This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 14 Issue: 5
(May 2017)


The Argentinian data protection authority (‘PDP’) published, on 17 May 2017, the second draft of its data protection amendment bill (‘the Second Draft’) following the consultation it held on a first draft in February 2017 (‘the Draft Bill’). The Second Draft is part of an ongoing process to modernise Law No. 25.326 on Personal Data Protection 2000 (‘the Law’). / read more

The Federal Council (‘Bundesrat’) adopted, on 12 May 2017, a draft bill for a new Federal Data Protection Act (‘the Bill’), in light of the entry into force of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), and following its adoption by the Parliament (‘Bundestag') towards the end of April. / read more


One of the most controversial and poorly understood aspects of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) is the concept of ‘profiling.’ Being a defined term, one would have thought that any room for confusion would be limited, but the level of misunderstanding about this concept is wide and far-reaching. The different legal treatment that profiling receives under the GDPR - depending on its effect - complicates things from the outset. Coupled with the general confusion surrounding the appropriate lawful ground for this type of data activity, as widespread as it is, profiling is bound to become a key focus of attention for regulators. So how can we make sense of all this? / read more

On 3 April 2017, President Trump signed into law a Congressional Joint Resolution (‘the Joint Resolution’) revoking broadband and voice privacy rules set forth in a November 2016 order1 (‘the Broadband Privacy Order’) by the Federal Communications Commission (‘FCC’). John Heitmann and Jennifer R. Wainwright, Chair and Associate in the Communications Practice Group at Kelley Drye & Warren LLP respectively, discuss what will be the actual impact of the repeal on the status quo with respect to both broadband internet access service (‘BIAS’) providers and traditional voice providers, as well as the effects it will have on privacy enforcement by other players, including the Federal Trade Commission (‘FTC’) and state attorneys general. / read more

Is it possible for innovation and privacy to operate in parallel, or are the two concepts at odds with each other? In this article, Hannah Mason, Senior Lawyer and Head of EU Privacy at Visa Europe, and Natasha Simmons and Alex Bryant, Senior Associates at PwC, aim to reconcile these seemingly polar concepts, and provide their recommendations on the risks organisations should first identify, in order to mitigate and manage through an appropriate, agile privacy programme and control framework. / read more

In April 2017, the International Association of Atheltics Federations (‘IAAF’) became the latest sporting body to be the subject of a suspected cyber attack, which affected the medical information of its athletes1. The Russian hacking group known as ‘Fancy Bear,’ said to be behind the attacks, subsequently released the medical information of athletes such as Bradley Wiggins, Serena Williams and dozens of other high-profile stars. This incident not only highlights the impact such breaches can have on affected individuals, bust also the severe implications for the organisations in question. Gary Rice, Hans Allnutt and Aidan Healy, Partners and Senior Associate respectively at DAC Beachcroft, consider the legal and practical issues that can arise in responding to cyber attacks and breaches, before considering the likely impact of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) on cyber risk. / read more

In April, Data Protection Leader spoke with Debra Farber, CEO and CPO at, a work-flow privacy automation platform for privacy consulting, and co-founder of Women in Security and Privacy, at the IAPP Global Privacy Summit in Washington, DC. Debra discusses how she started in privacy, how the role of the privacy professional has changed, as well as her thoughts on gender equality, privacy discovery and risk management. / read more

25 May 2018 is just around the corner, and with it comes the application of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). The GDPR brings onto the scene a set of novelties, which leave a series of questions still unanswered. One of the novelties are Data Protection Impact Assessments (‘DPIAs’), which have been made mandatory in some circumstances under the GDPR. Although many organisations have been performing these prior to the existence of the GDPR, its requirement will have a particularly large impact on data protection governance within companies and will raise a significant number of complex questions, as highlighted by the Article 29 Working Party’s (‘WP29’) recent focus on the matter. João Alfredo Afonso and Pedro Verde Pinho, Partner and Associate at Morais Leitão, Galvão Teles, Soares da Silva & Associados, examine the issues raised. / read more

On 13 February 2017, the Ukrainian National Security and Defence Council’s Resolution on the Threats to the State’s Cyber Security and Urgent Measures to Neutralise Them, entered into force on the basis of a decree of the Ukrainian President, No. 32-2017 (‘the Decree’). The Decree obliges the Cabinet of Ministers to develop, within three months, legislation on the detection, prevention and combatting of cyber attacks, and will also give law enforcement the power to require owners of critical infrastructure systems to record and store data relating to cyber attacks. Mariya Koval, Attorney at Law at Ilyashev and Partners, examines the Decree from the perspective of telecommunications operators, electronic information resource operators and owners of critical infrastructure objects. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed