On March 6, 2018, Singapore announced that it has joined the APEC Cross-Border Privacy Rules (CBPR) system as well as the APEC Privacy Recognition for Processors (PRP) program. Singapore is the sixth member of the CBPR system, which includes Canada, Japan, Korea, Mexico and the United States, and is the second member of the PRP program after the US. (more…)
In recent years, the rise of cloud computing has led to more and more data being stored somewhere other than the jurisdiction in which it was created. This trend increasingly has led U.S. law enforcement officials to demand access to information held abroad, just as foreign officials increasingly want access to data held inside the United States. But satisfying these growing desires for cross-border access has proven complicated. The Mutual Legal Assistance Treaty (MLAT) process has not kept pace with the Internet-fueled increase in data requests, nor has a workable alternative to that process emerged. And questions remain as to whether relevant U.S. statutes authorize extraterritorial legal process. Even if law enforcement officials do have tools that allow them to seek data held elsewhere, the holders of such data may face a conflict between their obligations to respond to one country’s lawful process and the obligations to comply with another country’s privacy protections or blocking statutes. (more…)
On March 7, 2018, the U.S. Senate’s Homeland Security and Governmental Affairs Committee approved a new version of a bill (SB 2825) reauthorizing the Homeland Security Act of 2002 and including key cybersecurity provisions affecting the Department of Homeland Security (DHS). The bill is considered a critical piece of legislation that many expect will need to pass before the Congressional recess in August 2018. It already passed the U.S. House of Representatives in July 2017, and will now be considered by the full Senate. (more…)
Following months of intense debate, an attempted filibuster, and close votes in both the House and Senate, Congress last week finally extended Section 702 of the Foreign Intelligence Surveillance Act (FISA).
This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.
As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)
On 26 July 2017, the Court of Justice of the EU (“Court”) issued its Opinion on the proposed EU-Canada Agreement on the transfer and processing of Passenger Name Record data (“PNR Data”). The opinion, issued by the Court’s Grand Chamber, confirms that the Court accepts the necessity of processing large amounts of personal data to protect against terrorism in general. However, in order to ensure compliance with the EU Charter of Fundamental Rights (“the Charter”), the Court will scrutinize the details of any EU legislative act to ensure that no data are retained or accessed without a clear link to the underlying justification of combating terrorism. (more…)
On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure. The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services. The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors. (more…)
The decision by the Court of Justice of the European Union (the CJEU) on Oct. 6, 2015, invalidating the U.S.-EU Safe Harbor Decision (the Judgment) is a landmark judgment. Case C-362/14 Maximillian Schrems v Data Protection Commissioner  ECLI: EU:C:2015:650. By voiding the legal basis for transatlantic data transfers for the 4,400 companies reliant on U.S.-EU Safe Harbor, the Judgment began what has been a seismic year for data protection and crossborder data transfers in the European Union, whose aftershocks will reverberate throughout 2017 and beyond.
Following the establishment of the E.U. – U.S. Privacy Shield last summer, Switzerland has now agreed to a similar framework facilitating the transfer of personal data from Swiss companies to companies based in the United States (hereinafter “Swiss – U.S. Privacy Shield” or “Privacy Shield”) that will allow companies to certify adherence to the framework as of 12 April 2017.
2016 was a year of seismic changes in the global data protection and privacy landscape. Here, we look back at the top ten events and issues that shaped 2016, and are poised to shape the year ahead as well.
Year In Review
1. GDPR Adoption
On April 14, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (GDPR), formally completing adoption of the GDPR. The GDPR was published in the Official Journal of the EU on May 25, 2016, giving companies and Member States until the May 25, 2018 effective date to implement the Regulation fully. In the wake of its adoption, businesses should have planning under way for implementation of the significantly expanded Regulation by evaluating whether they are subject to the expanded jurisdiction, and if so, completing an internal gap analysis of current data protection practices as compared with the new requirements and rights under the Regulation. Some of the key aspects to consider include data breach response planning under the new 72-hour notice requirement, reviewing existing data protection notices and consents for the more robust obligations, identifying current profiling activities and existing data protection and retention policies and procedures, ensuring privacy impact assessments are carried out where required, and evaluating whether there is an obligation to appoint a data protection officer. Despite the time until the effective date, the extensive preparation necessary to comply presents a challenge as companies around the world refocus resources to develop compliance plans.
2. Political Cyber Warfare
There is a new front in geopolitical battles. (more…)