This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 11 Issue: 3
(March 2014)


Iain Bourne, Group Manager for Policy Delivery at the Information Commissioner's Office (ICO), stated that the ICO is 'planning to introduce privacy seals within a year.' Bourne projected the ICO to move forward on the scheme in May 2014, with invitations to tender in Autumn 2014 at an evening organised by the GSM Association (GSMA) discussising the role of privacy seals on 26 March 2014. / read more

On 13 March 2014, the European Parliament approved an amended version the Network and Information Security (NIS) Directive with a huge majority. Amendments to the Directive included removing obligations for incident notification for 'all market operators in the Internet economy' following recommendations on the Directive by the Committee on the Internal Market and Consumer Protection (IMCO) in February 2014. / read more

The European Parliament ('the Parliament') adopted the Civil Liberties, Justice and Home Affairs (LIBE) Committee’s text of the draft General Data Protection Regulation ('the Regulation') on 12 March 2014. / read more


Reading some of the news coverage that followed the overwhelming approval by the EU Parliament ('the Parliament') of the draft EU Data Protection Regulation ('the Regulation'), one could be forgiven for thinking that a new law had just been passed. The reality is very different of course. Despite the victory chants by the Parliament and the EU Commission ('the Commission'), we are nowhere near the end of the much awaited EU data protection reform ('the reform'). In fact, and without ignoring the massive efforts made within the Parliament to reach a common position, agreeing the Regulation's draft text was a political priority for many members of the Parliament, who were keen to deliver their preferred draft before the spring elections. However, frustratingly for the Commission and many others who were hoping for a modernised framework this year, we have yet to see where the other legislative body - the Council of the EU ('the Council') - stands on this debate. / read more

The Council of Europe is currently undertaking a modification of its Convention 108 on the automatic processing of personal data, first announced in 2011. With talk of interoperability between regions a hot topic of discussion, developments in this area have been coming to a head, such as the revision of the Organisation for Economic Co-operation and Development’s Guidelines on 9 September 2013 and discussion around interoperability between the Asia-Pacific Economic Cooperation Cross Border Privacy Rules System and EU Binding Corporate Rules. However, Convention 108 remains the only international legally binding instrument and its scope has continued to grow, with Uruguay and Russia becoming signatories on 1 August 2013 and 15 May 2013 respectively and Morocco beginning the ratification process. Sophie Kwasny of the Council of Europe and Renato Leite Monteiro of the National University of Singapore Centre for Law and Business, examine how this project is moving towards fulfilling its objectives. / read more

The genomics revolution has begun. We have passed the '$1,000 genome mark1.' 'Exome sequencing2’ is now a routine diagnostic procedure for many clinical pathways for the health services in the UK. The volume of data that is being produced by laboratories performing sequencing is enormous, and the full scale of its value is yet to be defined. In the midst of this revolution, the future EU Data Protection Regulation (‘the Regulation’) poses a legal threat to the use of this data for research and health purposes in Europe. This threat exists alongside public concerns and misconceptions about the use of data that are no less significant. Nick Meade, Policy Analyst at the Genetic Alliance UK, examines the potential impact the Regulation would bring to medical research and the patient community desperate for a diagnosis. / read more

In Part One* of this much-anticipated interview, Nuala O'Connor Kelly speaks to Data Protection Law & Policy on her new role at the Center for Democracy and Technology (CDT) based in Washington DC, her first foray into the advocacy arena, following a number of years in the private and public sectors, namely at the Department of Homeland Security, DoubleClick and Amazon, among others. A passionate and outspoken thought leader in privacy, Nuala has witnessed closely the evolution of the information age, and is in a unique position to comment on where the boundaries of the digital self vis-à-vis companies and the government lie. / read more

On 26 February 2014, the ODPC issued its Strategy Statement 2014-2016 (‘the Strategy’) listing ‘high-level goals’ for the period, strategies for achieving these goals, and opportunities and challenges facing the ODPC. The Strategy is important as it puts new emphasis on certain obligations placed on organisations who process personal data within Ireland. John O’Connor, Partner at Matheson, examines the Strategy recently published by the Irish Office of the Data Protection Commissioner (ODPC) and provide practical recommendations for companies operating in Ireland to meet the ODPC’s expectations. / read more

The Office of the Privacy Commissioner for Personal Data (PCPD) released – on 18 February 2014 – its Best Practice Guide on Privacy Management Programmes ('the Guide'). The Guide outlines to organisations the methods by which they can build strategic frameworks for protecting personal data and achieving accountability. Data Protection Law & Policy has put together a roundtable of comments from privacy experts based in Hong Kong to provide insight into this development. / read more

The UK Court of Appeal ('the Court') held, in Efifiom Edem v The Information Commissioner1 (Edem), unless it is so common that without further information the name alone fails to identify a particular individual, an individual’s name does constitute personal data under the Data Protection Act 1998 (DPA). Rohan Massey, Partner at McDermott Will & Emery UK, examines the judgment and analyses the test used to determine whether individuals’ names are 'personal data' under the DPA. / read more

The revised Payment Services Directive (PSD2), proposed by the EU Commission on 24 July 2013 raises a number of consumer protection and data security issues. Alex Brown, Sophie Lessar and Neil Westwood, of Simmons & Simmons, examine how the PSD2 goes beyond the data security obligations set out in the Data Protection Directive (95/46/EC, 'the DP Directive'), examining its requirements and offering a number of recommendations designed to make compliance easier for those falling under the jurisdiction of both PSD2 and the DP Directive. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed