Category

Enforcement

21 November 2017

Jamaica’s New Privacy Protection Bill

On 10 October 2017, Jamaica introduced into its House of Parliament a comprehensive Bill for privacy and data protection, entitled “An Act to Protect the Privacy of Certain Data and for Connected Matters.”  The new law would cover personal data, including data in an “accessible record” such as a health record or an educational record.  If passed, the new law will be named the “Data Protection Act, 2017.”  (more…)

SHARE
EmailPrintShare
13 November 2017

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

On Oct. 18, 2017, the Consumer Financial Protection Bureau (CFPB) released a set of consumer protection principles (Principles) designed to protect consumer interests in the market for services built around consumer-approved use of financial information. The Principles are targeted to so-called “data aggregation” or “screen scraping” services that collect customer information in order to provide financial planning or other services. Over the past few years, data aggregation services and banks have struggled to develop the right model for sharing customer account data. The Principles issued by the CFPB seek to provide a potential data-sharing model for banks and data aggregation services while protecting consumer interests.

(more…)

SHARE
EmailPrintShare
09 November 2017

Dutch Data Protection Authority Confirms That Notifications Are No Longer Required

On 6 November 2017, the Dutch Data Protection Authority (‘”DPA”) issued a statement in which it confirms that controllers subject to Dutch data protection law will – in most cases – no longer need to notify their data processing activities to the DPA.  The General Data Protection Regulation (“GDPR”), which becomes applicable on 25 May 2018, abolishes the system of DPA notifications and replaces it with the requirement to keep internal records of data processing operations. Until that date, controllers can still submit notifications if they wish to do so, but in general the DPA will no longer enforce compliance with the notification requirement in the law.

(more…)

SHARE
EmailPrintShare
06 November 2017

European Commission Publishes its First Annual Review of EU-U.S. Privacy Shield

The EU-U.S. Privacy Shield has survived its infancy, although the October 18, 2017 European Commission report on its first annual review of the functioning of the EU-U.S. Privacy Shield (the “Report”) leaves uncertainty as to the long-term future of EU-U.S. Privacy Shield if the U.S. is unwilling or unable to adopt further Commission “recommendations”. The Report details the Commission’s findings on the implementation and enforcement of the Privacy Shield during its first year of operation. (more…)

SHARE
EmailPrintShare
31 October 2017

Article 29 Working Party Publishes Draft Guidelines on Notification of Personal Data Breaches Notification Under the GDPR

On October 3, 2017, the Article 29 Working Party (“WP29”) adopted draft guidelines regarding notification of personal data breaches under the EU’s General Data Protection Regulation (“GDPR”) which will require breach notification within 72 hours of awareness of a breach. (“Draft Guidelines”) (The Draft Guidelines appear to have been released for public comment during the week of 16th October). The deadline for comment is November 24, 2017. The Draft Guidelines are available here. The WP29 is a collective of EU data privacy supervisory authorities (“DPAs”). (more…)

SHARE
EmailPrintShare
20 October 2017

Article 29 Working Party Publishes Final Guidance on Data Protection Impact Assessments

On 4 October 2017 the Article 29 Working Party (“WP29”) published its final Guidelines on Data Protection Impact Assessment (“DPIA”) which were initially released in draft form in April 2017. Article 35 of the General Data Protection Regulation (“GDPR”) requires the use of DPIAs, or risk assessments of the proposed processing of personal data by an organisation, as part of regular business processes. The key revisions to note are in relation to the following concepts: (more…)

SHARE
EmailPrintShare
16 October 2017

Proposed Changes to Singapore’s Data Protection Act

On July 27, 2017, the Personal Data Protection Commission (PDPC) initiated a public consultation to consider several significant proposed changes to Singapore’s Personal Data Protection Act 2012 (PDPA). Citing technological advances and global developments, the PDPC proposed changes that would have the effect of (1) broadening the circumstances under which organizations could collect, use and disclose personal data without consent and (2) imposing a mandatory data breach notification requirement in certain situations.

(more…)

SHARE
EmailPrintShare
11 October 2017

Schrems Judgment in the Irish Commercial Court Raises Concerns over the “Model Contracts” for Transfer of Personal Data Out of Europe

An Irish High Court ruling may have a significant impact on one of the main mechanisms that global companies use to transfer personal data out of the European Economic Area (“EEA”).  The Irish High Court ruled on 3 October 2017 that the Standard Contractual Clauses (“SCCs”) used by companies to transfer data from the EEA to US, also frequently referred to as “Model Contracts,” must be the subject of review by the Court of Justice of the European Union. (more…)

SHARE
EmailPrintShare
19 September 2017

European Commission prioritizes cybersecurity, GDPR compliance and free flow of data

On 13 September 2017, the European Commission presented its draft work program for the next sixteen months up to the end of 2018.  In addition to boosting jobs, growth and investments, the European Commission’s main priority is to improve and strengthen the Single Digital Market, where individuals as well as businesses can seamlessly access and exercise online activities under conditions of fair competition and a high level of consumer and personal data protection.  With that objective in mind, the European Commission plans to launch the following initiatives between now and the end of 2018:

(more…)

SHARE
EmailPrintShare
13 September 2017

EU Adequacy Ruling on Japan Expected

The EU Commission, through a joint statement on 4 July 2017 by Vera Jourova, EU Commissioner for Justice, and Haruchi Kumazawa, a Commissioner of Japan’s Personal Information Protection Commission, announced that the process is underway to provide Japan an EU adequacy decision on international data transfers by early 2018. Once approved, Japan will become the 13th country (crediting the US with an adequacy finding for organizations certifying under the Privacy Shield) globally and the first Asian country to be given adequate status by the EU Commission. (more…)

SHARE
EmailPrintShare
1 2 3 15
XSLT Plugin by BMI Calculator