This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy



Data Protection Leader

Volume: 13 Issue: 6
(June 2016)


News

The Court of Justice of the European Union’s (‘CJEU’) Advocate General (‘AG’), Henrik Saugmandsgaard Øe, issued, on 2 June 2016, his opinion in Verein für Konsumenteninformation v. Amazon EU Sàrl (Case C-191/15) (‘the Opinion’). The Opinion affirms that Article 4(1)(a) of the Data Protection Directive (95/46/EC) (‘the Directive’) must be interpreted as meaning that the law of one single Member State (‘MS’) applies to data processing operations, and the MS’s applicable law should be determined looking at the controller’s establishment, in the sense clarified by the CJEU in Weltimmo s. r. o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság (C-230/14), i.e. any ‘real and effective activity’ exercised ‘through stable arrangements.’ / read more

The Personal Data Protection Commission (‘PDPC’) published, on 9 June 2016, its Guide to Handling Access Requests, which aims to assist organisations with their legal obligations under the Personal Data Protection Act 2012 (‘PDPA’) when processing, rejecting and recording access requests (‘the Guide’). In particular, it addresses how organisations should determine response timeframes and identities of individuals and details the circumstances in which they are not required to provide the data subject with access to their personal dat / read more

The Federal Trade Commission (‘FTC’) announced, on 8 June 2016, that Practice Fusion, Inc. agreed to settle charges that it publicly disclosed consumers’ private information without adequately informing them about how it uses, maintains, and protects the privacy and confidentiality of the information collected, as well as for failing to obtain consumers’ consent (‘the Settlement’). / read more

The UK Information Commissioner's Office ('ICO') presented, on 28 June 2016, its 2015 annual report ('the Report'). The Information Commissioner ('the Commissioner'), Christopher Graham, mentioned recent developments including the results of the UK referendum concerning its membership of the European Union and the approach going forward. / read more

The National Privacy Commission ('NPC') released, on 20 June 2016, the proposed Implementation Rules and Regulations ('IRR') for the Data Privacy Act 2012 ('Privacy Act'), which aim to 'further enforce the Privacy Act and adopt generally accepted international principles and standards for data protection.' In particular, the proposed IRR include 14 Rules addressing the role of the NPC, the implementation of the privacy principles, rights of data subjects, breach notification procedures, accountability, notification and registration as well as outsourcing agreements. / read more

The Minister of Economic Development, Grant Gibbons, announced, on 1 July 2016, that the Personal Information Protection Bill ('the PIPA Bill') had been tabled in Parliament ('the Statement'). In particular, the PIPA Bill seeks to establish the right to 'informational privacy' for individuals as well as advance Bermuda's economic interests through the adoption of international standards, with the aim of becoming a 'trusted country.’ / read more

The EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, and U.S. Secretary of Commerce, Penny Pritzker, announced, on 12 July 2016, that the adequacy decision had been adopted by the European Commission ('the Commission'). According to the Commission, the Privacy Shield reflects the requirements set out by the Court of Justice of the European Union ('CJEU') in its ruling from 6 October 2015, which declared the Safe Harbor framework invalid. The Privacy Shield, composed of the adequacy decision and accompanying annexes, is now officially the new framework designed to protect personal data transferred from the EU to the US as well as to ensure legal clarity for businesses relying on transatlantic data transfers. / read more


Features

The people of the UK have spoken and our collective choice is to leave the European Union. Some are dreading the likely tsunami of economic hardship. Others are excited about what may lie ahead. Most of us are shocked. But as numbing as the verdict of the UK electorate may be, there are crucial political, legal and economic decisions to be made. The ‘To Do’ list of the UK Government will be overwhelming, not least because of the dramatic implications that each of the items on the list will have for the future of the country and indeed the world. Steering the economy will be a number one priority and with that, the direction of travel of the digital economy, which, at the end of the day, is one of the pillars of prosperity in the UK and everywhere else. / read more

The people of the UK have spoken and our collective choice is to leave the European Union. Some are dreading the likely tsunami of economic hardship. Others are excited about what may lie ahead. Most of us are shocked. But as numbing as the verdict of the UK electorate may be, there are crucial political, legal and economic decisions to be made. The ‘To Do’ list of the UK Government will be overwhelming, not least because of the dramatic implications that each of the items on the list will have for the future of the country and indeed the world. Steering the economy will be a number one priority and with that, the direction of travel of the digital economy, which, at the end of the day, is one of the pillars of prosperity in the UK and everywhere else. / read more

The National Congress approved, on 13 May 2016, the Draft Bill on the Protection of Personal Data, now the Bill of Law 5276/2016, with very few changes (‘the Bill’). In addition, the Bill was given constitutional urgency, requiring it to be voted on within 45 days. Renato Leite Monteiro, Privacy and Data Protection Specialist, and Bruno Ricardo Bioni, Attorney at Brazilian Network Information Center, outline the key changes that the Bill would bring, as well as the current state of events influencing its consideration. / read more

Since Edward Snowden’s release of 1.7 million top-secret documents from the U.S. National Security Agency (‘NSA’) in summer 2013, outdated laws on privacy have been brought to the forefront of public debate. Data Protection Lawyer, Asel Ibraimova, provides a timeline of events following the revelations as well as her thoughts on the discussions that have taken place on data access, retention, transfer and encryption. / read more

The Asia-Pacific Economic Cooperation (‘APEC’) Cross-Border Privacy Rules (‘CBPR’) may not yet have reached the ‘most stolen privacy seal’ status, but a recent case by the US Federal Trade Commission (‘FTC’) may have revealed that this up-and-coming Asia Pacific-based cross-border data transfer mechanism is gaining recognition and may very well be on that trajectory. / read more

The Düsseldorfer Kreis, a working group of German data protection authorities (‘DPAs’) similar to the Article 29 Working Party, but on a German level, issued a new working paper (‘the Working Paper’) on standard consent in accordance with the German Federal Data Protection Act (‘FDPA’). The Working Paper casts light on current consent requirements and provides practical recommendations for organisations to adopt. Dr. Jürgen Hartung, Partner at Oppenhoff & Partner, provides a practitioner’s perspective on the Working Paper, outlining the positive and negative aspects. / read more

Telecommunications services represent a major economic activity in Mexico and the Federal Telecommunications and Broadcasting Law (‘FTBL’ or ‘Ley Telecom’) regulates the enjoyment of this extensive spectrum of service. Isabel Davara and Alexis Cervantes, Founder and Senior Associate respectively at Davara Abogados, provide their insights into the legal provisions which regulate the privacy rights of telecommunication service users as well as providers’ obligations regarding the disclosure and retention of users’ personal information. / read more

The General Data Protection Regulation (‘GDPR’) does not directly regulate the data protection issues related to cloud computing. However, obligations and requirements imposed on data controllers and data processors significantly impact cloud computing customers and cloud providers. Massimo Maggiore, Partner at Maschietto Maggiore Besseghini Studio Legale, compares the Data Protection Directive (95/45/EC) (‘the Directive’) framework with the GDPR and highlights the critical aspects. / read more


About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives



Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
E-Law Alerts
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed

Twitter