By

Thomas Fearon

19 December 2016

The Article 29 Working Party Releases Draft Guidelines on Key Elements of the GDPR Including the Right to Data Portability, Data Protection Officers and the Lead Supervisory Authority

On 15 December 2016 the Article 29 Working Party (“WP29”) released draft guidelines and FAQs on key provisions in the EU’s General Data Protection Regulation (“GDPR”). The guidelines cover the right to data portability, data protection officers and the lead supervisory authority. The WP29 has invited comments from stakeholders on the draft guidelines and FAQs. The deadline for comments is January 31, 2017. Although this invitation for comment is directed at the new guidance, some members of the WP29 have expressed interest in comments on additional issues for the WP29 2017 work plan, for which guidance has not been issued.

(more…)

SHARE
EmailPrintShare
05 December 2016

FCA Outlines its Approach to Cybersecurity in Financial Services Institutions

A recent speech by the Financial Conduct Authority (“FCA”) Director of Specialist Supervision, Nausicaa Delfas, delivered at the Financial Times’ Cyber Security Summit, shows that the FCA, which is the leading financial services regulator in the United Kingdom, is taking the issue of cyber security seriously and that it believes new approaches are needed to combat the threat to financial services firms.

The FCA’s concerns are consistent with those being expressed by US banking regulators and the Group of Seven (G-7) industrial nations who agreed on a set of guidelines to combat cyber risks affecting global financial institutions.

(more…)

SHARE
EmailPrintShare
02 December 2016

European Commission adopts its Work Programme for 2017; includes focus on Digital Single Market Strategy and General Data Protection Regulation

On October 25, 2016 the European Commission (the “Commission“) adopted its 2017 Work Programme (the “Work Programme”) which sets out what the Commission intends to do over the next 12 months. The Work Programme is the third to be presented under Jean-Claude Junker’s presidency of the Commission and will also be the first Work Programme to be adopted following consultation with the European Parliament (the “Parliament“) and the European Council (the “Council“).

(more…)

SHARE
EmailPrintShare
10 November 2016

BayLDA fines organisation for DPO appointment

The Bavarian State Commissioner for Data Protection (“BayLDA“) announced on October 20, 2016, that it had fined a company for appointing an IT manager as its data protection officer (“DPO“). Germany’s strict data protection laws mean that appointing a DPO has long been a requirement for some companies in Germany, whereas in most other EU Member States there will be no such requirement until the General Data Protection Regulation (“GDPR”) takes effect.

(more…)

SHARE
EmailPrintShare
04 November 2016

EU-U.S. Privacy Shield challenged in CJEU

Two legal challenges have been filed at the Court of Justice of the European Union (“CJEU”) against the European Commission’s adequacy decision on the EU-U.S. Privacy Shield. Privacy Shield was adopted on July 12, 2016 after the CJEU struck down the earlier Safe Harbour agreement in October 2015 over concerns about U.S. surveillance techniques.

(more…)

SHARE
EmailPrintShare
31 October 2016

ICO Updates Guidance on Privacy Notices

The EU Data Protection Directive requires that data be processed fairly, which includes providing individuals with certain information about how a business uses their data, for example, by way of a privacy notice.  These information requirements will be enhanced under the new EU Data Protection Regulation (“GDPR“), which will require many companies to review and amend their employee and customer notices, consents and policies (including privacy notices).

(more…)

SHARE
EmailPrintShare
28 October 2016

House of Lords Amends Investigatory Powers Bill to Recognise Privacy as a “Fundamental Priority”

Members of the UK House of Lords have amended the Investigatory Powers Bill to make privacy a fundamental concern by inserting the following in clause 1 –

“This Act sets out the extent to which certain investigatory powers may be used to interfere with privacy.”

The amendment, proposed by Lord Janvrin, a member of the UK parliament’s Intelligence and Security Committee (“ISC“), was approved on Tuesday 11 October 2016, after a debate in which many members highlighted the need for safeguards against disproportionate use of the Bill by public authorities.

(more…)

SHARE
EmailPrintShare
18 October 2016

G7 Sets Guidelines for Cybersecurity for the Financial Sector

As the financial services sector becomes ever more reliant on new technologies to decrease costs and create more efficient systems, it becomes more vulnerable to cyber attacks. On October 11, 2016, the Group of Seven (“G7”) industrial nations agreed on a set of guidelines to combat the cyber risks that are “growing more dangerous and diverse, [and] threatening to disrupt our interconnected global financial systems and the institutions that operate and support those systems.” These issues have been particularly visible following a number of high profile cybersecurity attacks at financial institutions.

(more…)

SHARE
EmailPrintShare
04 October 2016

European Data Protection Supervisor Publishes Opinion on Big Data and the Enforcement of Fundamental Rights; Emphasizes Concern over Data Monopolies

On September 23 2016, the European Data Protection Supervisor (“EDPS“) published an Opinion on the coherent enforcement of fundamental rights in the age of big data (the “Opinion”). Building upon the preliminary opinion it published in 2014, the EDPS sought to emphasise the importance of the protection of personal data rights in light of the rise of data “monopolies.” With the expansion of the big data economy and the Digital Single Market Strategy, the EDPS suggested that the interface between competition and privacy should be a long-term concern for all data protection authorities.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator