ICO Publishes Draft New Guidance on PETs
On 7 September 2022, the Information Commissioner’s Office (“ICO”) published draft guidance (“Guidance”) on privacy-enhancing technologies (“PETs”). It is hoped that the Guidance will help organizations have the confidence to utilize PETs to develop innovative applications without compromising on privacy concerns, or trust. The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. We consider the key learning points from the Guidance below. (more…)
China Data Law Update: Certification Rules and Draft Standard Contract Are Issued
As the year approaches its halfway point, Chinese government accelerates the legislation for cross-border data transfers. (more…)
Reflecting on the UK Inaugural DaTA Conference: Top Five Trends to Watch as Global Regulators Step up Enforcement in Digital Markets
Last week, the UK Competition and Markets Authority (CMA) hosted its inaugural Data, Technology, and Analytics (DaTA) Conference.
The CMA DaTa Conference has been hailed as a milestone as it convened for the first time regulators, data scientists, engineers, tech companies, and academics to discuss evolving challenges in digital markets. The conference coincided with London Tech Week, during which Chris Philp, UK Minister for Tech and the Digital Economy, unveiled a new UK Digital Strategy: the UK government’s vision for regulating digital markets, involving a monitoring framework and outcomes-focused regulation. The government has opened a public consultation, and stakeholders have until September 5, 2022, to offer their views on the proposed approach.
Against this background, here is our selection of the top five trends that stood out over the course of the CMA DaTa Conference. (more…)
Spotlight on Women in Privacy – Hattie Davison
Hattie Davison, UK Government, Department for Digital, Culture, Media and Sport, Head of Data Reform Policy (more…)
Understanding China’s Data Regulatory Regime: China Solicits Public Comments on Certification Rules for Cross-Border Data Processing Activities
Certification by a professional institution is one of the mechanisms permitted under China’s Personal Information Protection Law (PIPL) to legitimize cross-border transfers of personal information. Other permitted mechanisms include governmental security review and standard contractual clauses to be issued by the Chinese government. However, to date, there have been no clear rules on the criteria and procedures for obtaining the PIPL certification. (more…)
The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech
As regulators around the world fiercely debate new ways to oversee competition in the digital sector, the EU is on the brink of formally approving a landmark new law. The Digital Markets Act (DMA) will impose a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and give the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance.
Once it comes into force, the DMA is set to revolutionize the way in which so-called Big Tech is regulated in the EU, shifting toward ex-ante rulemaking and away from traditional after-the-fact enforcement. Given the far-reaching nature of the DMA obligations, their effects will likely be felt globally.
There is a lot to digest, so below is our breakdown of the top 10 key points you should know about the EU’s new rules. (more…)
Data Matters: The Declaration for the Future of the Internet
On April 28, 2022, the White House announced, in partnership with 60 global partners, the launch of the Declaration for the Future of the Internet, also known as the “DFI.”
According to the White House briefing, the Declaration sets forth the shared principles regarding how parties should comport themselves with respect to the Internet, the digital ecosystem, and the digital economy. The Declaration affirms that the signatories are committed to defending the Internet, to governing it by a multi-stakeholder approach, and to promoting an open, free, global, interoperable, reliable, and secure Internet for the world. The State Department’s newly formed Bureau of Cyberspace and Digital Policy put out a nearly identical statement. (more…)
EU Data Governance Act – Edging Closer to a European Single Market for Data
On 6 April 2022, the European Parliament formally approved the Data Governance Act (“DGA”), which establishes a legal framework to promote the availability of data and increase trust in data sharing across sectors in the EU. Some of the key objectives of the new legislation include enabling the re-use of certain categories of protected public sector data and making it easier and safer for citizens and businesses to share their data with relevant stakeholders. (more…)
5 Global Data Protection Trends To Watch In 2022
*This article was first published by Law360 on January 3, 2022.
A recent discussion with Elizabeth Denham and Claudia Berg of the U.K. Information Commissioner’s Office provided ample food for thought on the direction in which data protection regulation both in the U.K. and internationally is headed, including key trends to watch for in data protection.
View article.
Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods
In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Last week, the EU Member States agreed on some proposed changes to the proposal, including strengthening of the data privacy provisions. According to the proposal, in order to obtain a Digital Green Certificate, individuals must prove that they have been vaccinated, present a negative test result, or have recently recovered from COVID-19. The proposal allows the issuance of a certificate for all COVID-19 vaccines, which have received an EU-wide marketing authorisation, however only the results of certain in vitro diagnostic tests will be considered valid.
