The Article 29 Working Party Releases Draft Guidelines on Key Elements of the GDPR Including the Right to Data Portability, Data Protection Officers and the Lead Supervisory Authority
On 15 December 2016 the Article 29 Working Party (“WP29”) released draft guidelines and FAQs on key provisions in the EU’s General Data Protection Regulation (“GDPR”). The guidelines cover the right to data portability, data protection officers and the lead supervisory authority. The WP29 has invited … Read More
FCA Outlines its Approach to Cybersecurity in Financial Services Institutions
A recent speech by the Financial Conduct Authority (“FCA”) Director of Specialist Supervision, Nausicaa Delfas, delivered at the Financial Times’ Cyber Security Summit, shows that the FCA, which is the leading financial services regulator in the United Kingdom, is taking the issue of cyber security seriously and that it believes … Read More
European Commission adopts its Work Programme for 2017; includes focus on Digital Single Market Strategy and General Data Protection Regulation
On October 25, 2016 the European Commission (the “Commission“) adopted its 2017 Work Programme (the “Work Programme”) which sets out what the Commission intends to do over the next 12 months. The Work Programme is the third to be presented under Jean-Claude Junker’s presidency of the … Read More
BayLDA fines organisation for DPO appointment
The Bavarian State Commissioner for Data Protection (“BayLDA“) announced on October 20, 2016, that it had fined a company for appointing an IT manager as its data protection officer (“DPO“). Germany’s strict data protection laws mean that appointing a DPO has long been a requirement for … Read More
EU-U.S. Privacy Shield challenged in CJEU
Two legal challenges have been filed at the Court of Justice of the European Union (“CJEU”) against the European Commission’s adequacy decision on the EU-U.S. Privacy Shield. Privacy Shield was adopted on July 12, 2016 after the CJEU struck down the earlier Safe Harbour agreement in October 2015 over concerns … Read More
ICO Updates Guidance on Privacy Notices
The EU Data Protection Directive requires that data be processed fairly, which includes providing individuals with certain information about how a business uses their data, for example, by way of a privacy notice. These information requirements will be enhanced under the new EU Data Protection Regulation (“GDPR“), which … Read More
House of Lords Amends Investigatory Powers Bill to Recognise Privacy as a “Fundamental Priority”
Members of the UK House of Lords have amended the Investigatory Powers Bill to make privacy a fundamental concern by inserting the following in clause 1 –
“This Act sets out the extent to which certain investigatory powers may be used to interfere with privacy.”
The amendment, proposed by Lord … Read More
G7 Sets Guidelines for Cybersecurity for the Financial Sector
As the financial services sector becomes ever more reliant on new technologies to decrease costs and create more efficient systems, it becomes more vulnerable to cyber attacks. On October 11, 2016, the Group of Seven (“G7”) industrial nations agreed on a set of guidelines to combat the cyber risks that … Read More
European Data Protection Supervisor Publishes Opinion on Big Data and the Enforcement of Fundamental Rights; Emphasizes Concern over Data Monopolies
On September 23 2016, the European Data Protection Supervisor (“EDPS“) published an Opinion on the coherent enforcement of fundamental rights in the age of big data (the “Opinion”). Building upon the preliminary opinion it published in 2014, the EDPS sought to emphasise the importance of the … Read More