This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 12 Issue: 9
(September 2015)


The Japanese Diet announced, on 3 September 2015, that its two houses had passed a bill amending the Personal Information Protection Act 2003 (‘PIPA’) (‘the Amendments’), which was then promulgated on 9 September 2015. Although the lower house of the Diet had already passed the Amendments, on 21 May 2015, the review in the upper house was stopped for several months, following a data breach at the Japanese Pension Service, which affected 1.25 million people. / read more

Both the German Conference of the Data Protection Commissioners of the Federation and of the States (‘the Commissioners’) and the UK Information Commissioner’s Office (‘ICO’) released, on 26 August 2015, their recommendations in relation to the Council of the European Union’s (‘the Council’) agreed version of the draft General Data Protection Regulation (‘GDPR’). / read more

The Norwegian protection authority (‘Datatilsynet’) issued, on 24 August 2015, a guide relating to the anonymisation of personal information (‘Guide’). The Guide provides practical guidance for data controllers on the considerations to be made prior to anonymising data and highlights Datatilsynet’s opinion on the effectiveness of different methods. / read more


Let me put this straight: I believe that in the internet age a law that places an outright prohibition on dataflows on the basis of geography is a bad law. Digital information is naturally immune to jurisdictional barriers because the wired and wireless networks it inhabits were created to be global. So placing jurisdictional restrictions on the flow of that information is both unrealistic and ineffective, as the focus shifts from protecting the information irrespective of its location onto how to overcome those artificial restrictions. Yet many laws around the world - old and new - create such barriers in an attempt to preserve the protection afforded to that data in their home jurisdiction. For more than 20 years, Europe has led the charge on this front and the forthcoming data protection regulation is set to preserve the same regime for another 20 years. / read more

The world is moving from a limited data universe to one of virtually unlimited, big data. Other than the falling cost of data storage, this is being pushed by the potential benefits driven by data analytics and the connected world presented by the Internet of Everything, Smart Cities, and data collection technologies. Wearable technology is at the very heart of this and is encouraging growth of big data industries, often in the name of customer intelligence. James Collings, Consultant at Deloitte, provides an overview of the privacy and security concerns regarding modern wearable technology for consumers and businesses alike. / read more

Symphony, a new secure messaging service for financial institutions, was officially launched on 15th September 2015. The day before, the New York Department of Financial Services (‘DFS’) entered into agreements with four member banks of the consortium behind Symphony. The agreements impose a seven-year data retention requirement on Symphony, and require the banks to store duplicate copies of the decryption keys for their messages with ‘independent custodians.’ / read more

One of the more controversial laws passed in the UK in recent years is the Data Retention and Investigatory Powers Act 2014 (‘DRIPA’). The debate in the UK about retention of, and access to, communications data was recently examined in Davis & Others v. Secretary of State for the Home Department [2015] EWHC 2092 (Admin). The High Court considered the lawfulness of DRIPA and ruled that the UK Government had not legislated in compliance with EU law. Victoria Hordern, Senior Associate at Hogan Lovells, provides a case analysis of the decision. / read more

In the Queen’s Speech, on 28 May 2015, the UK Government announced the Investigatory Powers Bill (‘the Bill’), which will reportedly require cryptographic back doors into end-to-end encryption. In response to the Government’s decision, Eris Industries, a technology firm working primarily with the financial sector, announced that it would leave the UK, if the Bill entered into law. Data Protection Law & Policy spoke with Preston Byrne, co-founder and COO of Eris to discuss its decision. / read more

The Ashley Madison privacy hack highlights the fact that privacy online is not guaranteed. Subscribers to the website were promised secrecy and discretion and the hacking incident has seen them faced by uncertainty and public scrutiny of their personal relationships. As the incident has unfolded, there have been assertions that the subscriber data may have been stolen by an insider, possibly a disgruntled ex-employee. Louise Randall, Associate at Shoosmiths LLP, outlines what lessons can be learned from this incident and how employers can ensure that both they and their employees are compliant with the Data Protection Act 1998 (‘DPA’). / read more

Recent years have witnessed an increasing number of emerging economies adopting data protection laws. The driving forces behind this trend have been expressed as being for a variety of purposes. These purposes include social reform through the upholding of human rights and economic motivations such as the desire to attract business from more developed foreign economies. James Castro-Edwards, Partner and Head of Data Protection at Wedlake Bell LLP, considers some of those emerging economies that have adopted data protection laws and some of the potential benefits available to them. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed