Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Category Archives: Data Protection & Privacy

Posted in Data Protection & Privacy Harriet PearsonPaul Otto

The “Final Final” is Here: NYDFS Cybersecurity Regulations

As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On February 16, NYDFS issued its Final Rules, following the initial proposed rules published in September 2016 and two rounds of feedback via industry complaints and public comment. The Final Rules … Continue Reading

Posted in Data Protection & Privacy Jakub Baczuk

Polish DPA Releases Data Privacy Inspection Plans – Targets Health, Shopping

The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services and consumer sectors, with particular attention to certain profiling activities taking place in stores and shopping malls.

The health sector inspections will be directed at healthcare … Continue Reading

Posted in Data Protection & Privacy Mark Parsons

“Cybersecurity Review” Takes Shape in China

On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017.  The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The … Continue Reading

Posted in Data Protection & Privacy Natalia GulyaevaMaria SedykhBret Cohen

Russia Increases Fines for Violations of Data Protection Laws

On 7 February 2017, the Russian President signed into law a bill (link in Russian) introducing amendments to the Russian Code on Administrative Offences that increases the amount of the fines imposed for violating Russian data protection laws and differentiates the relevant offences’ types. The greatest increase raises maximum fines for certain violations from RUB 10,000 to 75,000 (approx. USD … Continue Reading

Posted in Data Protection & Privacy Tim Wybitul

Interview with Jan Albrecht, Dr. Stefan Brink and Tim Wybitul on the New German Data Protection Bill

On 1 February 2017, the German federal cabinet adopted a draft data protection bill. The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation, which will come into force in 2018. The Chronicle of Data Protection’s summary of the most relevant aspects of the draft bill can be found here. We turn now … Continue Reading

Posted in Data Protection & Privacy Harriet Pearson

Changes in Japan Privacy Law to Take Effect in Mid-2017; Key Regulator Provides Compliance Insights

Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to implement new domestic requirements and engage internationally on cross-border data transfers, APEC, new technologies, and more.

Hogan Lovells recently hosted some of Japan’s senior data privacy regulators and … Continue Reading

Posted in Data Protection & Privacy Julie BrillBret Cohen

Trump’s Executive Order Does Not Impact U.S. Privacy Shield Commitments

Last Wednesday, President Trump signed an immigration-related Executive Order (EO) titled “Enhancing Public Safety in the Interior of the United States” that, among other things, removed the ability of federal agencies to extend protections under the Privacy Act to anyone other than U.S. citizens or legal permanent residents. Some initial observers have suggested that this means that the … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Julie Brill

Strengthening international ties can support increased convergence of privacy regimes

The internet has become today’s global trade route, and personal data is one of its major currencies. The growth in the digital economy is impressive. One study found that economic activity taking place over the internet is growing at 10% per year within the G-20 group of nations. In the United States alone, one estimate found that companies exported nearly … Continue Reading

Posted in Data Protection & Privacy Harriet PearsonPaul Otto

NIST Updates Cybersecurity Framework Guidance

In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from cybersecurity events. The publication of these documents demonstrates NIST’s ongoing focus on providing substantive guidance to the private and public sectors alike on cybersecurity … Continue Reading

Posted in Data Protection & Privacy Natalia GulyaevaMaria SedykhBret Cohen

Russia Releases 2017 Data Privacy Inspection Plans; Microsoft Passes 2016 Inspection

At the end of 2016, territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2017 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including data localization. The inspection plans contain a number of prominent multi-national and Russian companies.

For instance, the inspection plan of Roskomnadzor’s territorial division for the Russian Central Region includes … Continue Reading

Posted in Data Protection & Privacy

University Panthéon-Assas (Paris II) and Hogan Lovells Launch a Data Protection Officer Degree

On January 5, 2017 Paris Law School Panthéon-Assas launched its first university degree (diplôme d’université) aimed at training future Data Protection Officers (DPOs) under the new European General Data Protection Regulation (GDPR), which becomes effective across the EU on May 25th, 2018.  Created by Paris University Professor Bénédicte Fauvarque-Cosson and Hogan Lovells partner Winston Maxwell, the new program will include … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

New Notice and Consent Rules under Proposed EU e-Privacy Regulation

The European Commission has released its proposal for a new EU e-Privacy Regulation that will replace the existing e-Privacy Directive.  The high level aim of the draft e-Privacy Regulation is to harmonise the specific privacy framework relating to electronic communications within the EU and ensure consistency with the GDPR. Compared to the existing Directive, the draft e-Privacy Regulation has broader … Continue Reading

Posted in Data Protection & Privacy

New York Department of Financial Services Cybersecurity Rules Revised and Delayed

The New York Department of Financial Services (NYDFS) just issued major revisions to the cybersecurity regulations for financial institutions that were due to come into effect on January 1, 2017. To allow covered institutions more time to implement the rules, the effective date will now be March 1, 2017, with a series of staggered implementation dates beyond this. There are … Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity January 2017 Events

Please join us for our January 2017 Privacy and Cybersecurity Events.

January 11
Japan’s 2017 Data Privacy and Tech Agenda
Julie Brill and Harriet Pearson will host a presentation by two of Japan’s most senior officials and authorities on recent changes to Japan’s privacy law and the establishment of a new Personal Information Protection Commission (PPC). Yoshikazu Okamoto, Director of
Continue Reading
Posted in Data Protection & Privacy Eduardo UstaranVictoria Hordern

The CJEU Gives the UK Government Another Brexit Dilemma

In yet another key case dealing with the balance between citizens’ privacy and the ability of the state to intrude into it, the Court of Justice of the European Union (CJEU) has ruled on the compatibility with European Union law of legislation that authorises the retention of communications data, which includes personal data. The reference from the UK Court of … Continue Reading

Posted in Data Protection & Privacy, Technology Timothy TobinWinston Maxwell

European Commission Outlines Data Sharing Strategy for Connected Vehicles

Connected vehicles today are rolling computers able to exchange information wirelessly with manufacturers, other vehicles, and third party service providers to significantly improve safety, efficiency, and comfort for drivers.  Many entities are interested in the data these connected vehicles generate and transmit.  These entities include dealers and repair shops, vehicle fleet service providers, end-users, infrastructure operators, diagnostics providers, researchers, financial … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Eduardo Ustaran

Triple GDPR Guidance Issued by Article 29 Working Party

No one could accuse the EU Article 29 Working Party (WP29) of not delivering as promised.  Following its recently held December plenary meeting, the WP29 has released three separate guidelines with their interpretation of some key aspects of the General Data Protection Regulation, namely:

  • data portability,
  • data protection officers (DPOs), and
  • lead supervisory authorities.

At the same time, the WP29 … Continue Reading

Posted in Data Protection & Privacy Conor Ward

The UK’s Cybersecurity Regulatory Landscape: An Overview

Have you visited our online client cybersecurity resource portal: Ready, Set, Respond? Designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to prepare for the inevitable cybersecurity incident and quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world, the portal is regularly updated … Continue Reading

Posted in Data Protection & Privacy Harriet PearsonPaul Otto

US Agencies Release Guidance for Securing the Internet of Things

The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about … Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity December 2016 Events

December 5
TCPA and ESIGN
Mark Brennan will give a presentation on TCPA and ESIGN issues at EUCI’s Customer Communications Conference.
Location: New Orleans, Louisiana

 

December 6
Privacy Landscape in 2016
Eduardo Ustaran will be providing a privacy round-up of 2016 at the Data Protection Forum.
Location: London, England

 

December 7
Data: Friend or Foe?
Harriet
Continue Reading
Posted in Data Protection & Privacy Logan BreedTimothy TobinMeghan Edwards Ford Rissmiller

FTC Issues Sharing Economy Report

In June 2015, the Federal Trade Commission (FTC) held a workshop on The “Sharing” Economy: Issues Facing Platforms, Participants, and Regulators. The Commission also solicited public comments on the topic, receiving more than 2,000 comments in response. On 17 November, the Commission issued a report summarizing the issues explored in the workshop and the public comments. The report emphasized … Continue Reading

Posted in Data Protection & Privacy

GDPR Implementation Guide Available

We are pleased to announce that Hogan Lovells Frankfurt-based Partner Tim Wybitul has published a handbook – EU-Datenschutz-Grundverordnung im Unternehmen: Praxisleitfaden – to assist organizations with compliance with the European General Data Protection Regulation (GDPR). Written in German, the handbook includes plain-language summaries of GDPR requirements as well as project-planning and other checklists and examples to aid companies in complying … Continue Reading