This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 14 Issue: 8
(August 2017)


The Ministry of Electronics and Information Technology (‘MeitY’) announced, on 31 July 2017, that the Government of India had decided to constitute a panel of key figures and experts to identify and analyse critical data protection issues faced by India and recommend methods of addressing them (‘the Committee’), including by way of a draft data protection bill. The announcement arrives in the wake of arguments made during the ongoing constitutional case on whether privacy should be recognised as a fundamental right, currently being deliberated upon by an enlarged panel of the Supreme Court of India. / read more

The Federal Labour Court (‘Bundesarbeitsgericht’) issued, on 27 July 2017, its decision in an employment dispute regarding the termination of an employee's contract following data collected by his employer through keylogging software. In particular, the Bundesarbeitsgericht ruled that the use of keylogging software was unlawful under Section 32(1) of the Federal Data Protection Act 2003 (‘the Act’), given that the employer had no reason to believe that the employee had committed a criminal offence. / read more


You may not have noticed it, but despite all of the distractions caused by Brexit and the General Data Protection Regulation (Regulation (EU) 2016/679), the UK Information Commissioner’s Office (‘ICO’) has been extremely active on the enforcement front in recent times. One of the features of this activity has been the variety of infringements targeted and, in particular, the focus on e-mail marketing. More specifically, the ICO has taken enforcement action by way of monetary penalties against well-known consumer brands such as Flybe, Honda, Morrisons and Moneysupermarket, for practices that might not have been seen as so out of order in the past. However, given the current tough stance taken by the ICO in connection with direct marketing practices, it would not be surprising to see future enforcement actions in this area. / read more

The changes introduced by the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) have been a cause for concern for many countries and businesses. It is an even bigger cause for concern in Africa, as the continent has an array of standards of national data protection legislation while many African countries have no data protection legislation at all. Juliet Wangui Maina, Associate at Tripleoklaw Advocates LLP, discusses some of the issues facing African organisations and how they can ensure compliance with the GDPR. / read more

The Unique Identification Number (‘UID’), popularly known as an Aadhaar number, is a 12-digit number generated by the Unique Identification Authority of India (‘the UIDAI’) for residents of India. As the name suggests, the number is unique: that is to say no two residents of India will have the same Aadhaar number. At the same time no resident of India will have more than one Aadhaar number. The concept of an Aadhaar number was primarily introduced to reduce transaction costs and ensure that proving identity was not a constraint on moving from one place to another. In this article, Srishti Saxena, Assistant Legal Manager at the Goods and Services Tax Network, examines the various components of the Aadhaar framework. / read more

Among the obligations bearing on data controllers and data processors, Article 37 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) imposes the appointment of a data protection officer (‘DPO’) under specific circumstances. In all other cases, such designation is facultative, though encouraged by the Article 29 Working Party (‘WP29’) in its guidelines on DPOs. This role is at the heart of the accountability system preconised by the GDPR. Following the best practices formulated by the WP29, the Belgian Commission for the Protection of Privacy (‘CPP’) issued Recommendation No. 04/2017 of 24 May 2017 on the designation of a data protection officer in accordance with the GDPR in particular the admissibility of cumulating this role with other functions including that of security officer (CO-AR-2017-008) (‘the Recommendation’). In particular, the CPP tackles a question recurrently raised as to whether an individual can cumulate the role of DPO with another pre-existing role within an institution or a business and in particular, that of information security officer. Tanguy Van Overstraeten and Sophie Carton de Tournai, Global Head of Data Protection and Privacy and Associate respectively at Linklaters LLP, provide an overview of the Recommendation. / read more

With the growing incidence and complexity of cyber attacks around the world culminating in the recent WannaCry and Petya ransomware attacks, it is critically important for nations to strengthen their cybersecurity capabilities. Recently, Singapore ranked first in the United Nations International Telecommunication Union’s Global Cybersecurity Index, which measures the commitment of Member States to cybersecurity. The recognition holds testament to Singapore's recent drive for cyber resilience, best encapsulated by the Government’s commitment to a national cybersecurity strategy. On the legislative front, the Government released a proposed omnibus Cybersecurity Bill1 on 10 July 2017 and is seeking public feedback on it. In this article, Lim Ren Jun and Nigel Bay, Principal and Associate at Baker McKenzie Wong & Leow respectively, outline the existing cybersecurity legal regime in Singapore and identify the gaps in the law, before highlighting the key provisions of the Cybersecurity Bill and exploring how the impending Cybersecurity Act is likely to fill present lacunae. / read more

Annual reports issued by data protection authorities (‘DPAs’) offer valuable insights into DPAs’ activities and provide for important guidance for data protection professionals. On 4 July 2017, the Schleswig-Holstein State Commissioner for Data Protection (‘ULD’) published its annual report for the years 2015 and 20161 (‘the Report’). Holger Lutz and Tobias Born, Partner and Associate at Baker McKenzie respectively, discuss the significance of DPAs’ annual reports and express their takes on the most relevant aspects of the Report. / read more

The Information Commissioner’s Officer (‘ICO’) ruled, on 3 July 2017, that the Royal Free NHS Foundation Trust (‘the Trust’) had failed to comply with the Data Protection Act 1998 (‘DPA’) when it provided 1.6 million patient details to Google DeepMind as part of a trial diagnosis and detection system for acute kidney injury, and required the Trust to sign an undertaking. The investigation brings together some of the most potent and controversial issues in data privacy today; sensitive health information and its use by the public sector to develop solutions combined with innovative technology driven by a sophisticated global digital company. Victoria Hordern, Counsel at Hogan Lovells LLP, provides insight on the investigation into Google DeepMind with focus on how the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) may impact the use of patient data going forward. / read more

Earlier this year, Israel passed the Protection of Privacy (Information Security) Regulations 2017 (‘the Regulations’) which will come into effect on 8 May 2017. Data Protection Leader spoke with the Director of Strategic Alliances, at the Israeli Law, Information & Technology Authority (‘ILITA’), Limor Shmerling Magazanik, about the upcoming Regulations. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed