Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Category Archives: Data Protection & Privacy

Posted in Data Protection & Privacy, Internet, Policy & Regulation, Technology Paul OttoElisabethann Wright

Internet of Things Webinar Recording: Medical Devices

In the third instalment of the 2018 Internet of Things Webinar (IoT) Series, Yarmela Pavlovic, Paul Otto, Elisabethann Wright, and Fabien Roy hosted an educational webinar focusing on the evolving world of connected medical devices.

Fabien described the regulatory framework applicable to digital health technologies regulated as medical devices in the EU. He explained the criteria which must be met … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – understanding data value and ownership

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation

New Webcast: Worried about the GDPR? Don’t panic!

If you’ve got any worries about the GDPR – Europe’s new data privacy regime – then we’re here to help with our recently recorded webcast, explaining why there’s no need to panic.

It’s a great discussion, with our industry-leading panel looking offering lots of helpful tips and practical examples of how you can prepare for the GDPR, even after the … Continue Reading

Posted in Data Protection & Privacy Tim Wybitul

GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation

The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR). With the GDPR having come into force, the EDPB thus replaces the … Continue Reading

Posted in Data Protection & Privacy Christine GateauTim WybitulMichelle Kisloff

Data Class Actions: the era of mass data litigation

Class actions are commonplace in the United States but relatively rare in Europe.

The European Union wants to change that, by facilitating class actions for mass privacy and data breaches.

With the development of big data, the scope and impact of potential data breaches or losses have indeed significantly increased. In the EU, the GDPR comes into effect. Due to … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellPatrice Navarro

One day before the entry into force of the GDPR, the French bill is adopted… but referred to the French Constitutional Council (“Conseil Constitutionnel”)

The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on Continue Reading

Posted in Data Protection & Privacy, Internet, Technology Christine Gateau

Following a cyber attack, IoT device manufacturers, data controllers, and sellers could face liability under the EU’s Product Liability Directive and the GDPR

Advancements in technology may provide consumers with a continuous stream of upgraded products, but they’re also proving that current security and privacy regulations fall short within the Internet of Things (IoT). New devices with unprecedented capabilities are challenging traditional beliefs about liability and consumer protections. In an environment of ever-changing regulations, how do device manufacturers reduce liability risks?

In this … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Timothy TobinWinston Maxwell

Straight Talks podcast: Data privacy and cybersecurity in the age of rolling smart devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture.

Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar Continue Reading

Posted in Data Protection & Privacy Mark Parsons

Asia Data Protection and Cyber Security Guide 2018

As global focus on data protection and cyber security law and regulation continues to increase, the Asia-Pacific region is increasingly an area of concern for global compliance programs.

Much of the focus internationally has been on preparations for the May, 2018 implementation of the EU GDPR. However, the APAC region is also noteworthy for a number reasons, including China’s ongoing … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The True Global Effect of the GDPR

“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy

SEC Issues New Interpretive Guidance on Cybersecurity Disclosures

On February 21, the Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The Commission’s release follows shorter cybersecurity “disclosure guidance” issued in 2011 by the staff of the SEC’s Division of Corporation Finance. The new guidance was prompted by the agency’s concern over the increase in the risks … Continue Reading

Posted in Data Protection & Privacy Winston MaxwellPatrice Navarro

Hosts of health data: certified compliant!

The Decree No 2018-137 of 26 February 2018 on the hosting of personal health data has been published on 28 February 2018 in the Official Journal.  The Decree defines notably the arrangements for implementing the procedure for certifying hosts of health data.

Context

The Decree has been adopted pursuant to Order No 2017-27 of 12 January 2017 on the hosting … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the … Continue Reading

Posted in Data Protection & Privacy Natalia GulyaevaMaria SedykhKatherine Gasztonyi

Russia: Main Takeaways from Roskomnadzor’s Open Doors Day

Recently, the Russian Data Privacy Authority (Roskomnadzor) organized an Open Doors Day in honor of the International Data Privacy Day. During the occasion, Roskomnadzor officers presented on the authority’s 2017 enforcement activities. They followed this presentation with an open question and answer period, during which they responded to numerous questions raised by attendees. We summarize the key takeaways below.

2017 Continue Reading

Posted in Data Protection & Privacy Winston Maxwell

European Commission and Article 29 Working Party Urge Respect for International Law in Data Cases

Territoriality will continue to be one of the most vexing problems for data regulation in 2018.  One aspect of this debate relates to whether a U.S. judge can compel the disclosure of personal data located in Europe without using international treaty mechanisms.  This issue is currently being considered by the United States Supreme Court in the case United States v. Continue Reading

Posted in Data Protection & Privacy, Internet, Policy & Regulation Christine GateauChristelle CoslinPauline Faron

First views from the CJEU on how to build a consumer collective action in the Schrems v Facebook Ireland case: The concept of “consumer” and lack of jurisdiction of the consumer’s home court over assigned claims

The famous case brought by Maximilian Schrems against Facebook Ireland in Austria, aimed to become an international and large data protection class action, led on 25 January 2018 to a ruling from the CJEU on two main points:
  • A consumer’s right to have a claim heard in his or her home court under European law does not extend so as
Continue Reading
Posted in Data Protection & Privacy

Aetna $17.2 Million Breach Settlement Brings Lessons for Handling Health Data

Aetna will pay almost $17.2 million to settle a federal class action lawsuit stemming from a 2017 mailing that disclosed the HIV status of health plan members. Aetna also agreed last week to pay a $1.15 million fine to the state of New York after the Attorney General Eric Schneiderman’s (NY AG) investigation into Aetna’s alleged violations of federal and … Continue Reading

Posted in Data Protection & Privacy, Technology Timothy TobinW. James Denvil

Navigating the Road Ahead: Auto Industry Stakeholders and Regulators Convene to Discuss Connected Vehicle Privacy

In the same week that the automotive industry gathers in Washington, D.C. for the 2018 Washington Auto Show, a cross-section of automotive stakeholders, government officials, and consumer and privacy advocates came together at Hogan Lovells’ Washington office to discuss privacy issues facing connected vehicles. The half-day conference, co-hosted by Hogan Lovells and the Future of Privacy Forum, convened on January … Continue Reading

Posted in Data Protection & Privacy Winston Maxwell

DSM Watch: Stakes high for IoT industry in European ePrivacy debate

Following the European Commission and European Parliament’s proposed versions of the EU Regulation on Privacy and Electronic Communications (the ePR), we are now waiting for the Council of the European Union to agree their position before discussions between the three bodies can begin. A discussion paper from the Bulgarian Presidency of the Council dated 11 January 2018 (the PaperContinue Reading