Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: General Data Protection Regulation

Posted in Data Protection & Privacy

Hogan Lovells Launches GDPRnow App

Exactly one year before the EU General Data Protection Regulation (GDPR) becomes applicable, global law firm Hogan Lovells has launched GDPRnow, a mobile application that provides companies with assistance to identify practical steps to comply with the new framework.

Conceived entirely in-house by the firm’s Privacy and Cybersecurity team, GDPRnow is the first app ever aimed at … Continue Reading

Posted in Data Protection & Privacy Tim WybitulDr. Wolf-Tassilo Böhm

German Parliament Passes New Federal Data Protection Act

On 27 April 2017 the German Parliament passed an entirely new Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The new BDSG replaces the old BDSG, which has been in force for the last 40 years. The new BDSG shall adapt the German law to the provisions of the EU General Data Protection Regulation (GDPR). The new … Continue Reading

Posted in Data Protection & Privacy

Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments (DPIA), the full text of which is available on the Working Party website. Comments can be submitted to the … Continue Reading

Posted in Data Protection & Privacy

State of the Cyber Nation: UK Government Report on Cybersecurity Breaches

On 19 April 2017, the UK Government’s Department for Culture, Media and Sport (DCMS) published a report on cybersecurity breaches and how they affected UK companies in the last year. Headline statistics from the report include:

  • 61% of businesses hold personal data electronically;
  • 46% of all UK businesses identified at least one cybersecurity breach in the past year, rising to
Continue Reading
Posted in Data Protection & Privacy Mac Macmillan

UK ICO Requests Input for Guidance on GDPR Profiling Requirements

The UK ICO has published what it describes as a feedback request on profiling and automated decision-making, with the intention that responses will “help inform the UK’s contribution to the WP29 guidelines due to be published later this year.”

Given the growing importance of profiling to most businesses,  companies should consider whether they wish to contribute their views, particularly on … Continue Reading

Posted in Data Protection & Privacy Mac Macmillan

ICO Issues Fine for Marketing Emails Disguised as Service Messages

The Information Commissioner’s Office (ICO) has issued a £70,000 fine against Flybe and a £13,000 fine against Honda Motor Europe Ltd for breaching Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) by sending emails requesting individuals to update their marketing preferences. The two cases confirm that:

  • the interpretation by the ICO of what constitutes “marketing material” is very
Continue Reading
Posted in Data Protection & Privacy Mac Macmillan

UK ICO Publishes Guidance on Consent Under GDPR

The UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year, but reading the guidance makes it clear why the ICO decided to prioritise it: many of the practices which it identifies as unacceptable are … Continue Reading

Posted in Data Protection & Privacy Victoria Hordern

Health Company Fined by UK’s Information Commissioner Office

Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure.

In this instance, several data protection compliance issues were at stake – HCA had engaged a subcontractor based in India to process sensitive personal data without putting an agreement in … Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity March 2017 Events

Please join us for our March 2017 Privacy and Cybersecurity Events.

March 2
Privacy Women Showcase
Julie Brill will be speaking at a NY Bar Association event on “Careers in Privacy.”
Location: New York, New York

 

March 14
Connected Car Technologies and Trends
Tim Tobin will speak on “Protecting the Connected Car” at Automotive Megatrends’ Connected Car Detroit
Continue Reading
Posted in Data Protection & Privacy Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The … Continue Reading

Posted in Data Protection & Privacy Tim Wybitul

Interview with Jan Albrecht, Dr. Stefan Brink and Tim Wybitul on the New German Data Protection Bill

On 1 February 2017, the German federal cabinet adopted a draft data protection bill. The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation, which will come into force in 2018. The Chronicle of Data Protection’s summary of the most relevant aspects of the draft bill can be found here. We turn now … Continue Reading

Posted in Data Protection & Privacy

University Panthéon-Assas (Paris II) and Hogan Lovells Launch a Data Protection Officer Degree

On January 5, 2017 Paris Law School Panthéon-Assas launched its first university degree (diplôme d’université) aimed at training future Data Protection Officers (DPOs) under the new European General Data Protection Regulation (GDPR), which becomes effective across the EU on May 25th, 2018.  Created by Paris University Professor Bénédicte Fauvarque-Cosson and Hogan Lovells partner Winston Maxwell, the new program will include … Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity January 2017 Events

Please join us for our January 2017 Privacy and Cybersecurity Events.

January 11
Japan’s 2017 Data Privacy and Tech Agenda
Julie Brill and Harriet Pearson will host a presentation by two of Japan’s most senior officials and authorities on recent changes to Japan’s privacy law and the establishment of a new Personal Information Protection Commission (PPC). Yoshikazu Okamoto, Director of
Continue Reading
Posted in Data Protection & Privacy, Policy & Regulation Eduardo Ustaran

Triple GDPR Guidance Issued by Article 29 Working Party

No one could accuse the EU Article 29 Working Party (WP29) of not delivering as promised.  Following its recently held December plenary meeting, the WP29 has released three separate guidelines with their interpretation of some key aspects of the General Data Protection Regulation, namely:

  • data portability,
  • data protection officers (DPOs), and
  • lead supervisory authorities.

At the same time, the WP29 … Continue Reading

Posted in Data Protection & Privacy Conor Ward

The UK’s Cybersecurity Regulatory Landscape: An Overview

Have you visited our online client cybersecurity resource portal: Ready, Set, Respond? Designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to prepare for the inevitable cybersecurity incident and quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world, the portal is regularly updated … Continue Reading

Posted in Data Protection & Privacy

GDPR Implementation Guide Available

We are pleased to announce that Hogan Lovells Frankfurt-based Partner Tim Wybitul has published a handbook – EU-Datenschutz-Grundverordnung im Unternehmen: Praxisleitfaden – to assist organizations with compliance with the European General Data Protection Regulation (GDPR). Written in German, the handbook includes plain-language summaries of GDPR requirements as well as project-planning and other checklists and examples to aid companies in complying … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Data Protection in the Workplace

Relevance of employee data protection for enterprises 

Data privacy in an employment context remains a challenge for companies. On the one hand, employers have a strong interest in monitoring personnel conduct or performance. Few controllers are likely to have collected more personal data about an individual than their employer. On the other hand, employees have a reasonable expectation of privacy … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Enforcement and the Risk of Non-Compliance

One of the major purposes of the Regulation is to ensure a consistent application of data protection law throughout the EU, not only to provide a high level of data protection but also to guarantee legal certainty for businesses when handling personal data. This has presented legislators with one of their biggest challenges: how to maintain the existing network of … Continue Reading

Posted in Data Protection & Privacy Victoria Hordern

mHealth Code to Aid App Developers in the EU

There have been some pretty big claims about the potential of mHealth. One 2012 study predicted that in 2017 mHealth could potentially save a total of USD $99 billion in healthcare costs across the EU. The European Commission has also actively promoted the importance of mHealth following their 2014 consultation. One of the initiatives to emerge from the Commission has … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: International Data Transfers 2.0

The Data Protection Directive and the Regulation both impose restrictions on the transfer of personal data by EU based businesses (whether those businesses are data controllers or data processors) to destinations outside the EEA.

Recap on current framework

Transfers of personal data to a third country outside the EEA are allowed under the current Data Protection Directive only if one … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Data Processors’ New Obligations

What’s the deal?

The Regulation will have a significant impact on service providers/vendors (i.e. data “processors”) and organisations that engage them because:

  • The Regulation imposes a number of detailed obligations and restrictions directly on processors, unlike the current Directive that only applies to data controllers
  • A processor will be fully liable for the actions of any sub-processor that it uses
Continue Reading
Posted in Data Protection & Privacy

Future-Proofing Privacy: The New Accountability Regime

Background of the notion of accountability

Accountability has been described by the Article 29 Working Party as a way of “showing how responsibility is exercised and making this verifiable”.

Accountability is far from being a new concept. It was introduced back in 1980 in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

In 2010, … Continue Reading