Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of … Continue Reading
Winston Maxwell
An Approach for Setting Administrative Fines Under the GDPR
Using artificial intelligence to fight hate speech
Hogan Lovells partner Winston Maxwell spoke at the executive roundtable on artificial intelligence and online hate speech, organised on January 31, 2019 by CERRE, the Centre on Regulation in Europe. The goal of the roundtable was to discuss what measures should be adopted to fight hate speech online and to look at the pros and cons of using machine-learning in … Continue Reading
EU: Are blockchain and data protection incompatible?
Since publishing the original version of our guide to blockchain and data protection in September 2017, there has been considerable further commentary from academics, politicians and practitioners, some of which suggested that there is inherent incompatibility of blockchain systems with EU data protection law.
This updated version of our guide puts forward our views on this question, offering a more … Continue Reading
Hogan Lovells publishes Demystifying the U.S. CLOUD Act
Hogan Lovells has published Demystifying the U.S. CLOUD Act, a detailed analysis of the impact of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) on non-U.S. businesses and individuals who use cloud storage solutions.
Demystifying the U.S. CLOUD Act was written by Hogan Lovells partners Winston Maxwell and Mark Brennan, and senior associate Arpan Sura.
The report … Continue Reading
The General Data Protection Regulation timidly opens the doors to data class actions in Europe
More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2.
Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering … Continue Reading
French initiatives: “class action” or “collective action” for personal data protection?
Both the French Council of State in its annual report for 2014 as well as the National Digital Council (hereinafter, “CNNum”) in its “Digital Ambition” report voiced support for the creation of an action enabling consumers to collectively seek redress for violations of regulations protecting personal data.
However, their recommendations are different regarding the goal of this action.
After some … Continue Reading
Four key lessons when facing data class actions in Europe
Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU.
Damages
In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that … Continue Reading
Getting to data nirvana – a user’s guide to data lakes and GDPR
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.
To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide.
The infrastructure phase
Here, the guide covers:
- Identify the entity that is
The starting point for a big data project: the privacy impact assessment
The era of big data is here. Although we are yet to see its full potential, the use of big data analytics is already proving invaluable to businesses and its applications have been found in numerous and diverse sectors.
However, the use of big data has also brought much controversy, particularly when it involves sensitive information, concerns children, minorities or … Continue Reading
Getting to data nirvana – regulatory silo-busting to optimize risk management
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.
Their task is not easy because the number of laws regulating the processing … Continue Reading
Getting to data nirvana – using the GDPR to create data value
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.
Their task is not easy because the number of laws regulating the processing … Continue Reading
Getting to data nirvana – understanding data value and ownership
“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.
The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.
Their task is not easy because the number of laws regulating the processing … Continue Reading
One day before the entry into force of the GDPR, the French bill is adopted… but referred to the French Constitutional Council (“Conseil Constitutionnel”)
The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on … Continue Reading
Straight Talks podcast: Data privacy and cybersecurity in the age of rolling smart devices
The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture.
Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar … Continue Reading
The Digital Single Market: Geoblocking regulation ready to be enacted!
The new provision on the banning of unjustified geoblocking in online sales is at the heart of the EU Commission’s aspiration and effort to create a real Digital Single Market within the European Union.
The term “geoblocking” stands for any type of technical or contractual discrimination based on the nationality or residence of a customer. It is a common phenomenon … Continue Reading
Hosts of health data: certified compliant!
The Decree No 2018-137 of 26 February 2018 on the hosting of personal health data has been published on 28 February 2018 in the Official Journal. The Decree defines notably the arrangements for implementing the procedure for certifying hosts of health data.
Context
The Decree has been adopted pursuant to Order No 2017-27 of 12 January 2017 on the hosting … Continue Reading
European Commission and Article 29 Working Party Urge Respect for International Law in Data Cases
Territoriality will continue to be one of the most vexing problems for data regulation in 2018. One aspect of this debate relates to whether a U.S. judge can compel the disclosure of personal data located in Europe without using international treaty mechanisms. This issue is currently being considered by the United States Supreme Court in the case United States v. … Continue Reading
Tomorrow’s landscape for digital business – The Digital Single Market becomes real!
| DSM – What is it about?
In 2018, we will see new EU legislation being widely implemented as part of the EU Commission’s Digital Single Market (DSM) Strategy. The amendments to the current legal framework are far reaching and will potentially be game changing. Some of the key areas to be affected will be: |
|
DSM Watch: Stakes high for IoT industry in European ePrivacy debate
Following the European Commission and European Parliament’s proposed versions of the EU Regulation on Privacy and Electronic Communications (the ePR), we are now waiting for the Council of the European Union to agree their position before discussions between the three bodies can begin. A discussion paper from the Bulgarian Presidency of the Council dated 11 January 2018 (the Paper… Continue Reading
TMT Horizons 2018
2018 will be another dramatic year for TMT. Our job is to help TMT businesses to chart a course through by bringing together the insights of over 800 lawyers who focus on the sector across six continents. That is why we have asked some of our top thinkers globally to provide a snapshot of their vision for the coming year. … Continue Reading
Should we regulate artificial intelligence?
Hogan Lovells partner Winston Maxwell spoke on October 12, 2017 at a conference on artificial intelligence organized by the French think tank “Le Club des Juristes”. What follows is an English version of his prepared remarks.
Artificial intelligence (“AI”) permits valuable new applications for society. Autonomous vehicles will increase safety and reduce pollution. Voice recognition could make computer keyboards obsolete. … Continue Reading
Hogan Lovells academic all-stars debate hot tech topics
On 17 March Hogan Lovells hosted a live webinar where several of our Global TMT thought leaders interviewed a panel of academic experts from our Law and Technology Academic Advisory Council on the key legal and tech trends for 2017, including regulation of artificial intelligence, competition law and big data, global privacy and copyright trends, and the future of broadband … Continue Reading
DSM webinar highlights tax, competition law, copyright, AVMS and data economy issues for 2017
In a February 7, 2017 webinar, the Hogan Lovells Digital Single Market (DSM) team presented its take on new developments for 2017. Peter Watts introduced the session by warning that the loss of the UK voice in EU policy making could lead to rules that are less sensitive to business needs. Marco Berliri commented on the challenges currently facing large … Continue Reading
DSM Watch: European Commission’s data package explores data ownership, localization, liability and portability, highlighting tensions with GDPR
On January 10, 2017, the European Commission released a Communication, a fact sheet, a working document and a public consultation relating to Europe’s “data economy”. The fact sheet states that “data is a new type of economic asset”, which is essential for innovation and growth. The Commission’s objective is to remove “unjustified restrictions” and “legal uncertainties” in order … Continue Reading