This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 13 Issue: 3
(March 2016)


The Asia-Pacific Economic Cooperation (‘APEC’) Electronic Commerce Steering Group announced, on 25 February 2016, that the Japan Institute for Promotion of Digital Economy and Community (‘JIPDEC’) has been approved as an accountability agent for the supervision of the APEC Cross-Border Privacy Rules system (‘CBPR’), a system developed by participating APEC economies to enhance cross-border flows of personal information within them. The APEC’s approval of the JIPDEC makes Japan a ‘fully operational participant’ of the CBPR system. / read more

The UK Information Commissioner’s Office (‘ICO’) published, on 14 March 2016, a 12 step guide in preparation of the General Data Protection Regulation (‘GDPR’), which provides a checklist of steps businesses can implement to anticipate the coming into force of the GDPR (‘the Guide’). / read more

The Office of the Privacy Commissioner of Canada (‘OPC’) released, on 8 March 2016, a fact sheet on the top ten dos and don’ts in conducting privacy impact assessments (‘PIA’) (‘the Fact Sheet’). According to the Fact Sheet, PIAs should include mitigation measures and target completion dates. / read more


Sorting out the legalities of transferring data from the EU to the US (or to the rest of the world for that matter) has become an intense focus of attention in recent months. The invalidity of the adequacy status of Safe Harbor by Europe’s top court opened a massive compliance hole for multinationals which, in some cases at least, may take years to fill. This has led to a very uncertain situation which is threatening the viability of today’s essential dataflows. Against this background, the much-awaited publication of the EU-US Privacy Shield framework gives us some hope about a possible resolution of this challenge. / read more

The European Commission (‘the Commission’) released, on 29 February 2016, the legal texts that will put in place the EU-US Privacy Shield (‘the Privacy Shield’). The documents include a communication from the Commission summarising the actions taken so far to restore trust in trans-Atlantic data flows, a draft adequacy decision, the Privacy Shield Principles companies will have to abide by and US Government letters on their official representations and commitments under the Privacy Shield. DataGuidance in association with Sidley Austin LLP, provided their thoughts on the development during a live webinar, on 2 March 2016. / read more

On 18 December 2015, President Obama signed into law the Cybersecurity Act of 2015 (‘the Act’). The Act seeks to enhance nationwide cyber security by encouraging cyber threat information-sharing between private and federal entities through the introduction of a number of clarifying provisions and exemptions. Michael Vatis and Kaitlin Cassel, Partner and Associate at Steptoe & Johnson LLP respectively, shed light on the key provisions introduced by the Act. / read more

On 10 July 2015, the Argentine National Labour Court of Appeals (‘the Court’) issued a decision (‘the Decision’) in Pavolotzki Claudio et al v. Fischer Argentina S.A. (File N° 48538/2012) upholding employees’ rights to have their employers refrain from installing geolocation softwares on their mobile phones. Florencia Rosati, María Eduarda Noceti and Manuela Adrogué, Partner and Attorneys respectively at Estudio Beccar Varela, describe and analyse the Decision both from a labour law standpoint and through a privacy lense. / read more

The Personal Data Protection Authority (‘APDP’), instituted by the Law n° 2013/015 on Personal Data Protection in the Republic of Mali, organised a ceremony to mark the launch of its activities on 10 March 2016 at the International Conference Centre of Bamako (‘ICCB’). / read more

Since 2011, when the Government of India issued rules on privacy (‘Privacy Rules’), many articles on Indian privacy law have described the rules and the requirements under them. The discourse on the rules however, do not deal first with the statutory basis on which they were issued and the consequences of the same. As a result, multinationals doing business in India have focused on trying to comply with the rules which, in some respects, is a near impossible task. This article examines the statutory basis for the Privacy Rules and sets out a simple pathway by which multinationals with sophisticated privacy policies can ensure compliance with Indian privacy law by considering the general Privacy Rules in India and not addressing sector-specific rules, which mostly relate to the banking, telecom and medical fields. / read more

On December 2015, following a terrorist attack in San Bernardino, two of the suspected terrorists, Syed Rizwan Farook and his wife, were killed by US authorities. In the days that followed, the FBI recovered an iPhone that had been used by Farook prior to the shootings. Farook and his wife worked to hide evidence that could be used by the authorities in the investigations, including the destruction of two mobile phones and a computer hard drive. This made the iPhone in question one of the few pieces of evidence available for investigators to pursue. Unfortunately for the investigators, the terrorists had utilised one of the iPhone’s security features that required a password to be entered prior to the phone being turned on. This security feature is one that most cyber security professionals recommend users enable to safeguard the privacy of their data should the phone be lost or stolen. Once enabled, unless the correct numerical code is entered, the phone will not ‘open,’ thereby rendering it inoperable. A further, and more advanced, security feature in the phone permits the owner to select an option that orders it to delete all data should 10 incorrect password attempts be entered. / read more

In 2012, Plaintiff Deborah Douez, a British Columbia resident and Facebook user since 2007, initiated a class proceeding against Facebook on the ground that the social network had breached the British Columbia Privacy Act 2003 by using her name and portrait without her consent in an advertisement known as (now defunct) ‘Sponsored Stories.’ The latter was a paid advertisement system featuring the names and portraits of Facebook users, which were sometimes displayed on the ‘news feeds’ (personal homepages) of these users’ friends. / read more

On 8 March 2016, the Dutch data protection authority (‘DPA’) announced that following investigation, two companies had stopped the processing health data of their employees through wearables. The companies had provided their employees with fitness bracelets which measured the movements of these employees. One company even had insight into the sleep and waking patterns of its employees. The DPA stressed that such personal data of employees may not be processed by an employer, not even when the employee has given its consent. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed