On June 25, 2020, Sidley partner, Alan Raul, founder and co-head of Sidley’s privacy and cybersecurity practice, hosted Bruno Gencarelli, head of International Data Flows and Protection at the European Commission, for a Monitor-Side Chat.
The discussion focused largely on the Commission’s report on two years of the GDPR which was issued on 24 June 2020. Key themes of the report include:
- EU data protection authorities (“DPAs”) should increase their efforts towards the adoption of a harmonised approach to responding to cross-border investigations;
- a call for greater resources to be given to DPAs by EU Member States to ensure the GDPR is sufficiently enforced;
- a need for greater consistency among EU Member States on interpretations of the GDPR in national laws in order to avoid unnecessary burdens on companies; and
- greater utilisation of the data portability right under the GDPR to ensure individuals have greater involvement in the digital economy by enabling them to switch between different service providers and make use of other innovative services.
On 19 February 2020, the European Commission published a white paper on the use of artificial intelligence (“AI”) in the EU (the “White Paper”). The White Paper forms part of the Commission President, Ursula Von der Leyen’s, digital strategy, one of the key pillars of her administration’s five year tenure, recognising that the EU has fallen behind the US and China with respect to the strategic deployment of AI. To tackle this problem, the Commission proposes a common EU approach to ‘speed up the uptake’ of AI in the EU, whilst also tackling the human and ethical implications of AI’s fast growing use in the EU, including the possible downsides of its use, such as opaque decision making and hidden, embedded gender and racial discrimination. In order to achieve a common EU approach to AI, and to create “trustworthy” AI that can rival developments in the US and China, the Commission proposes the creation of a regulatory framework for AI.
The U.S. Departments of State, the Treasury and Homeland Security and the Federal Bureau of Investigation issued a joint advisory (the Advisory) on April 15, 2020, discussing the threat to the international community posed by cyberattacks linked to the Democratic People’s Republic of Korea (North Korea), in particular highlighting concerns for the financial services sector. North Korea has been subjected to comprehensive international sanctions implemented to pressure its government to denuclearize. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has implemented additional unilateral sanctions in response to other North Korean activities, including cyberattacks, human rights violations and money laundering. In addition to broad prohibitions on trade with North Korea, U.S. sanctions bar domestic financial institutions from conducting or facilitating any significant transaction in connection with trade with North Korea or on behalf of any person whose property has been blocked under executive orders imposing sanctions on North Korea. Foreign financial institutions risk secondary sanctions for engaging in the same. (more…)
The COVID-19 global pandemic presents unique legal and practical challenges for businesses across all industries, including with respect to ongoing relationships with vendors and suppliers – whether this relates to information security, privacy compliance, business continuity and contractual issues, such as in relation to force majeure.
In this webinar, we will highlight some of the key issues companies are facing when dealing with supply chain and vendor contracts, and how their concerns can be mitigated.
In light of the ongoing Coronavirus (COVID-19) pandemic, the ICO has today issued guidance on “Data protection and coronavirus: what you need to know” for data controllers. The ICO has also published advice for healthcare practitioners. Guidance has also been issued by many other Data Protection Authorities in other European countries. (more…)
On January 14, 2020, the French data protection authority, the CNIL, proposed a consultation on its draft recommendations on practical ways to collect website user consent for cookies and similar technologies (the “Recommendations”). The Recommendations follow the publication in July 2019 of updated guidance on cookies, including requirements for obtaining GDPR-standard consent, by various European data protection authorities, including the CNIL and the ICO (the latter guidance was reported by Data Matters here). The CNIL has since undertaken a consultation to develop practical methods to obtain user consent.
On 8 January 2020, the UK’s Information Commissioner’s Office (ICO) published a draft Direct Marketing Code of Practice (Draft Code) for public consultation. The Draft Code is intended to update existing guidance published pre-GDPR and provide clarity on certain important issues.
Summarised below are the key takeaways from the Draft Code: (more…)
On January 22, 2020, the Court of Justice of the European Union (CJEU) found that there is not a general presumption of confidentiality over documents containing clinical and preclinical data provided to the European Medicines Agency (EMA) to support a marketing authorization application. However, the CJEU indicated that certain information may be protected if the interested party can specifically show that the disclosure will cause it harm. This is the first time the CJEU has ruled on this matter, upholding the EMA’s approach to handling access to documents requests.