This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 13 Issue: 7
(July 2016)


The Bermuda Minister of Economic Development, Grant Gibbons, delivered, on 21 July 2016, a legislative brief for the Personal Information Protection Bill (‘the PIPA Bill’) (‘the Statement’), which was tabled in Parliament on 1 July 2016. Gibbons provided a detailed overview of the aims and content of the PIPA Bill, which seek to raise Bermuda’s standing in the privacy arena to obtain a finding of ‘adequacy’ from the EU and to provide individuals with greater control over the use of their personal information. / read more

Data Protection Law & Policy confirmed, on 18 July 2016, with Christopher Knight, Barrister at 11 King’s Bench Walk, that Google, Inc. had withdrawn its appeal to the UK Supreme Court in the case of Google v. Vidal-Hall. The Court of Appeal (‘the Court’) previously held that Section 13(2) of the Data Protection Act 1998 (‘DPA’), which provides that an individual who suffers distress by reason of any contravention by a data controller is entitled to compensation only if they suffer damage, was incompatible with Article 23 of the Data Protection Directive (95/46/EC) (‘the Directive’). In addition, the Court disapplied Section 13(2) of the DPA on the grounds that it conflicts with the rights guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights. / read more

The Nigerian Communications Commission’s (‘NCC’) Do Not Disturb Directive (‘the Directive’) entered into effect on 1 July 2016. Mobile network operators (‘MNOs’) are required by the Directive to operate a Do Not Disturb code (‘the Code’), which restricts both themselves and value added service providers (‘VASPs’) from sending unsolicited messages to their subscribers. Opting-in to the Do Not Disturb database is achieved by sending the shortcode ‘2442’. / read more

The National Institute of Access to Information and Data Protection ('INAI') confirmed, on 21 July 2016, that companies are responsible for the processing of personal data of their employees under the Federal Law on Protection of Personal Data Held by Private Parties 2010 ('the Law'). The INAI's announcement reflects the decision taken in a case where a company processing its employees' data sought to rely on the 'personal use' exemption under the Law ('the Case'). / read more

The Personal Information Protection Commission ('PPC') launched, on 2 August 2016, a consultation on the draft amendments to the Order for Enforcement of the Act on the Protection of Personal Information ('APPI') ('the Order') and the Ordinance for Enforcement of the Act on the Protection of Personal Information ('the Ordinance'). The consultation follows the promulgation of the APPI amendments on 9 September 2015, which will come into force two years after the day of promulgation. The specific date will be further specified by a cabinet order. / read more


Of the myriad of issues that one can possibly encounter in the data protection world, international data transfers will always be a controversial focus of attention. The main reason for this is that the limitations affecting what is otherwise at the core of our globally connected lives have consistently featured in European and other data protection laws for decades. So as technology evolves and the internet becomes ever more pervasive, overcoming legal barriers affecting dataflows gets higher and higher on the priority list. And since the legal framework is unlikely to change its direction of travel any time soon, it is a real business necessity to find a way of ensuring that our everyday dataflows are in compliance with the law. / read more

On 24 June 2016, the UK held a referendum regarding the country’s membership of the European Union, which resulted in the decision to leave (‘Brexit’). Cynthia O’Donoghue, Partner at Reed Smith, examines the potential consequences of Brexit on data protection, data transfers and cyber security. / read more

The Court of Justice of the European Union’s (‘CJEU’) Advocate General (‘AG’), Henrik Saugmandsgaard Øe, issued, on 2 June 2016, his opinion in Verein für Konsumenteninformation v. Amazon EU Sàrl (Case C-191/15) (‘the Opinion’). The Opinion affirms that Article 4(1)(a) of the Data Protection Directive (95/46/EC) (‘the Directive’) must be interpreted as meaning that the law of one single Member State (‘MS’) applies to data processing operations, and the MS’s applicable law should be determined looking at the controller’s establishment, in the sense clarified by the CJEU in Weltimmo s. r. o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság (C-230/14), i.e. any ‘real and effective activity’ exercised ‘through stable arrangements.’ / read more

There is a growing concern that governments across Asia are increasingly requiring certain data to be kept onshore or making it more difficult to transfer data across borders. In this article, Carolyn Bigg, Of Counsel at DLA Piper Hong Kong, examines whether this concern reflects an actual trend in the region or whether there still exists a free flow of data in Asia. / read more

In late 2009, Israel enacted a law to set up a nationwide biometric database (‘the Biometric Act’)1. This database is meant to prevent identity fraud and also be available for law enforcement and security agencies. The Biometric Act remains unprecedented in the democratic world and raises both privacy and information security concerns. Jonathan J. Klinger, an Israeli attorney specialising in technology, privacy and security law, discusses the steps that were taken to legislate for the biometric database (‘the Biometric Database’) and explains how information from the Biometric Database is shared with various law enforcement and security agencies. Klinger further explains the history of data breaches in Israel and why all the steps taken to secure the Biometric Database ‘are moot.’ / read more

On 25 March 2016, the Cyber Security Association of China (‘CSAC’), which is the first national non-profit organisation for cyber security in the country, was founded in Beijing. The CSAC has 257 founding members including major internet firms, cyber security enterprises, scientific research institutions and individuals in China. All members are domestic members. / read more

The National Council of Economic and Social Policy (‘CONPES’) approved, on 11 April 2016, the new National Digital Security Policy (‘the New Policy’). This has turned Colombia into the first Latin American country to fully incorporate the international recommendations and best practices on digital security recently issued by the Organisation for Economic Co-operation and Development (‘OECD’). Andrea Bonnet, Associate at Brigard & Urrutia Abogados, discusses Colombia’s evolution into a regional leader in digital security, its transition to a new cyber security strategy and the role that companies are expected to play in this context. / read more

On 2 June 2016, the Finnish Government Information Security Management Board (‘VAHTI’) published a report on the General Data Protection Regulation1 (‘GDPR’) to assist organisations preparing for the GDPR (‘the Report’)2. The Report addresses the new requirements under the GDPR and provides recommendations for the two-year transitional period. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed