Official guidance has expanded the scope of laws and provided examples of illegal uses.
Key Points:
..The definition of “personal information” has been expanded to include data points used for tracking individuals...more
The General Data Protection Regulation (GDPR or Regulation) will become applicable in one year, as of May 25, 2018. A lot has happened since we set out the key provisions of the Regulation last year....more
The Cyberspace Administration of China (CAC) issued Draft Measures for public comment on April 11 on Security Assessment for Cross-border Transmission of Personal Information and Critical Data (the Draft Measures). The Draft...more
The current draft grants Chinese regulators broad discretion to prohibit data transfers.
Key Points:
..The draft requires both the consent of the data subjects and/or the permission of the regulators for any...more
The recent cyberattack on Tesco Bank’s IT systems has prompted Rt Hon. Andrew Tyrie MP, Chairman of the Treasury Committee, to call on regulators to take action against vulnerable bank IT systems...
...more
The Standing Committee of the National People’s Congress of the People’s Republic of China (PRC) has introduced China’s first and comprehensive Network Security Law (also referred to as Cybersecurity Law). The law will have...more
The law will have far-reaching implications for parties that utilize the Internet and handle network data and personal information in the PRC.
On November 7, 2016, the Standing Committee of the National People’s Congress...more
Hacking of organizations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is...more
Hacking of organisations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is...more
Preparing for and rehearsing how to respond to a breach is as important as improving security systems and protocols.
Hacking of organizations’ systems is becoming increasingly commonplace, even with advancements in...more
On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a ruling on the question of whether IP addresses constitute personal data. The ruling has direct implications on the general question of when data...more
State of the European Union address on September 14 reveals European Commission’s next proposed steps in its Digital Single Market initiative.
Jean-Claude Juncker announced the results of the European Commission’s (the...more
The Commission’s proposals aim to reform EU Copyright laws as part of its package of proposals towards an EU Digital Single Market.
On 14 September 2016 the European Commission (the Commission) adopted new proposals for...more
After over four years of debate, the General Data Protection Regulation (GDPR) recently came into force, taking effect after a two year transition period, i.e. from 25 May 2018. The GDPR introduces a rigorous and far-reaching...more
As the whole world now knows, the UK voted to leave the European Union (EU) in its historic referendum on 23rd June by a vote of 51.9 percent in favour of “leave” to 48.1 in favour of “remain”. This blog focusses on how that...more
6/28/2016
/ Binding Corporate Rules ,
EFTA ,
EU ,
European Economic Area (EEA) ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Referendums ,
Standard Contractual Clauses ,
UK ,
UK Brexit ,
UK Data Protection Act
Businesses have two years to comply with Europe’s new privacy regime.
On 24 May 2016, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR...more
5/25/2016
/ Binding Corporate Rules ,
Cyber Incident Reporting ,
Data Controller ,
Data Processors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Parental Consent ,
Personal Data ,
Privacy Policy ,
Recordkeeping Requirements ,
Standard Contractual Clauses
Legislation may change the way government and the private sector collaborate on cybersecurity.
After years of vigorous debate and numerous false starts, in the closing hours of its 2015 session, the US Congress...more
Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor...more
2/5/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On December 7th, members of the European Parliament (MEPs) and the Luxembourg Presidency of the EU Council of Ministers provisionally agreed to the text of the long awaited network and information security directive also...more
The establishment of the Office of Communications (Ofcom) and the entry into force of the Communications Act 2003 (Act) fundamentally altered the UK communications landscape. The Act mirrored the technological neutrality of...more
The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Judicial Redress Act ,
Legislative Agendas ,
Member State ,
Model Contracts ,
Schrems I & Schrems II
On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from...more
10/7/2015
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU Directive ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Member State ,
Model Contracts ,
US-EU Safe Harbor Framework
The English High Court has declared that UK legislation which expanded government powers to require communication providers to retain communication traffic data is incompatible with human rights, and is unlawful.
The...more
“It is often said that there are two kinds of companies out there — those that have suffered a data breach and those that will have one,” said Latham & Watkins partner Kevin Boyle. “So it makes a lot of sense to be prepared...more
Global cyber-attack threats stand at the highest ever recorded level, jumping 14 percent from 2012 to 2013 (Cisco 2014 Annual Security Report). Furthermore, a recent Microsoft Security Intelligence Report found that operating...more