The draft 'General Data Protection Regulation' - issued on 29 November to the EC Inter-service Group for comments and now circulating publicly - lays down the EU Commission's plans to introduce, among others, penalties between €100,000 and €1,000,000 or, in case of an enterprise up to 5% of its annual worldwide turnover, for serious data breaches. / read more

The Information Commissioner's Office (ICO) issued its 'half term' report on cookies on 13 December, clarifying, among others, that consent 'must involve some form of communication where individuals knowingly indicated their acceptance...by clicking on an icon, sending an email or subscribing to a service'. / read more

The Israeli Law, Information and Technology Authority (ILITA) published - on 21 November - 'Guidelines on the Use of Outsourcing Services of Processing Personal Information', which require database owners to assess the need to outsource and analyse the content to be outsourced prior to engaging a service provider in an outsourcing contract. / read more

Without a doubt, figuring out how to comply with the notice and consent requirements affecting the use of cookies in Europe is going to be at the top of the New Year's resolutions of many data protection officers and privacy counsels. Despite being a nearly three year old debate, inaction has so far prevailed amongst European website operators to the frustration of the data protection authorities. A frustration which is only too visible in the latest Working Party Opinion on online behavioural advertising. We are now well past the deadline to implement these requirements and it is time to start doing something other than burying our heads in the sand. / read more

Are employers entitled to monitor the email correspondence of their employees? What legal consequences does an explicit or implied permission of an employer to use the company's IT-system for private email correspondence have, if any, on such control measures? Few topics relating to employee privacy have been as controversially discussed as the employer's right to monitor the email correspondence of its employees. Recent decisions by German Higher Labour Courts appear to signal a more pragmatic approach and share more than just a ray of hope that someday reasonable monitoring activities of employers will be accepted in Germany. / read more

The IT BPO industry in the Philippines has grown exponentially over the last five years, boasting almost a threefold growth in revenues -- from US$ 3.3 billion in 2006 to US$ 9 billion in 2010. For a year, the industry has been pushing for data privacy legislation, which would enable the country to maximise its potential, and one that will provide ample flexibility in implementation. One such bill is currently pending in the Philippines Senate, the framework of which is mirrored on the Asia-Pacific Economic Cooperation (APEC) Privacy Framework. Gregorio Nunag, Managing Partner at Gregorio Nunag & Partners Law Offices, discusses the bill and its implications. / read more

US-based Chief Privacy Officer of First Data, John Atkins, discusses the practical challenges he faces, and his views on the future of privacy. / read more

2012 promises to be a momentous year for privacy and data protection. Government entities and international organisations around the world, including the EU Commission, the US Department of Commerce, the Federal Trade Commission (FTC), the Organisation for Economic Cooperation and Development (OECD) and the Council of Europe are reviewing their privacy frameworks. They seek to adapt the existing frameworks to the tectonic shifts in technology, business models, and individual engagement since they were put in place in the 1980s and 1990s. / read more

The legal system of the European Union premises upon harmonised intepretation and application of EU law; any intepretation restricting or expanding the scope of EU legislation may ultimately hamper the establishment and functioning of the internal market. Rafael García del Poyo and Miguel Ángel Serrano, Partners from Cremades & Calvo-Sotelo, who instructed ADIGITAL in the proceedings of the joined cases C-468/10 and C-469/10, examine the judgment and analyse the implication of the absence of a uniform interpretation and application of EU rules by national courts may have on the harmonisation of the whole European Union community. / read more

Recent developments in government enforcement of the Children's Online Privacy Protection Act (COPPA)¹ illustrate the expanding reach of the law to mobile applications, and a variety of other online services. Recently, proposed amendments to COPPA regulations suggest that the law will continue to expand in its reach and obligations, presenting fresh challenges to all online content providers. In US v W3 Innovations, LLC, the Federal Trade Commission (FTC) recently obtained a consent order against a mobile application developer ordering the company to pay $50,000 because it had violated COPPA. Martin L. Stern, Daniel H. Royalty and Samuel R. Castic, Lawyers of K&L Gates, list out the COPPA requirements, and examine the FTC decision in light of those. / read more