoph Ritzer (DE) on October 21, 2016 Posted in Dispute resolution and litigation, Regulatory response

Data Protection Report - Norton Rose Fulbright

On October 19, 2016, the Court of Justice of the European Union (CJEU) decided that the dynamic IP address of a website visitor is “personal data” under Directive 95/46EC (Data Protection Directive) in the hands of a website operator that has the means to compel an internet service provider to identify an individual based on the IP … Continue reading

Privacy Shield Update: EU Member States Approve Amended Framework

By Marcus Evans (UK) on July 8, 2016 Posted in Compliance and risk management, Regulatory response

On July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is required. Although the European Commission has yet to formally release a copy of the revised … Continue reading

Privacy Shield Framework Sees Changes, EU Vote Expected in July 2016

By Marcus Evans (UK) on June 24, 2016 Posted in Compliance and risk management, Regulatory response

The United States and the European Union reportedly have agreed on changes to the EU-US Privacy Shield. A revised agreement has been sent to EU Member States, and a vote is expected to be held early next month, in early July 2016. If approved by the EU Member States, companies will be able to subscribe … Continue reading

Big data: French and German authorities explore antitrust issues

By Jay Modrall (BE) on May 12, 2016 Posted in Compliance and risk management, Data breach, General

On May 10, 2016, the French and German antitrust authorities published a joint study on competition law and the collection and use of data, particularly so-called big data (the Big Data Study). Data protection as such is outside the scope of EU competition laws, but antitrust authorities have considered the significance of data on a … Continue reading

Details of Privacy Shield published

By Marcus Evans (UK), Jay Modrall (BE), Christoph Ritzer (DE) and Sven Jacobs (DE) on March 1, 2016 Posted in Compliance and risk management, Regulatory response

On February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The … Continue reading

EU-US Privacy Shield scrutinized in Article 29 Working Party initial response

By Marcus Evans (UK) and Jay Modrall (BE) on February 3, 2016 Posted in Regulatory response

On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.… Continue reading

EU and US reach agreement on cross-border data transfer framework, but uncertainty remains

By Marcus Evans (UK) on February 2, 2016 Posted in Regulatory response

On February 2, 2016, the European Commission and the United States reached an agreement on a new framework to permit transatlantic transfers of personal data. The new framework — named “EU-US Privacy Shield” — is slated to replace the US-EU Safe Harbor framework that was invalidated by the Court of Justice for the European Union.… Continue reading

Russia’s data localization requirements delayed for Facebook, Google and Twitter

By Vera Shaftan (RU) on September 7, 2015 Posted in Regulatory response

The Russian data protection authority, Roscomnadzor, has given major U.S. technology companies extra time to comply with the Russian data localization law. The law, which went into effect on September 1, 2015, requires companies to store and process all personal data of Russian citizens using databases located in Russia. The law imposes a variety of penalties … Continue reading

Ashley Madison data dumps continue; some suspect inside job

By on August 27, 2015 Posted in Data breach

The hackers behind the Ashley Madison attack, who call themselves the “Impact Team,” have continued to release user and internal data on the dark web.… Continue reading

Abu Dhabi Global Market consults on draft data protection regulations

By on August 17, 2015 Posted in Regulatory response

In January, we commented on the release of a consultation paper by Abu Dhabi Global Market (ADGM) relating to proposed employment regulations. At the time, ADGM indicated that it would not be introducing more general legislation to regulate the handling and processing of personal data in the new free zone. The Board of Directors of … Continue reading

Russian data protection authority explains data localization law; says cross-border transfer still permitted

By Vera Shaftan (RU) on August 4, 2015 Posted in Regulatory response

Russia’s data protection authority, Roscomnadzor, has held a number of meetings with business associations to respond to the wave of questions that have arisen about the interpretation and application of Russia’s personal data localization law. The law, which enters into force on September 1, 2015, requires that an operator, while collecting personal data, ensures the recording, … Continue reading

Google challenges applicability of CNIL’s “right to be forgotten” order to domain extensions outside the EU

By Nadège Martin (FR) on August 4, 2015 Posted in Compliance and risk management

In a recent blog post, reflecting on Google’s ongoing dispute with France’s CNIL about the scope of the “right to be forgotten,” Peter Fleisher, Google’s Global Privacy Counsel, announced that Google will maintain its position that that company would not comply with the CNIL’s formal notice dated May 21, 2015 to implement individuals’ requests to … Continue reading

China’s proposed Cyber Security Law to have far reaching consequences for businesses operating in the country

By Barbara Li (CN) on July 16, 2015 Posted in Regulatory response

On July 6, 2015, China’s top legislative body – the National People’s Congress – published a draft Cyber Security Law that, if enacted in its current form, will have far-reaching consequences for businesses operating in China. The draft expressly provides that the law will apply equally to both Chinese and international businesses.… Continue reading

UK Court of Appeal Establishes Data Protection Rights in Privacy Case

By Jane Berry (UK), Ffion Flockhart (UK) and Marcus Evans (UK) on April 9, 2015 Posted in Dispute resolution and litigation

A recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law. Background Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private … Continue reading