By

Francesca Blythe

20 October 2017

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

On 4 October 2017 the Article 29 Working Party (“WP29”) published its final Guidelines on Data Protection Impact Assessment (“DPIA”) which were initially released in draft form in April 2017. Article 35 of the General Data Protection Regulation (“GDPR”) requires the use of DPIAs, or risk assessments of the proposed processing of personal data by an organisation, as part of regular business processes. The key revisions to note are in relation to the following concepts: (more…)

SHARE
EmailPrintShare
13 September 2017

EU Adequacy Ruling on Japan Expected

The EU Commission, through a joint statement on 4 July 2017 by Vera Jourova, EU Commissioner for Justice, and Haruchi Kumazawa, a Commissioner of Japan’s Personal Information Protection Commission, announced that the process is underway to provide Japan an EU adequacy decision on international data transfers by early 2018. Once approved, Japan will become the 13th country (crediting the US with an adequacy finding for organizations certifying under the Privacy Shield) globally and the first Asian country to be given adequate status by the EU Commission. (more…)

SHARE
EmailPrintShare
17 August 2017

Influential Stakeholders Debate a Cross-Sector Approach in Using Big Data for Improving Human Health

Big Data has been a hot topic of discussion in recent years. This was especially the case in Brussels, where the fiercely debated EU General Data Protection Regulation (GDPR) was adopted in 2016. A major concern for all of us is personal privacy. Less discussed is the use of Big Data for social good.

A traditional sectoral approach to harnessing the potential of Big Data for social good is insufficient. This is the case in terms of organisations from different sectors partnering to develop new technologies. It also means that legislation and policies on Big Data must be forward thinking and facilitate cross-sectoral co-operation. (more…)

SHARE
EmailPrintShare
10 August 2017

Greater Protection for Individuals and Larger Fines for Organisations Under a New UK Data Protection Bill

In a statement of intent published on 7 August 2017, the UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill (the “Bill”). The Bill will incorporate the new EU General Data Protection Regulation (the “GDPR”) into UK law.

According to the UK’s Minister of State for Digital, Matt Hancock, the Bill will “give [the UK] one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.” (more…)

SHARE
EmailPrintShare
02 February 2017

GDPR Benchmarking

On January 26, 2017 Sidley hosted “Data Protection in Finance 2017: GDPR Readiness – Strategies and Practice” in association with DataGuidance. The interactive conference provided opportunities for networking with industry peers, as well as a full day of informative panel discussions focused on practical steps to achieve compliance with the EU General Data Protection Regulation’s (“GDPR”).

(more…)

SHARE
EmailPrintShare
12 January 2017

CJEU issues ruling on retention of data by Electronic Communication Services

The Court of Justice of the European Union (“CJEU”) issued, on December 21, 2016, its ruling in the joined cases, Tele2 Sverige AB v. Post-och telestyrelsen (C-203/15), and Secretary of State for Home Department v. Tom Watson and Others (C-698/15), concerning the interpretation of EU’s Article 15(1) of the ePrivacy Directive (2002/58/EC). Article 15(1) enables EU Member States to adopt measures that restrict privacy rights granted to users of Electronic Communication Services (“ECSs”) when they are “necessary, appropriate and proportionate… to safeguard national security”. Examples of ECSs include private and public companies in Internet, telecommunication, satellite and cable businesses. (more…)

SHARE
EmailPrintShare
03 January 2017

ePrivacy Directive – European Commission Publishes Results of Consultation

On 11 April 2016, the European Commission consulted on Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”), seeking input from a wide range of businesses, organizations and individuals on the effectiveness of the ePrivacy Directive and their views for its revision. The European Commission’s review is a key element of its Digital Single Market Strategy, which aims to reinforce trust and security in digital services in the EU.

The European Commission released the results of this consultation on 19 December 2016. The consultation received 421 replies from stakeholders in all Member States and outside the EU, which included 162 replies from citizens; 186 contributions from industry actors; 40 public authorities, including competent authorities which enforce the ePrivacy Directive at national level; 33 contributions from civil society associations. The largest number of respondents came from Germany (25.9%), UK (14.3%), Belgium (10%) and France (7.1%).

(more…)

SHARE
EmailPrintShare
22 December 2016

EU’s Article 29 Working Party publishes Privacy Shield FAQs

On December 13, 2016 at its plenary meeting, the EU’s Article 29 Working Party (“WP29”) adopted guidance on the EU-US Privacy Shield Framework for businesses and individuals in Europe. Since the U.S. Department of Commerce began accepting certifications to the Privacy Shield in August 2016, almost 1,300 companies have self-certified to the Privacy Shield and we understand many more are awaiting approval from the Department of Commerce.

(more…)

SHARE
EmailPrintShare
07 November 2016

German Data Protection Authorities to Audit 500 Companies

Ten state German data protection authorities announced on 3 November 2016 that they would be conducting a review of approximately 500 companies in respect of their international transfers of personal data. Under EU data protection laws, there is a general prohibition on transfers of personal data to countries outside the European Economic Area (“EEA“), which do not ensure an adequate level of protection, such as the US, unless certain exemptions apply. Exemptions include, for example, consent of the data subjects, EU-US Privacy Shield certification, Binding Corporate Rules and EU data transfer agreements known as “Model Contracts.”

(more…)

SHARE
EmailPrintShare
01 November 2016

UK Government Confirms GDPR Will Apply

The UK’s Secretary of State confirmed on October 31, 2016 that the UK will be implementing the new EU General Data Protection Regulation (GDPR), as the UK will still be a member of the EU when the GDPR comes into effect on 25 May 2018.

The UK’s Information Commissioner, Elizabeth Denham showed her support for this by issuing a statement describing the confirmed implementation as “good news.” Commissioner Denham further advised that the Information Commissioner’s Office (ICO) is committed to assisting businesses to prepare to meet these new requirements and that a revised timeline setting out which areas of GDPR guidance the ICO will be prioritizing will be published in November. In closing, Commissioner Denham stressed that although, “there may still be questions about how the GDPR would work on the UK leaving the EU […] this should not distract from the important task of compliance with GDPR by 2018.”

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator