This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 13 Issue: 9
(September 2016)


The Advocate General (‘AG’) of the Court of Justice of the European Union (‘CJEU’), Yves Bot, issued, on 8 September 2016, his opinion (‘the Opinion’) in Camera di Commercio, Industria, Artigianato e Agricultura di Lecce v. Salvatore Manni (C-398/15), in relation to a preliminary question referred by the Italian Court of Cassation (‘the Court’) to the CJEU, regarding the correct interpretation and coordination of the provisions of Company Law Directive (68/151/EEC) (Articles 2(1)(d)(j) and 3) with the Data Protection Directive (95/46/EC) and the Charter of Fundamental Rights of the European Union. The Court queried whether personal data recorded in the Company Register can, after a period of time and upon request, be deleted, made anonymous, blocked or made available only to certain third parties who have a legitimate interest in / read more

The Council of Europe (‘CoE’) announced, on 25 August 2016, that Senegal has acceded to the Convention for the protection of individuals with regard to the Automatic Processing of Personal Data (‘Convention 108’). Convention 108 is the only international legally binding instrument which seeks to protect personal data rights and is open for accession by any country. / read more

The National Authority of Transparency and Access to Information (‘ANTAI’) published, on 2 September 2016, an updated version of the Draft Data Protection Bill (‘the Bill’) following a public consultation, which began in July 2016. / read more

The Düsseldorf Circle, a committee of German data protection authorities ('DPAs'), adopted, on 13 September 2016, a resolution regarding the preservation of the validity of consent under the General Data Protection Regulation ('GDPR'). / read more


Not many people will remember this but in 2008, Richard Thomas, the former UK Information Commissioner caused a fairly dramatic stir in the privacy world - at least among policy makers and fellow regulators - by unashamedly proclaiming that European data protection law was outdated and ineffective to address the technological and privacy challenges of the 21st century. At first, this was regarded by some as an embarrassing admission that could not possibly be right. But only two years later, the European Commission started a process of wholesale legislative reform that culminated with the adoption of the EU General Data Protection Regulation (‘GDPR’) in April 2016. We all know by now that the GDPR is the result of many political and regulatory compromises caused by the precarious balance created by the various forces at play - the unstoppable development of technology, the increasing value of data, the urgent need to protect people’s digital lives, and the prosperity of Europe and the rest of the world. / read more

The Cyberspace Administration of China (‘CAC’) recently issued the Administrative Rule on Information Services Concerning Mobile Internet Applications (‘the App Rule’), which became effective on 1 August 2016, and which highlights the intention of the Government to strengthen its control over the operations of app and mobile-related business. Xun Yang, Of Counsel at Simmons & Simmons, analyses the application and scope of the App Rule and provides insight into its potential impact. / read more

The Directive on Security of Network and Information Systems (‘the NIS Directive’) was adopted and entered into force in August 2016. Once implemented into national laws, it will impose a number of new obligations on operators of essential services and digital service providers to take appropriate and proportionate technical and organisational measures to manage cyber security risks. Francoise Gilbert, Partner at Greenberg Traurig LLP, provides an overview of the salient points of the NIS Directive. / read more

When the Court of Justice of the European Union (‘CJEU’) established the right to be forgotten (‘RTBF’) for EU citizens on 13 May 2014, it launched a worldwide debate regarding the appropriate balance between a person’s right to privacy and the public’s right to safety in the digital age. While the RTBF debate has largely been concentrated in the EU and the US, Asia is establishing its own appropriate balance. Greg Kovacic, Founder of Digital Trust Asia, an organisation aimed at building ‘an internet of trust’ by partnering with other organisations in the public and private sector, analyses the latest developments in this opinion piece. / read more

The Saudi Arabia Communications and Information Technology Commission (‘CITC’) launched, on 24 July 2016, a Public Consultation Document on the Proposed Regulation for Cloud Computing’ (‘PRCC’). Anas Akel, Kelly Tymburksi and Matthew Kirkham, Partners and Associate respectively at Dentons, discuss the wider policy context driving this regulatory development and reviews the specific data transfer and data breach provisions included in the PRCC, which appear to be the first of its kind for cloud services in the Middle East. / read more

The Personal Data Protection Agency of Bosnia and Herzegovina (‘AZLP’) recently issued its opinion regarding the practice of sharing lists of shareholders which contain personal data. Anisa Tomić, Attorney at Law at Marić & Co, explains the privacy implications surrounding the disclosure of shareholder lists under the Law on Personal Data Protection of Bosnia and Herzegovina 2006 (‘the Data Protection Law’), taking into consideration the respective provisions of the Law on Business Companies of Federation of Bosnia and Herzegovina 2015 (‘the Company Law’). / read more

In April 2015, Ghana’s data protection commission began registering data controllers (‘the Commission’). It has now registered over 500 controllers and recently announced that it has commenced prosecutions against data controllers who have failed to register. Data Protection Law and Policy spoke with Teki Akuetteh Falconer, Executive Director of the Commission, about its development and future plans. / read more

On 7 July 2016 the Russian President signed Federal Law No. 374-FZ “On Amendments to Federal Law ‘On Counteracting Terrorism’ and to Separate Legislative Acts of the Russian Federation with regards to Establishing Additional Measures on Counteracting Terrorism and Ensuring Public Security’ (‘the Anti-Terrorism Law’ or ‘Yarovaya Law’). The Anti-Terrorism Law entered into force on 20 July 2016 except for certain limited requirements entering into force on 1 July 2018. Natalia Gulyaeva and Maria Sedykh, Partner and Associate respectively at Hogan Lovells LLP, examine the new storage requirements for communications operators (‘Telecom Operators’) and organisers of dissemination of information on the internet (‘Internet Operators’). / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed