On 9 July 2019 the UK data protection authority (ICO) updated its Data Sharing Code of Practice (first published in 2011) (Code). On the same day, the ICO also announced its intention to fine Marriott International just over £99m for infringements of the General Data Protection Regulation (GDPR), highlighting the importance of due diligence in the context of data sharing.
The Code, made under section 121 of the UK’s Data Protection Act (DPA), is publicly available for consultation until 9 September 2019. Once finalised, the Code will become a statutory code of practice under the DPA. Non-compliance with the code will likely be considered non-compliance with data protection laws.
Scope of application and aim
Unlike in relation to the engagement of processors, which is subject to the prescriptive requirements under Article 28 GDPR, the GDPR remains silent about the sharing of personal data between organisations which are controllers (with the exception of the obligations that Article 26 GDPR sets out for joint controllership scenarios). Overall, the Code aims to provide practical guidance on how to share personal data between controllers (i.e. separate/joint controllers) in compliance with data protection law, and promotes good practice recommendations.
The Code mainly covers data sharing by private organisations subject to the GDPR and Part 2 of the DPA, but it also includes a specific section on data sharing under the Law Enforcement regime (Part 3 of the DPA).
Mobile phone applications are already tracking intimate health data, including our sleep habits, steps walked, body measurements, nutrition, and more. Apps draw this information from the devices many of us now religiously maintain along with our daily wardrobe. In this data-hungry age, doctors and health care providers can apply artificial intelligence (“AI”) to the data to help them provide patients personalized and immediate help. The mobile applications, wearable devices, and artificial intelligence use are here to stay. But how will the federal government push its regulatory frontiers to permit the use of such technologies?
To highlight the new federal efforts to accommodate these technologies, Hogan Lovells US LLP partners, Yarmela Pavlovic and Trey Hanbury, hosted a Health Care and the Internet of Things: New Regulatory Developments webinar on July 25, 2019.
German courts have been dealing with the Metall auf Metall [song by the German band Kraftwerk] case for two decades. Recently, the CJEU, too, has had to deal with the case and ruled by judgment of 29 July 2019 (C-476/17) that unless the phonogram producer consents, sampling constitutes an infringement of his rights. However, the CJEU argued, if, by modifying the sample, it can be ruled out that the content is recognizable, there is no infringement of rights.
The Plaintiffs are members of the band Kraftwerk, which, in 1977, released the album “Trans Europa Express”, which includes the title “Metall auf Metall”. The Defendants are the producers Moses Pelham, founder and managing director of the music label Pelham Power Productions (3P), and Martin Haas, who produced the album “Die neue S-Klasse” by rapper Sabrina Setlur, which was released in 1997. The album includes the track “Nur mir”, to which approximately two seconds of a rhythm sequence from Kraftwerk’s “Metall auf Metall” were added (“sampling”), but with the song’s speed reduced by 5% and played in a continuous loop (“loop”). The producers did not obtain prior consent to use this audio fragment, nor was a licence taken.
Tech, Data, Telecoms & Media, Mexico
In 2014 the previous administration announced its commitment to creating a national cybersecurity strategy. This strategy formed part of the National Development Plan 2013-2018, which also provided for the national digital strategy – an initiative aimed at fostering digitisation in Mexico through:
- a digital government;
- open data;
- digital inclusion;
- enhanced digital skills; and
- IT-based health, educational and financial services.
Click here for text in Russian/текст сообщения на русском языке
Russia is facing potential restrictions of foreign ownership in digital companies. This follows on similar restrictions over Russian mass media companies and online cinemas which took effect in 2016 and 2017, respectively. These proposed amendments coincide with the announcement of major e-commerce and foodtech JV deals in Russia with participation of Mail.ru, the owner of Russia’s top social network VKontakte (a JV with Alibaba, Megafon and the Russian Direct Investment Fund (RDIF) as well as a JV with Sberbank).
In particular, on 26 July 2019, Mr. Anton Gorelkin, member of the Russian Parliament, proposed a draft law introducing amendments to the Federal Law on Information, Information Technologies and Protection of Information (the “Draft Law“). The Draft Law provides for restrictions in relation to foreign shareholding in certain Internet / information resources in Russia. The scope of restrictions and consequences of incompliance are similar, although not identical to the above-mentioned rules on foreign control over mass media and online cinemas which led to a substantial modification of the media industry in Russia in 2015 – 2016.
The restrictions introduced by the Draft Law shall not apply automatically to all Internet / information resources, but only to those which have been recognised as “significant information resources” upon decision of the Governmental Commission.
According to the author of the Draft Law, the Draft Law primarily targets such Russian Internet giants as Yandex and Mail.ru, and potentially major Russian mobile operators, including MTS and Vimpelcom in the attempt to have Russian companies and individuals as ultimate beneficial owners of these assets. However, due to the vagueness of the criteria used in the Draft Law, the Russian Government shall have discretion to impose restrictions on any Russian or foreign marketplace or information resources. Leading players and platforms in this sector in Russia include Ozon.ru, Alibaba.com, Google and others.
We are delighted to welcome Samantha Brinkhuis to our IPMT practice today, 1 August. Based in Amsterdam, she joins us from De Brauw Blackstone Westbroek. With extensive experience in both contentious and non-contentious matters, Samantha primarily assists clients with trademark, copyright and unfair competition matters. Her practice also covers trade secrets, media and entertainment law, advertising law, IP transactions, licensing, IP strategy and enforcement.
Burkhart Goebel, Head of the IP practice at Hogan Lovells, said: “Samantha is a strong addition to our Intellectual Property, Media and Technology practice. Her reputation in the market is outstanding and her cross-sector experience is a great asset.”
Samantha Brinkhuis added: “I am excited to join Hogan Lovells, a law firm of global scale and prestige with a highly regarded IP team. I am committed to providing clients with the best possible solutions to the legal challenges they face.”
This news was announced in May on HL.com as well as in other publications in English (WIPR, IPPro) and Dutch (Advocatie, Boek9.nl, Ie-forum.nl). Samantha joining us follows our continuing expansion with the the additions of Simon Roberts and Jason Leonard joining our practice group in New York and four new lateral partners in our San Francisco and Boston offices – Krista Schwartz, Patrick Michael, Kristin Connarn, and Bob Underwood.
Please join us for our August events.
Cybersecurity Policies and Strategies Forum
Shee Shee Jin will discuss data analytics and data sharing on a panel covering “Big Data” and will present a session on “HIPAA Regulatory Trends” at the South Carolina Primary Health Care Association’s inaugural Cybersecurity Policies and Strategies Forum.
Location: Greenville, South Carolina
International Data Transfers
Eduardo Ustaran will speak on a DataGuidance webinar on international data transfers.
On July 4, 2019, the Cour de Cassation specified the criteria of the “must carry” obligation (diffusion of broadcasted public channels, governed by Article 34-2 of Law No. 86-1067 of September 30, 1986) and the regime of “framing” in the case of neighbouring rights of an audiovisual communication company. Framing is the division of a webpage into several frames to display elements from other Internet pages by means of an “in line linking” which conceals the elements’ original environment.
Playmédia was sentenced on appeal notably for author rights and neighbouring rights infringement, on the grounds that it broadcasted France Télévisions programs live, for free and without any subscription on its website. Playmédia was sentenced for doing so without authorization and proceeded to appeal before the Cour de cassation. Continue Reading
The National Cyber Security Centre (NCSC), an organisation of the UK Government that provides cybersecurity advice and support for the public and private sector, published an article earlier this year relating to a recent large-scale global DNS hijacking campaign. The article discusses the risks and solutions for protecting organisations against such attacks, whereby the Domain Name System (DNS) records of websites are changed and visitors are subsequently redirected to malicious websites.
In simple terms, the DNS is the service that helps internet users navigate to a domain name by correctly pointing the web browser to an IP address. DNS hijacking does not just impact internet traffic but also email and other kinds of connections to services on the hijacked domain name.
- According to a recent report by Avast, over the last year, a large number of Brazilian users have been targeted with router attacks. The report claims that the DNS settings of more than 180,000 Brazilian routers have been modified by attackers in the first six months of 2019.
- Earlier this month, Cisco Talos also published a report on recently noticed activities from Sea Turtle, a threat group that uses DNS hijacking techniques for cyber-espionage purposes.
The NCSC had first noticed the attempts by attackers to hijack DNS earlier in the year. At the time, the NCSC published an alert to warn organisations, and also revealed that the hijacking campaign had hit several government and commercial organisations worldwide. While most of the affected entities were located in the Middle East region, some organisations were also targeted in the US and Europe. Continue Reading
So far you have probably only heard of blockchain in connection with financial transactions and Bitcoins.
Well, that should change soon. Blockchain is the catch-all term for technology that permanently records transactions in a digital, tamper-proof database. Information is distributed across a network of computers rather than being controlled by a single entity, is updated automatically and is accessible to anyone in the network, but cannot be altered or deleted. So when a user enters information in the digital ledger, that entry becomes linked to every other entry, or “block,” and every other copy of the ledger is automatically synchronized via the internet. The interconnection among all the blocks in the “chain” makes the ledger unhackable, at least in theory, because a hacker trying to alter a single entry would have to alter every other link in the chain as well.
The distributed nature of blockchain also makes the supply chain more transparent, because every user can see the entire history of entries in the ledger. Contrary to earlier times, transparency concerning the origins of products became an advantage: Consumers are demanding it increasingly and businesses are using it as a selling point. A blockchain can be public or private, accessible to everyone or only to selected companies and individuals. Furthermore, as already mentioned, blockchain can be used to reduce payment costs. Using crypto currencies instead of money transfers between countries can save the company from high transfer costs. Blockchain also can be of use for inventory management and verification of companies’ claims e.g. regarding product origins or ethical standards. Continue Reading