This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 9 Issue: 7
(July 2012)


UK Information The Commissioner's Office (ICO) published ≠ on 4 July 2012 ≠ its 2011 Annual Report outlining the civil monetary penalties (CMPs) it has imposed since 2010. / read more

The Swiss Federal Data Protection and Information Commissioner (FDPIC) has stated that the FATCA Model - agreed with the US Department of the Treasury on 21 June 2012 - raises a number of data protection concerns. / read more

The Article 29 Working Party (WP29) adopted - on 1 July 2012 - Opinion 05/2012 on Cloud Computing, clarifying the responsibilities of cloud clients and cloud providers, and detailing which standard provisions it would expect to see in a contract between clients and providers, among others. / read more


Cloud computing is not a fashion or a swanky new name given to technology outsourcing. Cloud computing is not a marketing plot to sell more internet connections and fibre optics. Cloud computing is not a twisted way of helping data hungry governments get their hands on corporate secrets. Cloud computing is in fact the most obvious business application of networked computing and essentially what the internet was created for in the first place. / read more

More than six years have passed since the Data Retention Directive1 (the Directive) was adopted and three years have passed since the Directive should have been fully transposed by the Member States. Over these years, the Directive itself and the national acts implementing it have been thoroughly discussed across Europe. From the debates as well as from the European Commission's evaluation report2 on the Directive and the European Data Protection Supervisor's Opinion3 on the evaluation report, it is obvious that there are issues that need be dealt with. Jim Runsten, Partner at Bird & Bird, examines a few of those issues. / read more

The Ontario Court of Appeal delivered - on 18 January 2012 - the judgment for Jones v Tsige (2010 ONCA 32), recognising invasion of privacy as an actionable tort in Ontario under the tort of 'intrusion upon seclusion', and awarding damages of $10,000 to the plaintiff even though he suffered no monetary loss. The judgment also set the out maximum damages for intrusion upon seclusion at $20,000. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada, reflects on this case and its implications for privacy. / read more

The Ministry of Industry and Information Technology (MIIT) of the People's Republic of China issued - on 1 June 2012 s - a draft Notice Regarding Strengthening the Management of Network Access for Mobile Smart Devices (Draft Notice). Under the Draft Notice, smartphones manufacturers would be required to ensure that pre-installed apps do not collect or alter users' personal information without express notice and user consent. Manuel E. Maisog, Partner at Hunton & Williams LLP in Beijing, explores the key provisions. / read more

The Ordinance on Electronic Communications introduced since 2011, a mandatory breach notification for electronic service providers to inform the French regulator (CNIL) without delay of a data breach. The Ordinance, which implements the provisions of the revised e-Privacy Directive, does not provide a breach materiality threshold and telecom operators must systematically inform the CNIL about every breach. In addition to notifying the CNIL, the electronic service provider must also inform potentially affected individuals without delay when a breach is likely to adversely affect their personal data or privacy. Furthermore, the European Network and Information Security Agency (ENISA) issued in 2011, a Report on breach notification, which reviewed the EU breach notification implementation under Article 4 of the e-Privacy Directive. ENISA found that the telecoms industry had a number of concerns about breach notification laws, in particular on the need for a materiality threshold. ENISA stated: 'In order to prevent "notification fatigue", breaches should be categorised according to specific risk levels.' In this article, Gabriel Voisin, Associate at Bird & Bird, examines the key elements of the French data breach notification requirements. / read more

The Information Commissioner's Office (ICO) published on 4 July, its 2011 Annual Report outlining, among other things, the civil monetary penalties (CMPs) it has imposed since the coming into force of its powers in 2010. Alex Bryant of Data Protection Law & Policy conducted this exclusive interview with David Smith, Deputy Information Commissioner, to find out about the regulator's enforcement strategy, future focus areas and the ICO's views on the proposed 2% global turnover fine as well as on custodial sentences. / read more

Data protection law in Singapore is long overdue. Singapore clearly wants to establish itself as a global (or at least regional) hub for IT and data management related services - a huge industry with many countries competing for a piece of the pie. To attract big names to relocate their data hosting to Singapore, it is important to implement data protection laws, which address any privacy concerns. If end-users do not have confidence that their data is being protected, there will be a negative impact on these businesses. This is a big issue in Europe, the US and other developed economies. Lim Chong Kin, Director, and Charmian Aw, Associate Director at Drew & Napier LLC, examine the proposed legislation, which has recently been put forward in Singapore. / read more

Navigating the rules governing the protection of personal data in the EU is a challenge, not least because of the substantially different approaches taken by individual Member States. For transatlantic corporations that export goods and/or services to or through the EU and are subject to US export control rules (which often have extra-territorial effect1), ensuring simultaneous compliance with both EU data protection and US export control rules can be a regulatory nightmare. Yves Melin, Senior Associate at Squire Sanders in Brussels, considers some of the challenges of operating a cross-border whistleblowing mechanism which complies with both US export control rules and EU data protection laws. Melin uses the example of Belgium to illustrate the practical issues involved in achieving dual compliance. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Canít find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed