Category

GDPR

02 October 2018

The Trump Administration’s Approach to Data Privacy, and Next Steps

* This article originally appeared in Law360 on September 27, 2018.

On Sept. 25, 2018, the Trump administration proposed an approach and initiated a process to modernize U.S. data privacy policy.  The administration’s approach is “risk-based” rather than rule-based, and, as such, signals a willingness to move away from a privacy model of mandated notice and choice that has “resulted primarily in long, legal, regulator-focused privacy policies and check boxes.” Rather, the administration is proposing that U.S. privacy policy “refocus” on achieving desirable privacy “outcomes,” such as ensuring that users are “reasonably informed” and can “meaningfully express” their privacy preferences, while providing organizations with the flexibility to continuing innovating with cutting-edge business models and technologies.

(more…)

EmailShare
07 September 2018

New Belgian Data Protection Act Takes Effect

On September 5, 2018, the new Belgian Data Protection Act implementing the GDPR (the Belgian Act) was published and entered into force. Despite the GDPR being an EU regulation that directly applies to all EU Member States, several provisions of the GDPR explicitly allow, and even require, Member States to enact legislation which implements the law. Member States were expected to have this legislation in place by May 25, 2018, but the majority of Member States (including Belgium) did not meet the deadline. Since December 2017, however, Belgium has had in place a law implementing many of the more procedural provisions of the GDPR, namely the Act on the Establishment of the Supervisory Authority (the SA Act). The SA Act lays down the structure, powers and competence of the new Belgian Supervisory Authority, and also includes rules of procedure applicable to administrative proceedings before the Authority. (more…)

EmailShare
06 September 2018

European Data Protection Board Clarifies Application of GDPR to Payment Service Providers

On July 5, 2018, the European Data Protection Board (EDPB)1 replied to a request from a Member of the European Parliament (MEP), Dutch Democrat Sophie in ‘t Veld, for clarification on a number of issues relating to the protection of personal data under the EU General Data Protection Regulation (2016/679) (GDPR) and the revised EU Payment Services Directive (2015/2366) (PSD2). In its response, the EDPB set out its position on how the requirement to obtain explicit consent from payment service users under PSD2 interacts with the GDPR. The EDPB also provided guidance on the use of personal data relating to a payee by an account information service provider or a payment initiation service provider acting for a payer.

This post summarizes the EDPB’s stated positions on these points and explores the implications for firms providing payment services in the European Economic Area (EEA).

(more…)

EmailShare
29 August 2018

DataGuidance’s Thought Leaders in Privacy: Vishnu Shankar

Vishnu Shankar, an associate in our London office, spoke with DataGuidance at the 2018 IAPP Data Protection Intensive. He discussed his recommendations on regulatory requirements regarding breach notification across several key pieces of legislation, including the GDPR and the NIS Directive, as well as sector-specific requirements.

See More >>

EmailShare
23 August 2018

Dutch Supervisory Authority Investigates GDPR Compliance in the Healthcare Sector

On 21 August 2018, the Dutch Supervisor Authority announced that it had conducted an investigation into the designation of a Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR) by 91 hospitals and 33 healthcare insurers in the Netherlands. Two hospitals had not yet communicated the contact details of their DPO to the Dutch Supervisor Authority, and were given four weeks to designate a DPO. In addition, the Supervisor Authority found that 25% of the hospitals and healthcare insurers whose practices were reviewed did not properly publish their DPO’s contact details on their website. They will also be expected to implement the necessary compliance measures. (more…)

EmailShare
16 July 2018

Privacy as a “Fundamental Right” Clouds Smart Regulation

*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018

There is a lot going on with privacy around the world. As discussed in the chapters of this book, significant new laws are being adopted or taking effect, important judicial decisions are being decided to interpret existing legal requirements, and citizens are contending with their own expectations about confounding new technologies and business models. It is not clear, however, that the public policy being developed in any country is a thoughtful reaction to the promises and perils of today’s digital economy, rather than a knee-jerk over-reaction to imagined harms and a handful of high-profile incidents. (more…)

EmailShare
14 June 2018

European Lawmakers Call on the EU to Suspend the EU-U.S. ‘Data Transfer’ Privacy Shield

On 11 June 2018, members of a Committee within the European parliament (“MEPs”) narrowly voted in favour of suspending the EU-U.S. Privacy Shield (“Privacy Shield”), an agreement that facilitates the transfer of personal data of EU data subjects to the U.S., unless the U.S. government fully complies with the Privacy Shield data protection requirements by 1 September 2018. Although the resolution is only a draft and has no legal effect, it reflects continued European concerns surrounding Privacy Shield.   (more…)

EmailShare
30 May 2018

European Data Protection Board Releases Statement on the Revision of the ePrivacy Regulation

On 28 May 2018, the European Data Protection Board (the “EDPB”) released a statement on the revision of the ePrivacy Regulation (the “proposed Regulation”) and its impact on the protection of individuals in relation to the privacy and confidentiality of their communications. It is the first statement of substance by the EDPB since it was established by the EU General Data Protection Regulation on 25 May 2018.  The statement calls on the European Commission, Parliament and Council to work together to ensure a swift adoption of the proposed Regulation, which will replace the current ePrivacy Directive (the “Directive”).

(more…)

EmailShare
16 April 2018

Hong Kong Issues EU Data Privacy Law Guidance on the upcoming GDPR

The Hong Kong Office of the Privacy Commissioner for Personal Data (the “Hong Kong Data Privacy Commissioner”) has recently published compliance guidance on the upcoming GDPR to raise awareness in Hong Kong companies about the potential effects and reforms needed in order to comply with the new GDPR requirements. (more…)

EmailShare
12 April 2018

The British Private Equity & Venture Capital Association issues “Guide to GDPR for the Funds Industry”

The British Private Equity & Venture Capital Association has issued a Guide to GDPR for the Funds Industry focusing on practical guidance, including explanations of what the GDPR is and why it is relevant for the funds industry.  Authors included Sidley lawyers William RM Long, Geraldine Scali, Vishnu Shankar, Francesca Blythe, Denise Kara and Eleanor Dodding.

The GDPR, or the General Data Protection Regulation, is a new EU data privacy law that comes into force on 25 May 2018. The GDPR is intended to provide a single harmonised data privacy law that applies across the EU and is appropriate for the use of Personal Data in the 21st century. The GDPR imposes many new data protection requirements on the collection, use and disclosure of Personal Data which will be relevant to firms and imposes significant fines of up to 4% of annual worldwide turnover.

The Guide describes how key parts of the GDPR will apply to firms and key obligations and issues for firms to consider in dealing with the GDPR.  Read more.

EmailShare
1 2 3 5
XSLT Plugin by BMI Calculator