This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 14 Issue: 4
(April 2017)


The Article 29 Working Party (‘WP29’) adopted, on 5 April 2017, final guidelines on data portability, data protection officers (‘DPOs') and the identification of a data controller or processor’s lead authority under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) (‘the Guidelines’). The adoption of the Guidelines follows an extended period of consultation regarding draft versions of the same. / read more

The Department of Personal Data Protection (‘PDP’) opened, on 5 April 2017, a public consultation (‘the Consultation’) on the Personal Data Protection (Transfer of Personal Data to Places Outside Malaysia) Order 2017 (‘the Draft Order’), a ministerial order that, for the first time, provides a whitelist of countries deemed to maintain adequate standards of data protection by the Personal Data Protection Commissioner (‘the Commissioner’). / read more


The Article 29 Working Party adopted, on 5 April 2017, its final guidelines on data portability under the General Data Protection Regulation (Regulation (EU) 2016/679), amongst others. To coincide with the adoption, this month’s editorial features an extract from Eduardo’s book, ‘The Future of Privacy’ from 2013, on what data portability is, the context behind its development as a concept and its likely evolution. / read more

The National Privacy Commission (‘NPC’), formally established on 7 March 2016, has taken root designing, implementing and issuing its policies for the enforcement of the Data Privacy Act 2012. In this article, Data Protection Leader speaks with Commissioner Raymund Liboro regarding the aims, objectives and strategy of the NPC. / read more

South Africa’s Protection of Personal Information Act 2013 (‘POPI’) was signed into law on 26 November 2013 but has not yet entered into force, nor has a date for its enactment been set. The first step of implementation was taken in 2016 when the Information Commissioner and four other members were appointed. Rakhee Bhikha, Associate at Norton Rose Fulbright, looks at what progress has been made since then and what can be expected as the Information Regulator fully establishes itself. / read more

New Zealand’s Privacy Act 1993 (‘the Act’) provides a number of enforcement options to deal with information privacy breaches by organisations holding and using personal information (‘agencies’). Those powers have not changed significantly since the Act first received royal assent. In the meantime, the internet, social media and so on have been behind an astronomical increase in the scale and sensitivity of personal information collected and used. Allan Yeoman, Partner at Buddle Findlay, analyses the impact of the recently introduced naming policy in light of the proposed reforms to the Act. / read more

Smart televisions (‘TVs’) allow a whole new range of prospects with regard to users’ data collection, profiling and behavioural advertising. Kevin van ’t Klooster, Associate at Osborne Clarke, zooms in on regulatory enforcement actions taken against smart TVs manufacturers TP Vision Europe B.V. and Vizio, Inc. by the Dutch data protection authority (‘AP’) and the US Federal Trade Commission (‘FTC’) respectively, for failures to obtain users’ consent and provide them with adequate information. / read more

Canada’s securities regulators have conducted a wide-ranging review of the largest Canadian publicly listed companies’ practices regarding the disclosure of cybersecurity risks and incidents (‘the Review’). The Review, and accompanying report (‘the Report’), were recently published in a staff notice of the Canadian Securities Administrators (‘CSA’), the informal coalition of Canada’s provincial and territorial securities regulators. Ross McKee and Kristin Ali of Blake, Cassels & Graydon LLP, discuss the Review’s consideration of how cybersecurity issues have been, and should be, addressed in the context of risk factor disclosure. / read more

Nowadays, many jurisdictions’ general or sector-specific provisions require the storage of personal data in data centres physically located within the country. Burcu Tuzcu Ersin and Ülkü Solak, Partner and Counsel at Moroğlu Arseven respectively, provide a breakdown of the direct and indirect localisation requirements contained in Turkish sectoral legislation and explain the new data transfers restrictions which fall from the recently enacted Data Protection Law No. 6698 of 2016 (‘the Data Protection Law’). / read more

Although Russia has various computer emergency response teams (‘CERTs’), including one dedicated to the financial sector (‘FinCERT’), which work to prevent and detect threats to information systems, legislative attempts to provide security standards include a patchwork of relevant regulation (e.g. personal data protection requirements, rules on the security of critical infrastructure, and requirements for the protection of financial information). These legislative developments have aimed to increase the efficiency of security measures taken in respect of the most valuable information. Anton Braginets, Associate at Dentons, examines the changing landscape of information security regulation in Russia. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed