This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 14 Issue: 3
(March 2017)


The Italian data protection authority (‘Garante’) announced, on 10 March 2017, that it had issued fines of over €11 million to five companies operating in the money transfer sector, namely Yume s.r.l., Marc 1 s.r.l., Sigue Global Service Limited, Sirama s.r.l., and Euro Communication System s.r.l. (‘the Companies’), for breaching the Personal Data Protection Code, Legislative Decree No. 196/2003 (‘the Privacy Code’). In particular, an investigation by the Financial Police found that Sigue Global Service, aided by the other four companies, collected and transferred to China the monetary sums of Chinese entrepreneurs in violation of anti-money laundering (‘AML’) and data protection legislation. The Companies fractioned the operations so that the transfers made were below the threshold specified by AML legislation and unlawfully used the personal data of over 1,000 unaware customers, making them appear as the senders of the payments. / read more

The Information Commissioner’s Office (‘ICO’) released, on 2 March 2017, guidance on consent under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) for public consultation (‘the Guidance’). According to the ICO, the Guidance will assist organisations in deciding when to rely on consent for data processing and when to look for alternatives. In addition, the ICO explained what constitutes valid consent, and how to obtain and manage consent in a way that complies with the GDPR through the provision of a checklist within the Guidance. / read more


As the dust settles following the European Commission’s (‘the Commission’) proposal for a new ePrivacy Regulation, a clear picture of the situation is emerging. The internet is starting to come to terms with the fact that a new layer of data privacy regulation is bound to be applied over and above the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). European institutions are beginning to consider their positions and we can expect a bit of a seesaw between the European Parliament (‘the Parliament’) and the Council of the European Union (‘the Council’). In the meantime, the different parties involved in the legislative process are sharpening their arguments for what promises to be a long and heated process. In a nutshell, the Brussels legislative machine is in full swing and cooking up what is meant to be one of its signature dishes for the early 21st century. / read more

An increasing number of businesses and individuals store their data on remote servers, known as ‘clouds.’ The cloud storage industry is evolving so rapidly that cloud service providers need more guidance from data protection authorities and the law to help them ensure compliance. Yoheved Novogroder-Shoshan, Partner at Yigal Arnon & Co., discusses some of the challenges facing cloud service providers and consumers in Israel in the absence of such guidance. / read more

On 13 February 2017 the Australian Federal Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Act 2017, inserting mandatory data breach notification requirements into the Privacy Act 1988 (‘the Privacy Act’). These provisions will replace the voluntary data breach notification guidelines as currently administered by the Office of the Australian Information Commissioner (‘OAIC’) and require entities subject to the Privacy Act to notify the OAIC and affected individuals, if the entity experiences a data breach of a kind covered by the Data Breaches Act. Peter Leonard, Partner at Gilbert + Tobin Lawyers, reviews the new requirements below. / read more

According to Rose Marie M. King-Dominguez, Partner at SyCip Salazar Hernandez & Gatmaitan, as a result of the average citizen in the Philippines reportedly spending about an hour and a half more on the internet than the average user on a global basis, its OOTD-sharing population has helped it earn the unofficial title of social media capital of the world. Personal data in the Philippines appears to be on a digital tap: free flowing and plentiful. Rose Marie examines the impact of the Philippines’ new privacy framework in such a world and the challenges it poses for the jurisdiction and for those operating within it. / read more

The Hungarian National Authority for Data Protection and Freedom of Information (‘NAIH’) recently issued new, comprehensive guidance on the general requirements of workplace data processing. The 41-page long guidance provides detailed insight on the NAIH’s approach to the most common employment-related data processing operations. Márton Domokos, Senior Counsel at CMS Cameron McKenna LLP, assesses the NAIH’s guidance in light of existing Hungarian and EU standards and provides recommendations for organisations to meet the NAIH’s recommendations. / read more

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) has expanded the data breach notification obligations for controllers, superseding the previous sectorial approach. Marta Dunphy-Moriel, Associate at Fieldfisher, discusses the challenges data breach notification will pose for data controllers under the GDPR, and highlights the key takeaways from the recent TalkTalk case in this regard. / read more

Companies around the world are working on prototypes for manned drones. The drive in this area symbolises the beginning of a major change in our society. Fabian Solis, Associate at Facio & Cañas, analyses the regulatory challenges they pose and the business opportunity they create. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed