Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of … Continue Reading
The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR). With the GDPR having come into force, the EDPB thus replaces the … Continue Reading
Territoriality will continue to be one of the most vexing problems for data regulation in 2018. One aspect of this debate relates to whether a U.S. judge can compel the disclosure of personal data located in Europe without using international treaty mechanisms. This issue is currently being considered by the United States Supreme Court in the case United States v. … Continue Reading
The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments (DPIA), the full text of which is available on the Working Party website. Comments can be submitted to the … Continue Reading
The UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year, but reading the guidance makes it clear why the ICO decided to prioritise it: many of the practices which it identifies as unacceptable are … Continue Reading
No one could accuse the EU Article 29 Working Party (WP29) of not delivering as promised. Following its recently held December plenary meeting, the WP29 has released three separate guidelines with their interpretation of some key aspects of the General Data Protection Regulation, namely:
- data portability,
- data protection officers (DPOs), and
- lead supervisory authorities.
At the same time, the WP29 … Continue Reading
There have been some pretty big claims about the potential of mHealth. One 2012 study predicted that in 2017 mHealth could potentially save a total of USD $99 billion in healthcare costs across the EU. The European Commission has also actively promoted the importance of mHealth following their 2014 consultation. One of the initiatives to emerge from the Commission has … Continue Reading
EDITOR’S NOTE: We are excited to present this entry in our new TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace. It also provides an opportunity to highlight contributions by TMT associates across our global offices and practice areas.
The February 29, 2016 announcement of the new … Continue Reading
Following the announcement by the European Commission of the newly agreed EU-US Privacy Shield, the missing piece of the jigsaw was the Article 29 Working Party’s stance on the adequacy of the existing mechanisms in place—in particular, standard contractual clauses and binding corporate rules (BCR). So after two days of intense discussions, the Working Party has issued a statement… Continue Reading
The EU General Data Protection Regulation (“GDPR”) has been called the most lobbied piece of legislation in the history of the EU. Before Christmas last year, what is likely to be the final text of the GDPR emerged from the EU trilogue negotiations. Victoria Hordern, Senior Associate at Hogan Lovells, explores what the new GDPR will mean for those collecting … Continue Reading
The EU’s Article 29 Working Party issued a statement on Friday on the recent Schrems decision invalidating the adequacy of the EU-U.S. Safe Harbor framework, emphasizing that affected businesses should start to put in place legal and technical solutions in a timely manner to meet EU data protection standards. The statement gave a January 2016 deadline for companies to come … Continue Reading
Thank you to everyone who participated in yesterday’s webinar “Safe Harbor Invalidated – What Next?”, in which we analyzed the implications of the decision by the Court of Justice of the European Union invalidating the EU-U.S. Safe Harbor Framework. In the webinar, we explored:
- What is the status of data transfers currently being legitimized by Safe Harbor?
- What alternative options
Following on from the Article 29 Working Party’s Opinion in June, the European Data Protection Supervisor (EDPS) has now published his own recommendations for the proposed General Data Protection Regulation (GDPR). Unsurprisingly, given that the EDPS is a member of the Working Party, the views expressed are in line with that Opinion. At this point you may be tempted to … Continue Reading
The mobile Health (mHealth) sector is rapidly developing and revolutionising the healthcare market. More and more consumers share information such as medical and physiological conditions, lifestyles, daily activity and geolocation via all kinds of health-related mobile applications and devices. The growing success of mHealth, however, inevitably casts a spotlight on compliance with … Continue Reading
Accountability has been described by the Article 29 Working Party as a way of “showing how responsibility is exercised and making this verifiable”.
Accountability is far from being a new concept. It was introduced back in 1980 in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
In 2010, … Continue Reading
On 9 March, the Council of the EU issued a partial general approach on a key chapter (Chapter II) of the EU Data Protection Regulation which has implications for the regulation of health data. The Council’s stance has been welcomed by a number of healthcare commentators as it promotes a more flexible approach to the use of health data and … Continue Reading