This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 10 Issue: 12
(December 2013)


Vice President of the European Commission, Viviane Reding, stated - on 6 December - that the Council of the European Union ('the Council') had "instead of moving forward, […] moved back" on the data reform package in their meeting of the Justice and Home Affairs Committee on 5-6 December. Reding said, "Instead of building on our progress in October, the document we have before us today deconstructs it." / read more

The Office of Inspector General (OIG) of the US Department of Health & Human Services published - on 4 December - a report following its audit of the Office for Civil Rights (OCR). The report found that the OCR did not meet federal requirements in enforcing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and lists a number of recommendations for the OCR to implement. / read more

The Governor General of Council ordered the enforcement schedule of Canada's Anti-Spam Law (CASL) on 4 December. Most provisions of CASL will come into force on 1 July 2014, while provisions relating to unsolicited installation of computer programs or software will come into force in January 2015. / read more


In the same way that most activities involving data are global, complying with the rules and regulations affecting those activities is a markedly global endeavour. Whether we are talking of multinational corporations with hundreds of thousands of employees or of a humble start up with a clever idea, an app or a website, the ambitions are the same: tapping into the opportunities of the global marketplace. A digital marketplace that is free from the physical constraints attached to distance, cultures and infrastructure. A marketplace that is huge and that has already turned college dorm ideas into some of the most successful and influential businesses on the planet. But, we must not forget that going global and using personal information collected from all over the world carries equally huge responsibilities which expand well beyond filing forms and sweet talking regulators. / read more

The Attorney General (AG) of the Court of Justice of the European Union (CJEU) Pedro Cruz Villalón delivered - on 12 December 2013 - his Opinion on the cases of Ireland and Austria against the Data Retention Directive 2006/24/EC (‘the Directive’) in Cases C-293/12 and C-594/12 respectively. Villalón stated that “the Directive is, as a whole, incompatible with the requirement, laid down by the Charter of Fundamental Rights of the European Union ('the Charter'), that any limitation on the exercise of a fundamental right must be provided for by law.” / read more

Technology is not the arbitrator of good or bad; it is a facilitator. The implementers bear the burden of understanding the role that the technology they employ plays in broader social values - privacy being one of those values. / read more

With respect to the transitional period to comply with the Personal Data Protection Act (PDPA), where data users have collected personal data before the date of coming into operation of the PDPA, there is a grace period of three months to comply. However, it appears to imply that for data collected from 15 November 2013 onwards, compliance would be required immediately. / read more

Anonymisation has become an important tool to maximise the utility of personal data while complying with data protection laws, converting datasets into a form where they can be shared by reducing their information content so that data subjects cease to be easily identifiable. Well-publicised re-identification attacks on supposedly anonymised data and new theories of jigsaw identification have eroded faith in anonymisation’s efficacy. The UK Anonymisation Network (UKAN), discuss the realities and risks of anonymisation, and offer their pragmatic views on how the nexus between re-identification and anonymisation could be managed. / read more

2012-13 can be dedicated to cybersecurity as India has not only initiated a Joint Working Group on cybersecurity under DyNSA, but has also released its National Cybersecurity Policy and the draft Guidelines for Critical information infrastructure. But while cybersecurity has been the main focus, India is silently making progress in the field of privacy and data protection. This article – put together by Vikram Asnani – focuses on the recent policy developments in the cyberspace and should be looked upon as a compendium. / read more

The Hungarian Parliament adopted, on 14 October 2013, Act CLXV of 2013 on Complaints and Public Interest Disclosure ('the Act'), which imposes new obligations on employee whistleblowing schemes. The Act enters into force on 1 January 2014 and will repeal Act CLXIII of 2009 on Fair Proceedings. The Act will particularly affect the processing of personal data under such procedures and the employers’ disclosure obligations. It also incorporates the practice of the Authority for Data Protection and Freedom of Information (NAIH) on whistleblowing hotlines. / read more

The German Federal Court (BGH) ruled - on 12 September 2013 - that emails sent through the 'send to a friend' functionality are to be considered spam, unless the recipient had given prior express consent. The decision (Case No. I ZR 208/12) confirms the views of lower German courts on this issue. / read more

Increasingly in the future, when an international franchising business is asked to identify its most valuable asset, it may well point to its customer data. The inexhaustible developments in technology and the rise of technology for the masses has meant that a business now has access in a way never before seen to information about how its customers tick. Whereas before, a business might run a marketing campaign based on focus group feedback, now it can target its marketing based on how individuals visit its website, use its app (on tablets as well as smartphones), as well as how they rate and recommend it on social media. And a business can perform this analysis for customer interactions on staggering amounts of data. Victoria Hordern, Director at Field Fisher Waterhouse, examines the opportunities involved in this area, and how to develop a global strategy in the course of internationalising your business, all the while increasing brand awareness and fostering consumer trust and confidence / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed