This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 14 Issue: 1
(January 2017)


Legislative Decree No. 1353 which creates an authority on transparency and access to public information (‘the Access to Information Authority’) and amends several provisions of Law 29733 on Personal Data Protection 2011 (‘the Data Protection Law’) was published, on 7 January 2017, in the Official Gazette (‘the Decree’). Data Protection Leader confirmed with Erick Iriarte, Partner at Iriarte & Associates, on 10 January 2017, that the Peruvian data protection authority (‘ANPDP’) will work alongside the new Access to Information Authority, but will not become part of it as had previously been foreseen. / read more

The Federal Data Protection and Information Commissioner (‘FDPIC’) announced, on 11 January 2017, the establishment of the Swiss-US Privacy Shield, which is to replace the Safe Harbor agreement that was declared inadequate by the FDPIC and subsequently abolished by the Federal Council. In particular, the FDPIC welcomed the new framework and noted that the Privacy Shield would significantly improve commercial data flows between Switzerland and the US, reflected through the principles enshrined and the improved administrative and supervision powers. / read more


Compared to the General Data Protection Regulation (‘GDPR’), the proposed ePrivacy Regulation is an exercise in minimalism. With just 29 articles, it is somewhat dwarfed by the immensity of the forthcoming general EU data privacy framework. Yet its effect may be even greater than that of the GDPR itself. In some respects, such as being a pan-European regulation and the amount of the potential fines, it is as far reaching as its bigger sister. But it is the introduction of compulsory consent for many data gathering activities that will eventually make the new ePrivacy Regulation punch well above its weight. Sure, the proposal still needs to go through the full legislative process, but given the current state of affairs regarding technology and privacy, it is difficult not to see the current draft making it to the finish line pretty much unscathed. / read more

As 2016 drew to a close, the Investigatory Powers Act 2016 (‘the Act’) gained Royal Assent. The Act was intended to create clarity and certainty in the regulation of investigatory powers, including the use of surveillance. The provisions provoked significant debate over the balance of interests between the necessity of them for law enforcement and intelligence gathering and their impact on civil liberties. Dr. Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law at the University of East Anglia and member of Data Protection Leader’s Editorial Board, was one of the witnesses before the Joint Parliamentary Committee on the Investigatory Powers Bill. In this article, Bernal provides an overview of the recent history of surveillance law, an analysis of the key issues raised by the Act’s provisions and the uncertainties that lie ahead. / read more

2016 was an exceptionally eventful year on many fronts, including with respect to data protection and cyber security regulatory developments in the Asia-Pacific region. Mark Parsons and Louise Crawford, Partner and Foreign Legal Assistant respectively at Hogan Lovells’ Hong Kong Office, break down the key changes and challenges for multinationals operating in the region and provide particular insight into the developing regulation on cyber security, cross-border data transfers and trends in enforcement. / read more

The Moscow City Court, upheld, on 17 November 2016, a lower court’s decision to block access within Russia to LinkedIn Corp.’s website, after finding the website operator in breach of the requirement to store the personal data of Russian citizens in Russia. The LinkedIn case is the first example of a well-known international company being pursued for violation of data protection law in Russian courts by the Russian data protection regulator (‘Roskomnadzor’). Konstantin Bochkarev and Paulina Smykouskaya of PwC Legal outline why the case serves as a significant step in the enforcement of the Russian data protection regime. / read more

The boost of artificial intelligence (‘AI’) and robotics brings a host of data protection risks and implications. In 2015, the European Parliament Committee on Legal Affairs set up a working group for the development of civil law rules on robotics and artificial intelligence. In October 2016, the European Data Protection Supervisor (‘EDPS’) published a paper looking into the data protection aspects related to the deployment of such technologies. Marta Dunphy-Moriel of Fieldfisher LLP analyses the Paper and highlights the aspects companies should take into account when making use of AI. / read more

In accordance with the amended Act on the Protection of Personal Information (the ‘Act’) of September 2015, the Personal Information Protection Commission (‘PPC’) in Japan, as the new independent supervisory authority, promulgated the regulation for implementing the amended Act in October 2016 and interpreting guidelines in November 2016, regarding topics such as the anonymous processing of personal data. Kaori Ishii, Associate Professor at the Faculty of Library, Information and Media Science, at the University of Tsukuba, provides an analysis of some of the topics covered under the regulation and the guidelines, as well as some insights. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed