German DSK Issues GDPR Fining Methodology Guidelines

Recently, the Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”).  GDPR enforcement across the EU has picked up over the past year.  This Fining Methodology has been issued at the time of a significant increase in GDPR enforcement action across the EU.  The European Data Protection Board (“EDPB”) reported a total of 281,088 national enforcement actions being initiated as of May 22, 2019 (approximately one year after the GDPR’s entry into application).  Since then, data protection authorities across the EU have been initiating enforcement and fines on a daily basis.  In particular, in the UK, the Information Commissioner’s Office (“ICO”) has issued two notices of intention to fine of  €114m and €215m for failure to implement appropriate data security measures.

Read More

EmailShare

Federal Banking Agencies Release Joint Statement on Use of Alternative Data for Credit Underwriting

On December 3, 2019, the five federal banking agencies1 issued a joint statement (the “Joint Statement”) regarding the use of alternative data for credit underwriting. The Agencies highlighted potential benefits that may arise from the use of alternative data, including the ability to make faster and more accurate credit determinations and the potential to provide credit at a lower rate or to individuals or small businesses that would otherwise be unable to access it. While the Agencies issued approving language regarding the use of certain types of alternative data, they also cautioned that the use of alternative data may have consumer protection implications, including fair lending, prohibitions against unfair, deceptive or abuse acts or practices and the Fair Credit Reporting Act.

Read More

EmailShare

European Data Protection Board Adopts Data Protection by Design and by Default Guidelines

On 13 November 2019, the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle (“Guidelines”).  The Guidelines provide further guidance into the technical and organizational measures and safeguards that data controllers must take into account when designing their processing activities.  The EDPB encourages early consideration of data protection by design and by default principles (“DPbDD”) and considers DPbDD to be at the forefront of GDPR compliance.  Data controllers, processors and technology providers should consider re-assessing their processing operations and products against the standards put forward in the Guidelines.

Read More

EmailShare

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. At the event, various stakeholders including e.g., corporates and NGOs, raised a number of issues including, for example:

Read More

EmailShare

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

The Securities and Futures Commission of Hong Kong (SFC) issued new guidance to regulate the use of external electronic data storage providers (EDSPs1) by licensed firms that intend to keep (or have previously kept) records or documents required to be maintained pursuant to the statutory recordkeeping rules and anti-money-laundering regime (Regulatory Records) in an online environment. The new guidance2 and related FAQs released October 31, 2019, while extensive and significant, confirm the Hong Kong regulator’s willingness to provide firms with a degree of flexibility in complying with the statutory recordkeeping obligations and clarify the baseline obligations when entering into outsourcing arrangements for the storage of records in electronic format with third-party vendors.

Read More

EmailShare

The Sixth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available

The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.

Read More

EmailShare
1 2 3 76
EmailShare
XSLT Plugin by BMI Calculator