Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: data privacy

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation, Technology

A global approach to IoT cybersecurity?

The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by Design report published by the Government in March 2018 and after consultation with industry, consumer associations, and academics. The UK Code is voluntary but the UK Government was keen to work

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Christine Gateau

An Approach for Setting Administrative Fines Under the GDPR

Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of the global turnover – for violations relating to data protection principles, the legal basis for processing, information to data subjects, the prohibition of processing sensitive data, denial of data subjects’

Posted in Data Protection & Privacy Photo of Bret Cohen

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act.  As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). At first glance, it is clear that the drafters of the CCPA (and the ballot measure that spurred its passage) drew inspiration from the GDPR. However, the CCPA is not a carbon copy of the GDPR, and a GDPR compliance program

Posted in Data Protection & Privacy, Policy & Regulation Photo of Massimiliano MasnadaPhoto of Marco Berliri

GDPR Italian Implementing Decree Has Been Published

On 4 September, the Legislative Decree no. 101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. The approach of the legislator was to maintain the structure of former Legislative Decree 196/2003 (the “Privacy Code”) which, however, has been extensively amended and integrated, and now contains only some residual provisions in addition to those of the GDPR which are directly applicable. The Decree will enter into force on 19 September 2018. The Decree first of all integrates the provisions of the GDPR

Posted in Data Protection & Privacy Photo of Michelle Kisloff

Data class actions in the US

Over the past few years, there has been a surge in class actions challenging companies’ privacy and data security practices. But, while the number of class actions continues to grow, the suits face several significant challenges, have afforded limited relief to individual consumers, and have provided no coherent privacy standards in the US By comparison, the primary government regulator, the US Federal Trade Commission (FTC), has proven much more effective in enforcing privacy and data security practices. The first hurdle: the requirement of ‘standing’ or the need for an ‘injury

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Winston MaxwellPhoto of Eduardo Ustaran

The General Data Protection Regulation timidly opens the doors to data class actions in Europe

More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2. Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering into force in May 2016 and becoming directly applicable in all Member States on 25 May 20184. The GDPR targets the data controller or its processor and provides a set of standardised rules relating to

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Winston MaxwellPhoto of Christelle CoslinPhoto of Pauline Faron

French initiatives: “class action” or “collective action” for personal data protection?

Both the French Council of State in its annual report for 2014 as well as the National Digital Council (hereinafter, “CNNum”) in its “Digital Ambition” report voiced support for the creation of an action enabling consumers to collectively seek redress for violations of regulations protecting personal data. However, their recommendations are different regarding the goal of this action. After some hesitation and numerous debates, the collective action for data protection finally became a reality in November 2016 thanks to the adoption of the law on the modernisation of 21st century

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Winston MaxwellPhoto of Eduardo Ustaran

Four key lessons when facing data class actions in Europe

Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU. Damages In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that they suffered an ‘injury in fact’ that is concrete and actual or imminent. Does the US ‘injury in fact’ standard apply for data class actions in Europe? Under the GDPR,

Posted in Data Protection & Privacy Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – a user’s guide to data lakes and GDPR

A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together. To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide. The infrastructure phase Here, the guide covers: Identify the entity that is hosting the data lake. Implement an intragroup data processing agreement. Check data localisation rules. Data protection impact assessment. Data lake governance committee. The applications phase Specifically, we look at: Data lake service

Posted in Data Protection & Privacy Photo of Winston MaxwellPhoto of Sam Choi

The starting point for a big data project: the privacy impact assessment

The era of big data is here. Although we are yet to see its full potential, the use of big data analytics is already proving invaluable to businesses and its applications have been found in numerous and diverse sectors. However, the use of big data has also brought much controversy, particularly when it involves sensitive information, concerns children, minorities or other vulnerable people, or where the decision-making has a significant impact on individuals. As both public interest and regulatory scrutiny in artificial intelligence, machine learning and big data continues to build,

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – regulatory silo-busting to optimize risk management

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted in Data Protection & Privacy, Policy & Regulation Photo of Mark BrennanPhoto of Bret CohenPhoto of Harriet PearsonPhoto of Timothy Tobin

Webinar Invitation – California Consumer Privacy Act: What you need to know now

On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR).  Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them. Please join members of the Hogan Lovells global privacy team to arm yourself first-hand with insights about: What triggered the new law? What data is covered? What does the CCPA require,

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – using the GDPR to create data value

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted in Data Protection & Privacy, Policy & Regulation Photo of Winston MaxwellPhoto of Harriet PearsonPhoto of John SalmonPhoto of Eduardo Ustaran

Getting to data nirvana – understanding data value and ownership

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy. The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws. Their task is not easy because the number of laws regulating the processing of data – particularly personal data – are increasing multiplying worldwide. However, a focus solely on data compliance can prevent broader thinking about data strategy, and how legal and regulatory

Posted in Data Protection & Privacy, Policy & Regulation

New Webcast: Worried about the GDPR? Don’t panic!

If you’ve got any worries about the GDPR – Europe’s new data privacy regime – then we’re here to help with our recently recorded webcast, explaining why there’s no need to panic. It’s a great discussion, with our industry-leading panel looking offering lots of helpful tips and practical examples of how you can prepare for the GDPR, even after the 25th May deadline – and make sure you don’t fall foul of regulators. Watch it now by clicking here. *** Free access to our European Privacy Toolkit Hogan Lovells has

Posted in Data Protection & Privacy Photo of Christine GateauPhoto of Tim WybitulPhoto of Michelle Kisloff

Data Class Actions: the era of mass data litigation

Class actions are commonplace in the United States but relatively rare in Europe. The European Union wants to change that, by facilitating class actions for mass privacy and data breaches. With the development of big data, the scope and impact of potential data breaches or losses have indeed significantly increased. In the EU, the GDPR comes into effect. Due to its extraterritorial applicability, it will affect business globally. Every day, somewhere in the world, the media report that data for large numbers of individuals, often millions of people, have been breached. It

Posted in Cybersecurity, Data Protection & Privacy Photo of Timothy TobinPhoto of Winston Maxwell

Straight Talks podcast: Data privacy and cybersecurity in the age of rolling smart devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture. Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar scope, but now the need is to safeguard data against cyber attacks and privacy breaches. And once again, the automobile industry will feel the regulatory impact. Autonomous and connected vehicles

Posted in Data Protection & Privacy Photo of Mark Parsons

Asia Data Protection and Cyber Security Guide 2018

As global focus on data protection and cyber security law and regulation continues to increase, the Asia-Pacific region is increasingly an area of concern for global compliance programs. Much of the focus internationally has been on preparations for the May, 2018 implementation of the EU GDPR. However, the APAC region is also noteworthy for a number reasons, including China’s ongoing implementation of its Cyber Security Law, the stepping up of data protection laws in Japan and Australia and an overall trend towards stricter enforcement and greater public awareness of their

Posted in Data Protection & Privacy

WEBINAR: Worried about the GDPR? Don’t panic!

With the GDPR about to come into effect, join our experts for a live webinar on 23 May to learn what you should be focusing on now. The GDPR becomes applicable on 25 May and will affect organisations worldwide. It is a complex and strict law with dozens of obligations which will be fiercely enforced. Getting it right will be essential for business success in the digital economy. Register now to join our webinar. Our panel will discuss: What should you prioritise now? What are others doing to get it

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the combination of all of that, artificial intelligence is emerging as the new testing ground. 21st century artificial intelligence relies on machine learning, and machine learning relies on…? You guessed it:

Posted in Data Protection & Privacy

Why Companies in Mexico Should Reassess Their Compliance with Data Privacy Protocols—and Their Risk of a Data Breach

According to the Constitution of Mexico, the protection of personal data is a fundamental right of all Mexican citizens. Under federal law, individuals also have a right to access, change, oppose, or suppress their personal data. Although all private companies process data, some are not sufficiently familiar with Mexico’s data privacy principles and regulations, and many may not have an up-to-date assessment of their own risk of a data breach. In addition, they may not be aware that the Mexican Supreme Court’s recent shift in perspective regarding personal injury cases

Posted in Data Protection & Privacy Photo of Natalia GulyaevaPhoto of Maria SedykhPhoto of Bret Cohen

Russia Partially Releases 2018 Data Privacy Inspection Plans

Two weeks ago, certain territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2018 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including with Russia’s data localization requirement. The inspection plans contain a number of prominent multi-national and Russian companies. Within such inspections, Roskomnadzor assesses the compliance of the entity with Russian regulations on personal data (consents, policies, decrees, cross-border data transfers, data localization requirement, technical measures, etc.). Companies operating in Russia can check the inspection plans in their respective regions (Central, North-West,

Posted in Data Protection & Privacy Photo of Bret Cohen

U.S. Supreme Court Takes Microsoft Corp. v. United States in Law Enforcement Access Row

Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas.  Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies hold about citizens of the world.  And regulators in the EU and other jurisdictions may view a reversal of the Second Circuit decision as a negative factor when considering the protections the