By

Francesca Blythe

10 August 2017

Greater Protection for Individuals and Larger Fines for Organisations Under a New UK Data Protection Bill

In a statement of intent published on 7 August 2017, the UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill (the “Bill”). The Bill will incorporate the new EU General Data Protection Regulation (the “GDPR”) into UK law.

According to the UK’s Minister of State for Digital, Matt Hancock, the Bill will “give [the UK] one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.” (more…)

SHARE
EmailPrintShare
02 February 2017

GDPR Benchmarking

On January 26, 2017 Sidley hosted “Data Protection in Finance 2017: GDPR Readiness – Strategies and Practice” in association with DataGuidance. The interactive conference provided opportunities for networking with industry peers, as well as a full day of informative panel discussions focused on practical steps to achieve compliance with the EU General Data Protection Regulation’s (“GDPR”).

(more…)

SHARE
EmailPrintShare
12 January 2017

CJEU issues ruling on retention of data by Electronic Communication Services

The Court of Justice of the European Union (“CJEU”) issued, on December 21, 2016, its ruling in the joined cases, Tele2 Sverige AB v. Post-och telestyrelsen (C-203/15), and Secretary of State for Home Department v. Tom Watson and Others (C-698/15), concerning the interpretation of EU’s Article 15(1) of the ePrivacy Directive (2002/58/EC). Article 15(1) enables EU Member States to adopt measures that restrict privacy rights granted to users of Electronic Communication Services (“ECSs”) when they are “necessary, appropriate and proportionate… to safeguard national security”. Examples of ECSs include private and public companies in Internet, telecommunication, satellite and cable businesses. (more…)

SHARE
EmailPrintShare
03 January 2017

ePrivacy Directive – European Commission Publishes Results of Consultation

On 11 April 2016, the European Commission consulted on Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”), seeking input from a wide range of businesses, organizations and individuals on the effectiveness of the ePrivacy Directive and their views for its revision. The European Commission’s review is a key element of its Digital Single Market Strategy, which aims to reinforce trust and security in digital services in the EU.

The European Commission released the results of this consultation on 19 December 2016. The consultation received 421 replies from stakeholders in all Member States and outside the EU, which included 162 replies from citizens; 186 contributions from industry actors; 40 public authorities, including competent authorities which enforce the ePrivacy Directive at national level; 33 contributions from civil society associations. The largest number of respondents came from Germany (25.9%), UK (14.3%), Belgium (10%) and France (7.1%).

(more…)

SHARE
EmailPrintShare
22 December 2016

EU’s Article 29 Working Party publishes Privacy Shield FAQs

On December 13, 2016 at its plenary meeting, the EU’s Article 29 Working Party (“WP29”) adopted guidance on the EU-US Privacy Shield Framework for businesses and individuals in Europe. Since the U.S. Department of Commerce began accepting certifications to the Privacy Shield in August 2016, almost 1,300 companies have self-certified to the Privacy Shield and we understand many more are awaiting approval from the Department of Commerce.

(more…)

SHARE
EmailPrintShare
07 November 2016

German Data Protection Authorities to Audit 500 Companies

Ten state German data protection authorities announced on 3 November 2016 that they would be conducting a review of approximately 500 companies in respect of their international transfers of personal data. Under EU data protection laws, there is a general prohibition on transfers of personal data to countries outside the European Economic Area (“EEA“), which do not ensure an adequate level of protection, such as the US, unless certain exemptions apply. Exemptions include, for example, consent of the data subjects, EU-US Privacy Shield certification, Binding Corporate Rules and EU data transfer agreements known as “Model Contracts.”

(more…)

SHARE
EmailPrintShare
01 November 2016

UK Government Confirms GDPR Will Apply

The UK’s Secretary of State confirmed on October 31, 2016 that the UK will be implementing the new EU General Data Protection Regulation (GDPR), as the UK will still be a member of the EU when the GDPR comes into effect on 25 May 2018.

The UK’s Information Commissioner, Elizabeth Denham showed her support for this by issuing a statement describing the confirmed implementation as “good news.” Commissioner Denham further advised that the Information Commissioner’s Office (ICO) is committed to assisting businesses to prepare to meet these new requirements and that a revised timeline setting out which areas of GDPR guidance the ICO will be prioritizing will be published in November. In closing, Commissioner Denham stressed that although, “there may still be questions about how the GDPR would work on the UK leaving the EU […] this should not distract from the important task of compliance with GDPR by 2018.”

SHARE
EmailPrintShare
01 August 2016

Privacy Shield Now Available for Certification

From Monday August 1, 2016, companies will be able to self-certify under the EU-US Privacy Shield (www.privacyshield.gov). The Privacy Shield was adopted on July 12, 2016 and is intended as a replacement to the now invalidated Safe Harbor framework. Companies preparing to self-certify their adherence to the Privacy Shield Principles should carefully review the associated documentation to understand the new requirements and consider carrying out a gap analysis against their existing privacy program. This is particularly important given the potential for increased enforcement action from the US Federal Trade Commission against participating companies that fail to comply with the Principles. (more…)

SHARE
EmailPrintShare
28 July 2016

EU Data Protection Authorities Adopt One-Year “Wait and See” Position On Privacy Shield

The Article 29 Working Party, on July 26, 2016 issued a statement on the final form of the EU-US Privacy Shield, which was formally adopted on July 12, 2016. Speaking at a press conference, Isabelle Falque-Pierrotin, chairman of the Article 29 Working Party, stated that the EU data protection authorities would not launch legal action of their own initiative in the next year but instead will wait until after the first annual review: “the first joint review will be a time in which we will make an evaluation of the Privacy Shield and also a time where additional propositions could be made … we want to be provided with additional clarification, additional evidence, possibly changes in the legislation.” (more…)

SHARE
EmailPrintShare
13 July 2016

Formal Adoption of EU-US Privacy Shield

After many months of negotiation and review the EU-US Privacy Shield was formally adopted by the European Commission on July 12, 2016. This came just a few days after the Article 31 Committee approved the updated text of the EU-US Privacy Shield on July 8, 2016.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator