Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: General Data Protection Regulation

Posted in Data Protection & Privacy Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The … Continue Reading

Posted in Data Protection & Privacy Tim Wybitul

Interview with Jan Albrecht, Dr. Stefan Brink and Tim Wybitul on the New German Data Protection Bill

On 1 February 2017, the German federal cabinet adopted a draft data protection bill. The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation, which will come into force in 2018. The Chronicle of Data Protection’s summary of the most relevant aspects of the draft bill can be found here. We turn now … Continue Reading

Posted in Data Protection & Privacy

University Panthéon-Assas (Paris II) and Hogan Lovells Launch a Data Protection Officer Degree

On January 5, 2017 Paris Law School Panthéon-Assas launched its first university degree (diplôme d’université) aimed at training future Data Protection Officers (DPOs) under the new European General Data Protection Regulation (GDPR), which becomes effective across the EU on May 25th, 2018.  Created by Paris University Professor Bénédicte Fauvarque-Cosson and Hogan Lovells partner Winston Maxwell, the new program will include … Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity January 2017 Events

Please join us for our January 2017 Privacy and Cybersecurity Events.

January 11
Japan’s 2017 Data Privacy and Tech Agenda
Julie Brill and Harriet Pearson will host a presentation by two of Japan’s most senior officials and authorities on recent changes to Japan’s privacy law and the establishment of a new Personal Information Protection Commission (PPC). Yoshikazu Okamoto, Director of
Continue Reading
Posted in Data Protection & Privacy, Policy & Regulation Eduardo Ustaran

Triple GDPR Guidance Issued by Article 29 Working Party

No one could accuse the EU Article 29 Working Party (WP29) of not delivering as promised.  Following its recently held December plenary meeting, the WP29 has released three separate guidelines with their interpretation of some key aspects of the General Data Protection Regulation, namely:

  • data portability,
  • data protection officers (DPOs), and
  • lead supervisory authorities.

At the same time, the WP29 … Continue Reading

Posted in Data Protection & Privacy Conor Ward

The UK’s Cybersecurity Regulatory Landscape: An Overview

Have you visited our online client cybersecurity resource portal: Ready, Set, Respond? Designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to prepare for the inevitable cybersecurity incident and quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world, the portal is regularly updated … Continue Reading

Posted in Data Protection & Privacy

GDPR Implementation Guide Available

We are pleased to announce that Hogan Lovells Frankfurt-based Partner Tim Wybitul has published a handbook – EU-Datenschutz-Grundverordnung im Unternehmen: Praxisleitfaden – to assist organizations with compliance with the European General Data Protection Regulation (GDPR). Written in German, the handbook includes plain-language summaries of GDPR requirements as well as project-planning and other checklists and examples to aid companies in complying … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Data Protection in the Workplace

Relevance of employee data protection for enterprises 

Data privacy in an employment context remains a challenge for companies. On the one hand, employers have a strong interest in monitoring personnel conduct or performance. Few controllers are likely to have collected more personal data about an individual than their employer. On the other hand, employees have a reasonable expectation of privacy … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Enforcement and the Risk of Non-Compliance

One of the major purposes of the Regulation is to ensure a consistent application of data protection law throughout the EU, not only to provide a high level of data protection but also to guarantee legal certainty for businesses when handling personal data. This has presented legislators with one of their biggest challenges: how to maintain the existing network of … Continue Reading

Posted in Data Protection & Privacy Victoria Hordern

mHealth Code to Aid App Developers in the EU

There have been some pretty big claims about the potential of mHealth. One 2012 study predicted that in 2017 mHealth could potentially save a total of USD $99 billion in healthcare costs across the EU. The European Commission has also actively promoted the importance of mHealth following their 2014 consultation. One of the initiatives to emerge from the Commission has … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: International Data Transfers 2.0

The Data Protection Directive and the Regulation both impose restrictions on the transfer of personal data by EU based businesses (whether those businesses are data controllers or data processors) to destinations outside the EEA.

Recap on current framework

Transfers of personal data to a third country outside the EEA are allowed under the current Data Protection Directive only if one … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Data Processors’ New Obligations

What’s the deal?

The Regulation will have a significant impact on service providers/vendors (i.e. data “processors”) and organisations that engage them because:

  • The Regulation imposes a number of detailed obligations and restrictions directly on processors, unlike the current Directive that only applies to data controllers
  • A processor will be fully liable for the actions of any sub-processor that it uses
Continue Reading
Posted in Data Protection & Privacy

Future-Proofing Privacy: The New Accountability Regime

Background of the notion of accountability

Accountability has been described by the Article 29 Working Party as a way of “showing how responsibility is exercised and making this verifiable”.

Accountability is far from being a new concept. It was introduced back in 1980 in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

In 2010, … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Profiling Restrictions versus Big Data

A stricter regime for profiling

Profiling and big data analytics are set to play a pivotal role in the growth of the digital economy. From cookie-based tracking to people’s interaction through social media, the size and the degree of granularity of our digital footprints have created unprecedented opportunities for business development and service delivery. The scale of data collection, data … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data portability, the right to be forgotten, and certain rights in relation to profiling. In this chapter we look at each of these rights in turn and assess the likely practical … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Justifying Data Uses

Grounds for processing

Currently, under the Data Protection Directive, each instance of data processing requires a legal justification – a “ground for processing”. This fundamental feature of EU data protection law will remain unchanged under the Regulation. However, the bar for showing the existence of certain grounds for processing will be set higher. This is especially true with regards to … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: The Concept of Personal Data Revisited

Pseudonymisation enters the stage

Along with the concept of personal data, as opposed to anonymous data, the Regulation introduces a third category, that of pseudonymous data. Pseudonymous data is information that no longer allows the identification of an individual without additional information and is kept separate from it. Pseudonymisation, while granting higher data security, also enhances data utility. In exchange … Continue Reading

Posted in Data Protection & Privacy

Future-Proofing Privacy: Scope of the Application of the Law

What difference does a Regulation make?

Unlike EU ‘directives’, EU ‘regulations’ are by nature directly effective in EU Member States and so do not require further implementation into national laws. Previously, European data protection law was governed by the Data Protection Directive. It was the responsibility of Member States to implement the Data Protection Directive into their national law. When … Continue Reading

Posted in Data Protection & Privacy Julie BrillWinston Maxwell

A Brief Analysis of the European Parliament and the Article 29 Working Party’s Criticisms of Privacy Shield

Unveiled February 29, 2016, the new EU-U.S. Privacy Shield attempts to address the shortcomings of the Safe Harbor arrangement identified originally by the European Commission and later by the Court of Justice of the European Union (CJEU) in its Schrems decision.  The Privacy Shield proposes improved data protection principles, better enforcement by the US Department of Commerce and the Federal … Continue Reading

Posted in Data Protection & Privacy Victoria Hordern

The EU General Data Protection Regulation: A Brave New World for Processors

Significant changes are afoot for processors. With the text of the European Union General Data Protection Regulation (GDPR) now published, processors will need to begin to acclimatise to the new regime under the GDPR. Although the GDPR still places the lion’s share of compliance responsibilities on controllers, it also extends direct application of the law to processors and renders them … Continue Reading

Posted in Data Protection & Privacy Patrice Navarro

French National Assembly Votes to Align the CNIL’s Sanctioning Powers with the GDPR

While organizations in the EU will have to get used to the possibility of receiving fines of up to 4% of total worldwide annual turnover when the General Data Protection Regulation (GDPR) comes into force in roughly 2 years’ time, organizations in France should prepare for higher sanctions sooner.

A bill, passed by the French National Assembly on 26th January … Continue Reading

Posted in Data Protection & Privacy Victoria Hordern

The Final GDPR Text and What It Will Mean for Health Data

The EU General Data Protection Regulation (“GDPR”) has been called the most lobbied piece of legislation in the history of the EU. Before Christmas last year, what is likely to be the final text of the GDPR emerged from the EU trilogue negotiations. Victoria Hordern, Senior Associate at Hogan Lovells, explores what the new GDPR will mean for those collecting … Continue Reading