This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 12 Issue: 10
(October 2015)


The Court of Justice of the European Union (CJEU) delivered, on 1 October 2015, its judgement in Weltimmo s.r.o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság (C-230/14), declaring that the concept of ‘establishment,’ under the Data Protection Directive 95/46/EC (‘the Directive’), extends to any ‘real and effective activity, even a minimal one, exercised through stable arrangements,’ in the context of which the data processing is carried out (‘the Judgement’). / read more

The German Parliament adopted, on 16 October 2015, a new Data Retention Act (‘the Act’), which requires telephone and internet providers to store traffic data for ten weeks, and location data for four weeks. The Act has received a significant amount of criticism, most recently from the Schleswig-Holstein State Commissioner for Data Protection, which stated that the final provisions included in the Act had not dispelled its concerns over the Act’s compatibility with the Court of Justice of the European Union’s decision invalidating the Data Retention Directive (2006/24/EC). / read more

The Governor of California, Jerry Brown, signed, on 6 and 8 October 2015, six bills relating to privacy and data protection matters. In particular, three of the bills update the data breach notification framework, whilst further bills also regulate the access of electronic communications, smart TVs and drones. / read more


“What is the worst thing that could happen?” I was asked at one the many recent events discussing the consequences of the Court of Justice of the European Union’s (‘CJEU’) decision on the adequacy of Safe Harbor. “That all personal dataflows between Europe and the US are deemed to be unsafe and hence unlawful” was my answer. Not a prospect that I ever thought could materialise, but the general panic surrounding this issue is leading us to believe it might. The much awaited statement by the Article 29 Working Party does not give us much comfort: It calls for a political, legal and technical solution, and warns that if this is not found by the end of January 2016, regulators will take ‘all necessary and appropriate actions.’ / read more

The Italian Personal Data Protection Code (‘the Code’) ensures that personal data shall only be processed by respecting data subjects’ rights, fundamental freedoms and dignity, whilst Article 32 of the Italian Constitution safeguards health as a fundamental right of the individual. Professor Licia Califano, member of the Italian data protection authority (‘Garante’), explores the balancing exercise between these two rights, and of the recently adopted ‘Guidelines on the Health Dossier’ (‘the Guidelines’) against this backdrop. / read more

Tharishni Arumugam, Regional Privacy Counsel, Asia Pacific, at Aon, spoke to Data Protection Law and Policy about her role in standardising global privacy policies and compliance, ensuring the security of personal data, and conducting cross-border data transfers. / read more

The privacy community on both sides of the Atlantic was shaken after the Court of Justice of the European Union (‘CJEU’) decided that Safe Harbor was no longer an adequate mechanism by which companies can transfer personal data of EU citizens to the US. In this article, Ruth Boardman and Emma Drake, Partner and Associate respectively at Bird & Bird, provide insight into the judgement and comment on the responses it has generated, including that of the Article 29 Working Party (‘WP29’). / read more

Patient engagement is considered by the US Administration to be one of the ways to reduce costs and deliver better healthcare. Yet, the legislation regulating how healthcare businesses can engage with patients dates back to 1991 and as Ryan Blaney, Partner at Cozen O'Connor, argues, it presents an obstacle for patient engagement. In this article, Blaney navigates the intricate consent requirements when the Telephone Consumer Protection Act 1991 (‘TCPA’) and the Health Insurance Portability and Accountability Act 1995 (‘HIPAA’) intersect, and provides a clear set of recommendations which companies should adopt to avoid class actions. / read more

On 5 October 2015, the My Number Act (‘the Act’) came into force in Japan, introducing a new national ID system for all individuals resident in Japan (whether Japanese or foreign) under which they will receive a unique individual number (‘My Number’). An individual’s My Number is regarded as their confidential private information and its handling is subject to stringent regulation. The specific obligations for employers are laid down in recently issued guidelines (‘the Guidelines’). / read more

New guidelines and regulatory changes in the sphere of cookie compliance took place during 2015. In Italy, guidelines issued in 2014 came into effect, whilst in the Netherlands, amendments to the Dutch Telecommunications Act introduced a lighter regime for cookies. Massimiliano Masnada and Joke Bodewits, Counsel and Senior Associate respectively at Hogan Lovells, provide insight into these developments as well as their impact on organisations. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed