Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: Data Protection

Posted in intellectual property, patents Jason Lohr

Webinar summary: Artificial Intelligence – Getting to grips with basics and legal implications

Jason Lohr (San Francisco) held the first in a series of internal webinars on the basics and legal implications of artificial intelligence (AI) and machine learning, highlighting their relevance to IPMT.

AI touches nearly every industry and is used to solve complex problems, spot and minimize risks, improve decision-making, and develop new products. Key issues and tips for navigating this … Continue Reading

Posted in intellectual property Keith O'Doherty

Innovation Lounge held in D.C. on 17 July

On 17 July 2019 we hosted our most recent Innovation Lounge at our Washington, D.C. office. The Innovation Lounge is an associate networking event series which focuses not only on IP-issues, but on healthcare, regulatory issues, and privacy issues.

Summer associates, in-house counsel, IP associates, and members of advocacy groups listened to a panel of C-level executives and directors from … Continue Reading

Posted in International/EU privacy Patrice Navarro

New French Guidelines on Cookies and Trackers

On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral … Continue Reading

Posted in International/EU privacy Joke Bodewits

Dutch DPA: Banks May Not Use Payment Data for Marketing Purposes

In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a letter to all Dutch banks urging them to thoroughly review their direct marketing practices. The DPA specifically asked any bank contemplating the use of … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation

Privacy and Cybersecurity KnowledgeShare event: Sept 19, London

Join us on Thursday 19 September for our Privacy and Cybersecurity KnowledgeShare in London. We’ll share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.

Topics will include:

  • Nailing the basics –
Continue Reading
Posted in International/EU privacy Katie McMullan

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.  The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Since the EU legislators shocked the internet world a decade ago … Continue Reading

Posted in Cybersecurity

Privacy and Cybersecurity July 2019 Events

Please join us for our July 2019 events.

July 4
Making Privacy Actionable
Eduardo Ustaran and Nicola Fulford are hosting the IAPP London KnowledgeNet which will discuss, “Making Privacy Actionable: Working with the Chief Data Officer.”
Location: London

July 5-8
Privacy at the Aspen Institute
Harriet Pearson will lead a seminar on “What is Privacy and How Do We Protect Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, intellectual property Andrew McGinty

China’s first Data Protection Measures lifting its veils

On May 28, 2019, the Cyberspace Administration of China released the draft Measures on the Administration of Data Security (“Data Security Measures“, see our in-house English translation here) for public consultation.

These Data Security Measures will be a great leap forward in China’s current data protection landscape, which mainly consists of scattered provisions contained in various pieces … Continue Reading

Posted in Cybersecurity, Internet, Policy & Regulation David Taylor

Analyzing the impact of the EU GDPR on access to WHOIS data, one year on

During the Annual INTA 2019 Meeting, a panel was held on the EU General Data Privacy Regulation (GDPR) and the temporary removal of data for the WHOIS directory. IPMT Partner David Taylor spoke on the following GDPR issues and their impact on global brand protection.

When the GDPR came into force back in 2018, the Internet Corporation for Assigned … Continue Reading

Posted in International/EU privacy

South Africa Data Protection Regulations Expected to Take Effect in 2019

Although South Africa’s first comprehensive piece of data protection legislation, the Protection of Personal Information Act (POPIA), was originally signed into law in November 2013, the substantive provisions of the law have not yet taken legal effect. That is likely to change since South Africa’s data protection authority, the Information Regulator, published the final draft of its POPIA regulationsContinue Reading

Posted in Consumer Privacy Mark BrennanJulian Flamant

CCPA Amendments Advance through California Assembly

A number of legislative proposals seeking to amend the California Consumer Privacy Act (CCPA) are moving forward following an April 23 hearing before the California Assembly’s Committee on Privacy and Consumer Protection in which the bills were approved. The bills will now advance to the Assembly’s Appropriations Committee before being voted on by the full Assembly and potentially advancing to … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy Eduardo Ustaran

The EDPB’s Narrow View of Contractual Necessity

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data. The Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (adopted on April 9, 2019 and open for consultation until May 24, … Continue Reading

Posted in Consumer Privacy, Data Protection & Privacy, Policy & Regulation, TMT2020 Mark BrennanSean Spivey

Commerce Secretary Ross to FCC: Overbroad TCPA Rules Could Have a “Devastating” Impact on Federal Agencies and the 2020 Census

As we head towards 2020, it’s time once again for the decennial U.S. national Census – one of the broadest data collections that the United States federal government undertakes to learn more about its citizens, recalibrate Congressional districts, allocate public funding, and deliver critical public services. But the government’s ability to conduct the upcoming Census is under threat from an … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, International/EU privacy, Policy & Regulation, privacy and security litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019?

2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the … Continue Reading

Posted in Advertising, Data Protection & Privacy, Digital Single Market (EU) Christelle Coslin

Hosting providers of websites are not as such data controllers and only incur limited liability, French Court of Appeal says

In a decision dated March 1st, 2019, the Paris Court of Appeal reminded that specific conditions must be met for hosting providers to be held liable in case of unlawful content. The French court also ruled that hosting providers are not data controllers per se and, as such, are not subject to obligations under the Data Protection Act.

In this … Continue Reading

Posted in Data Protection & Privacy, International/EU privacy Ewa KacperekWeronika Wolosiuk

First Fine Imposed by the Polish DPA Under the GDPR

The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR).

This is the first fine imposed by the Polish DPA under … Continue Reading

Posted in Data Protection & Privacy, Internet, Policy & Regulation

Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49

It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic (as we discuss here), and on 21 March the … Continue Reading

Posted in Data Protection & Privacy, intellectual property, Policy & Regulation, Technology

Consumer Horizons 2019 – IP in the mix

The Consumer industry is evolving at lightning speed, and the way consumer companies operate is shifting. From issues in supply chain to the digitalization of the consumer experience, companies are rapidly changing to keep up with consumer demands. Last year businesses in the consumer industry saw a wave of unprecedented disruption and transformation, and 2019 promises challenges of similar or … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Joke Bodewits

Dutch Data Protection Authority Sets GDPR Fines Structure

On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act).

The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Technology

A global approach to IoT cybersecurity?

The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Dr. Christian TinnefeldDr. Henrik Hanßen

GDPR Enforcement Update: Increasing Fines Expected from German DPAs | HL Chronicle of Data Protection

Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellChristine Gateau

An Approach for Setting Administrative Fines Under the GDPR

Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation, Technology Winston MaxwellJohn Salmon

EU: Are blockchain and data protection incompatible?

Since publishing the original version of our guide to blockchain and data protection in September 2017, there has been considerable further commentary from academics, politicians and practitioners, some of which suggested that there is inherent incompatibility of blockchain systems with EU data protection law.

This updated version of our guide puts forward our views on this question, offering a more … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation

Are You Ready for Brazil’s New Data Protection Law?

The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection … Continue Reading