Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Eduardo Ustaran

Posts by Eduardo Ustaran
Posted in Data Protection & Privacy Eduardo Ustaran

Who Will Get the First Big GDPR Fine and How to Avoid It?

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR. A link to the video of his presentation can be found here and a detailed report of the presentation is available here.… Continue Reading

Posted in Data Protection & Privacy Christine GateauWinston MaxwellEduardo Ustaran

The General Data Protection Regulation timidly opens the doors to data class actions in Europe

More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2.

Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering … Continue Reading

Posted in Data Protection & Privacy Christine GateauWinston MaxwellEduardo Ustaran

Four key lessons when facing data class actions in Europe

Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU.

Damages

In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that … Continue Reading

Posted in Data Protection & Privacy Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – a user’s guide to data lakes and GDPR

A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.

To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide.

The infrastructure phase

Here, the guide covers:

  • Identify the entity that is
Continue Reading
Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – regulatory silo-busting to optimize risk management

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Legitimising data globalisation remains a top … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Cookie Consent Is the New Panic

Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – using the GDPR to create data value

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – understanding data value and ownership

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The True Global Effect of the GDPR

“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

ICO Turns Spotlight on Data Broker Industry

Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

New Notice and Consent Rules under Proposed EU e-Privacy Regulation

The European Commission has released its proposal for a new EU e-Privacy Regulation that will replace the existing e-Privacy Directive.  The high level aim of the draft e-Privacy Regulation is to harmonise the specific privacy framework relating to electronic communications within the EU and ensure consistency with the GDPR. Compared to the existing Directive, the draft e-Privacy Regulation has broader … Continue Reading

Posted in Data Protection & Privacy Eduardo UstaranVictoria Hordern

The CJEU Gives the UK Government Another Brexit Dilemma

In yet another key case dealing with the balance between citizens’ privacy and the ability of the state to intrude into it, the Court of Justice of the European Union (CJEU) has ruled on the compatibility with European Union law of legislation that authorises the retention of communications data, which includes personal data. The reference from the UK Court of … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Eduardo UstaranSam Choi

Triple GDPR Guidance Issued by Article 29 Working Party

No one could accuse the EU Article 29 Working Party (WP29) of not delivering as promised.  Following its recently held December plenary meeting, the WP29 has released three separate guidelines with their interpretation of some key aspects of the General Data Protection Regulation, namely:

  • data portability,
  • data protection officers (DPOs), and
  • lead supervisory authorities.

At the same time, the WP29 … Continue Reading

Posted in Data Protection & Privacy Eduardo UstaranBret CohenKatherine Gasztonyi

Details of Legal Challenge to Privacy Shield Revealed

Ever since the first draft of the EU-US Privacy Shield framework was published in early 2016, groups opposed to the idea have indicated their intent to challenge the legality of the framework under EU law. Recently, the privacy advocacy group Digital Rights Ireland (DRI) made good on that promise.  Following the filing of a formal complaint on 15 September asking … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

EU-U.S. Umbrella Agreement Gets ‘Amber Light’ from Article 29 Working Party

The Article 29 Working Party issued a revealing statement about the so-called EU-U.S. Umbrella Agreement, which is aimed at creating a high-level data protection framework in the context of transatlantic cooperation on criminal law enforcement.

As a sign of support for the deal, the Working Party welcomes the initiative to set up a general data protection framework in relation to … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The Ever-Expanding Concept of Personal Data

The Court of Justice of the European Union (CJEU) has ruled that dynamic IP addresses are capable of constituting personal data under certain circumstances, ending years of speculation about whether such essential building blocks of the Internet qualified for protection under the EU Data Protection Directive.

In Patrick Breyer v Bundesrepublik Deutschland, the German Federal Court referred two questions … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Why the GDPR is Good News for Business

Not many people will remember this but in 2008, Richard Thomas, the former UK Information Commissioner caused a fairly dramatic stir in the privacy world – at least among policy makers and fellow regulators – by unashamedly proclaiming that European data protection law was outdated and ineffective to address the technological and privacy challenges of the 21st century. At first, … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

EU Data Transfers to the U.S.: Considering Your Options after Privacy Shield

With the recent approval of the EU-US Privacy Shield framework and the ability to start filing online registrations on 1 August, many companies have questions about the advantages and disadvantages of Privacy Shield as compared to other cross-border transfer mechanisms to cover trans-Atlantic data flows.

To answer your questions, we publish here International Data Transfers – Considering your options, … Continue Reading

Posted in Data Protection & Privacy Julie BrillBret CohenEduardo UstaranHarriet Pearson

Privacy Shield Receives Final Approval from European Commission—Some Initial Practical Advice

On 12 July 2016, the European Commission issued its much awaited “adequacy decision” concerning the Privacy Shield framework for the transfer of personal data from the EU to the U.S. This adequacy decision is based on the latest version of the Privacy Shield, which was further negotiated and revised following the Article 29 Working Party’s April 2016 concerns with … Continue Reading