This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 11 Issue: 7
(July 2014)


The Data Retention and Investigatory Powers Act (DRIP) received Royal Assent on 17 July 2014, following agreement by the House of Commons and the House of Lords. The legislation comes into force with immediate effect and requires communications service providers (CSPs) to retain communications data for up to 12 months. / read more

The Federal Trade Commission (FTC) updated, on 16 July 2014, the frequently asked questions (‘FAQs’) on the Children’s Online Privacy Protection Act 1998 (COPPA), with particular focus on mobile apps and verifiable parental consent (‘VPC’). / read more

Russian Bill No. 5534246 (‘the Bill’) was signed on 21 July 2014 by President Vladimir Putin, following its recent approval by the Federation Council and the State Duma. The Bill intro- duced amendments to the Federal Law on Personal Data, No. 152-FZ, and will prohibit the storage of personal data relating to Russian citizens outside of the Russian Federation. The amendments are expected to come into force in 2016. / read more


The dust has yet to settle, but much has already been said about the implications of the Google Spain decision by the Court of Justice of the European Union (CJEU) and the right to be forgotten. The controversy has focused on the impact of this judgment on freedom of expression and the right of access to information, as well as the potentially devastating effect of a large amount of deletion requests. EU regulators are wondering – like everybody else – how big and unmanageable this is going to get, whilst search engines scramble for resources to deal with the unknown. With the prospect of an even more demanding EU privacy framework looming over the horizon, the right to be forgotten decision is a potential game changer for the whole internet industry. but the CJEU did not just enable an unprecedented level of control by individuals over their data, it shook the basis on which the applicability of EU data protection law has been understood until now. / read more

In this feature, Michelle Dennedy, Jonathan Fox and Thomas R. Finneran, authors of ‘The Privacy Engineer’s Manifesto: Getting Value from Policy to Code to QA to Value,’ discuss the what, how and why of privacy engineering, defined as using engineering principles and processes to build controls and measures into processes, components, systems and products. They discuss the benefits around implementing such a methodology and how its application could take place. / read more

In May 2014, the Italian Data Protection Authority (‘Garante’) issued new rules on cookie use, requiring website operators to seek prior consent for non-technical, user profiling cookies. Laura Liguori and Federica De Santis, of Portolano Cavallo Studio Legale, explain the new rules, the notification requirements, the applicable penalties and discuss areas which the new rules may have overlooked. / read more

Although more companies are now aware of the risk of cyber attacks, the list of companies affected by an attack continues to grow. Stephen Bonner, an Information Protection Partner with KPMG’s Financial Services team, explains the different types of common threat, outlining different methods that companies can use to protect against threats and react in cases where data is compromised. / read more

Difficulties often manifest themselves in transferring data from the ‘safe’ EU to the ‘unsafe’ US. Difficulties also exist with US law enforcement authority requests for access to such data, which is often not permitted under EU law. Jana Fuchs, an associate with bryan Cave llP, examines the problem and potential solutions. / read more

a 2014 Court of Justice of the European Union (CJEU) ruling in the Google Spain case attempted to carve out a right to be forgotten under existing EU data protection law, with repercussions on several sectors and, most importantly, on the public right to know and access to information. The CJEU did not mandate a universal right to removal of information about oneself, but only inadequate, irrelevant, excessive data in certain conditions. James leaton Gray, Controller, information Policy at the bbC’s Future media Division, explains that the approach to this issue in the upcoming Data Protection regulation is much broader, and argues that the time is right for a proper debate about how far a ‘right to be forgotten’ should go. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed