Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: Data Protection

Posted in M&A, Technology Photo of Mark ParsonsPhoto of Tommy Liu

How to navigate data protection and cybersecurity issues in M&As in Asia-Pacific

In recent years, the Asia-Pacific (APAC) region has been a core hub of merger and acquisition (M&A) activity, emerging relatively unscathed from the COVID-19 pandemic which has otherwise taken a toll on investment activity in 2020. Despite global economic headwinds and growing geopolitical uncertainties, signs of recovery in APAC deal-making have begun to merge as ambitious investors in the region look for both shelter and new opportunities in a time of unprecedented challenges. As we move at a breakneck pace into the digital era, data becomes more of a critical

Posted in Policy & Regulation

Hogan Lovells Launches Global Privacy Guide to Support Businesses with COVID-19 Exit Plans

As the world focuses its efforts on the right strategy to beat the coronavirus and make normal life safe again, businesses are devising and implementing a variety of measures to deal with the COVID-19 crisis which rely on the collection, use and dissemination of personal data. To assist with this challenge and ensure that privacy and cybersecurity aspects are appropriately addressed, Hogan Lovells has released a detailed guide providing legal analysis and practical recommendations.  The guide has been prepared by a team spanning its 45 offices around the world and

Posted in Data Protection & Privacy Photo of Eduardo UstaranPhoto of Lilly Taranto

Making COVID-19 Apps Data Protection Compliant

The role of COVID-19 contact tracing apps in the exit strategy of the current lockdown that is gripping much of the world is increasingly becoming a focus of attention. While that role is being hotly debated, it is very likely that those apps in combination with other measures will be deployed across many countries. Until now and despite the calls by influential bodies such as the European Data Protection Supervisor for a coordinated approach to the development of single COVID-19 mobile app involving the World Health Organization, different countries have

Posted in Internet Photo of Michelle KisloffPhoto of Paul OttoPhoto of Adam Cooke

COVID-19 and IT Service Provider Contracts: A Checklist for Force Majeure Events

The COVID-19, and the various restrictions that have been implemented in response to it, are causing extraordinary business disruptions. Many organizations have had to modify their operational controls and accommodate a shift to remote working (among other adjustments). One key impact of COVID-19 involves an organization’s relationships with its IT service providers, which often play important roles in securing their data and systems. Under current conditions, some service providers may face challenges in performing this work, especially for engagements that require significant personnel resources or that require personnel to be

Posted in Data Protection & Privacy Photo of Katie McMullanPhoto of Eduardo Ustaran

Getting Customer Communications Right in Times of Coronavirus

Across the world, large retail stores and small businesses alike are shutting their doors. International flights and sporting events, conferences and concerts (and everything in between) are being cancelled. With all of the cancellations, postponements, and alternative arrangements that are required as a result of this global crisis, plus the special desire of all retail, travel, and other consumer-facing businesses to stay in touch with their customers, many organisations face the critical challenge of getting to grips with the legal rules that apply to those unsolicited communications and interactions. Privacy

Posted in Data Protection & Privacy, Internet, Policy & Regulation Photo of Ewa KacperekPhoto of Weronika Wolosiuk

A summary of polish legislation and of the guidelines of authorities concerning covid-19 in the context of data protection

To meet your questions and concerns related to maintaining the principles of personal data protection in the face of the global COVID-19 pandemic, we have prepared a short guide to the key legal regulations and guidelines of authorities that you should keep in mind not only when conducting business and professional activity but also in everyday life. 1.         COVID-19 Act Decisions, orders, recommendations and guidelines addressed to legal entities and entrepreneurs The Act of 2 March 2020 on special solutions related to the prevention, counteracting and combating of COVID-19, other

Posted in Policy & Regulation Photo of Eduardo Ustaran

Getting Cookie Consent Right

One could be forgiven for thinking that knowing how to comply with a legal obligation that has been in place for nearly a decade would be clear cut. However, widespread practice tells us that this is far from the truth. In November 2009, as part of wider reforms to the European telecommunications regulatory framework, the European Union introduced various amendments to the existing Directive 2002/58/EC (‘e-Privacy Directive’), including to the provisions regulating the use of cookies. Since then the e-Privacy Directive has required obtaining the consent of users in order

Posted in Intellectual Property, patents Photo of Jason Lohr

Webinar summary: Artificial Intelligence – Getting to grips with basics and legal implications

Jason Lohr (San Francisco) held the first in a series of internal webinars on the basics and legal implications of artificial intelligence (AI) and machine learning, highlighting their relevance to IPMT. AI touches nearly every industry and is used to solve complex problems, spot and minimize risks, improve decision-making, and develop new products. Key issues and tips for navigating this complex area were covered, including: The current state of AI and key concepts: As AI is still relatively new, the best way to develop a better understanding is to become familiar with

Posted in Intellectual Property Photo of Keith O'Doherty

Innovation Lounge held in D.C. on 17 July

On 17 July 2019 we hosted our most recent Innovation Lounge at our Washington, D.C. office. The Innovation Lounge is an associate networking event series which focuses not only on IP-issues, but on healthcare, regulatory issues, and privacy issues. Summer associates, in-house counsel, IP associates, and members of advocacy groups listened to a panel of C-level executives and directors from Appian, Genesys, Results Redefined, and Frontpoint address concerns over data privacy, the balance of innovation and regulation, the changing face of healthcare, and how in the not-so distant future, anyone could

Posted in Policy & Regulation Photo of Patrice Navarro

New French Guidelines on Cookies and Trackers

On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral recommendations setting out practical methods for obtaining consent. These sectoral recommendations will be included in a final version of the guidelines on cookies and trackers open for public consultation, which

Posted in Policy & Regulation Photo of Joke Bodewits

Dutch DPA: Banks May Not Use Payment Data for Marketing Purposes

In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a letter to all Dutch banks urging them to thoroughly review their direct marketing practices. The DPA specifically asked any bank contemplating the use of transaction data for direct marketing to reconsider. In its analysis, the DPA may have introduced a very onerous obligation to re-collect personal data for every single use. The DPA stated

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation

Privacy and Cybersecurity KnowledgeShare event: Sept 19, London

Join us on Thursday 19 September for our Privacy and Cybersecurity KnowledgeShare in London. We’ll share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops. Topics will include: Nailing the basics – Fast insights into key issues such as lawful grounds for processing, people’s rights and DPIAs. Enforcement – What the risk-based approach truly means. Privacy challenges of the digital economy – AI,

Posted in Policy & Regulation Photo of Katie McMullan

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.  The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance. Since the EU legislators shocked the internet world a decade ago by changing the legal requirement for the use of cookies and similar technologies from “notice and opt-out” to “notice and consent”, many businesses have struggled to find a way to

Posted in Cybersecurity

Privacy and Cybersecurity July 2019 Events

Please join us for our July 2019 events. July 4 Making Privacy Actionable Eduardo Ustaran and Nicola Fulford are hosting the IAPP London KnowledgeNet which will discuss, “Making Privacy Actionable: Working with the Chief Data Officer.” Location: London July 5-8 Privacy at the Aspen Institute Harriet Pearson will lead a seminar on “What is Privacy and How Do We Protect It?,” at the Aspen Institute’s Socrates Program. Location: Aspen, Colorado July 11 #DataDoneRight Mark Brennan will provide insights on the FCC’s TCPA-related actions and prospects for robocall legislation in Congress on

Posted in Cybersecurity, Data Protection & Privacy, Intellectual Property Photo of Andrew McGinty

China’s first Data Protection Measures lifting its veils

On May 28, 2019, the Cyberspace Administration of China released the draft Measures on the Administration of Data Security (“Data Security Measures“, see our in-house English translation here) for public consultation. These Data Security Measures will be a great leap forward in China’s current data protection landscape, which mainly consists of scattered provisions contained in various pieces of legislations and standards, such as the Cyber Security Law, the E-Commerce Law, the Consumer Rights Protection Law as well as the Personal Information Security Specification, the most comprehensive yet non-binding national standard

Posted in Cybersecurity, Internet, Policy & Regulation Photo of David Taylor

Analyzing the impact of the EU GDPR on access to WHOIS data, one year on

During the Annual INTA 2019 Meeting, a panel was held on the EU General Data Privacy Regulation (GDPR) and the temporary removal of data for the WHOIS directory. IPMT Partner David Taylor spoke on the following GDPR issues and their impact on global brand protection. When the GDPR came into force back in 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) implemented a temporary policy which resulted in a majority of global registrant data being hidden from public view in the WHOIS directory. This temporary policy cannot extend beyond one year,

Posted in Policy & Regulation

South Africa Data Protection Regulations Expected to Take Effect in 2019

Although South Africa’s first comprehensive piece of data protection legislation, the Protection of Personal Information Act (POPIA), was originally signed into law in November 2013, the substantive provisions of the law have not yet taken legal effect. That is likely to change since South Africa’s data protection authority, the Information Regulator, published the final draft of its POPIA regulations in December 2018. Although the Information Regulator has not indicated exactly when those regulations will become final, it has indicated that the full implementation of POPIA should follow shortly thereafter. Section

Posted in Policy & Regulation Photo of Mark BrennanPhoto of Julian Flamant

CCPA Amendments Advance through California Assembly

A number of legislative proposals seeking to amend the California Consumer Privacy Act (CCPA) are moving forward following an April 23 hearing before the California Assembly’s Committee on Privacy and Consumer Protection in which the bills were approved. The bills will now advance to the Assembly’s Appropriations Committee before being voted on by the full Assembly and potentially advancing to the California Senate for consideration.

Posted in Data Protection & Privacy Photo of Eduardo Ustaran

The EDPB’s Narrow View of Contractual Necessity

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data. The Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (adopted on April 9, 2019 and open for consultation until May 24, 2019) provide a detailed assessment of the regulator’s interpretation of the law. Article 6(1)(b) sets out one of the six possible lawful grounds for personal data processing under the European Union’s

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019? 2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the promulgation of an important GDPR-inspired national standard in China and the tabling of a draft data protection law in India that shares the same lineage. Rising public awareness of data

Posted in Advertising, Data Protection & Privacy, Digital Single Market (EU) Photo of Christelle Coslin

Hosting providers of websites are not as such data controllers and only incur limited liability, French Court of Appeal says

In a decision dated March 1st, 2019, the Paris Court of Appeal reminded that specific conditions must be met for hosting providers to be held liable in case of unlawful content. The French court also ruled that hosting providers are not data controllers per se and, as such, are not subject to obligations under the Data Protection Act. In this case, the claimant is a lawyer who alleges that a company – whose main activity is the hosting of websites and the management of advertising space – posted on two

Posted in Data Protection & Privacy Photo of Ewa KacperekPhoto of Weronika Wolosiuk

First Fine Imposed by the Polish DPA Under the GDPR

The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR). This is the first fine imposed by the Polish DPA under the GDPR and Poland’s Act on Personal Data Protection of 10 May 2018 implementing the GDPR. The decision provides some limited insights into the interpretation of the term “disproportionate effort”

Posted in Data Protection & Privacy, Internet, Policy & Regulation

Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49

It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic (as we discuss here), and on 21 March the Court of Justice of the European Union (CJEU) released Advocate-General Szpunar’s opinion in the case of Planet49 (C-673/17), which discusses the requirements for valid consent, in the context of both cookies