Whilst political uncertainty may have businesses’ attention fixed, the Hogan Lovells Global Survey on Digital Regulation: ‘A Turning Point for Tech’ suggests that tech companies should be looking elsewhere. During yesterday’s launch at Hogan Lovells’ London Office, editor of the survey, Falk Schoening uncovered the 452 digital regulations that had been proposed across 16 jurisdictions in just six months of … Continue Reading
Tag Archives: GDPR
CJEU: Consent on the Internet Means ‘Opt-In’
On 1 October 2019, the Court of Justice of the European Union (CJEU) handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17 (Planet49 – a previous post outlining the background can be found here).
In the Planet49 case, the German Federal Court referred a number of questions … Continue Reading
Privacy and Cybersecurity September 2019 Events
Please join us for our September events.
September 11
Data and Privacy in the Autonomous Car
Tim Tobin will speak on the webinar, “Data and Privacy in the Autonomous Car, What New Questions Might We Face?” presented by the Privacy + Security Forum. To register, please click here.
Location: Webinar
September 13
Medical Technology Executive Forum
Paul Otto will speak … Continue Reading
The ICO Updates Its Data Sharing Code of Practice
On 9 July 2019 the UK data protection authority (ICO) updated its Data Sharing Code of Practice (first published in 2011) (Code). On the same day, the ICO also announced its intention to fine Marriott International just over £99m for infringements of the General Data Protection Regulation (GDPR), highlighting the importance of due diligence in the context of data sharing.… Continue Reading
New French Guidelines on Cookies and Trackers
On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral … Continue Reading
Dutch DPA: Banks May Not Use Payment Data for Marketing Purposes
In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a letter to all Dutch banks urging them to thoroughly review their direct marketing practices. The DPA specifically asked any bank contemplating the use of … Continue Reading
Analyzing the impact of the EU GDPR on access to WHOIS data, one year on
During the Annual INTA 2019 Meeting, a panel was held on the EU General Data Privacy Regulation (GDPR) and the temporary removal of data for the WHOIS directory. IPMT Partner David Taylor spoke on the following GDPR issues and their impact on global brand protection.
When the GDPR came into force back in 2018, the Internet Corporation for Assigned … Continue Reading
Privacy and Cybersecurity June 2019 Events
Please join us for our June events.
June 4
Privacy Breakfast
Paul Otto and Tim Tobin are presenting at the Hogan Lovells Munich office’s privacy breakfast, “EU General Data Protection Regulation,” on privacy topics such as the California Consumer Privacy Act (CCPA), cybersecurity and data breaches, and sector-specific issues found in the life sciences and health care, automotive, and financial … Continue Reading
GDPR – The Year in Review
Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared a compilation of key GDPR-related developments of the past 12 months. The compilation covers regulatory guidance, enforcement actions, court proceedings, and various reports and materials.
Regulatory Guidance
… Continue Reading
EDPB’s Position on Clinical Trials Creates Friction with Other EU Legislation
Clinical trials in the EU include the collection of sensitive health data from patients. Trial sponsors are obliged to reconcile their respect of regulations governing data protection with regulations governing the conduct of clinical trials. The GDPR¹ could not fully harmonize these rules since this area is already heavily regulated by public health regulations that vary between EU Member States. … Continue Reading
Will Widened Class Actions Regime Boost Data Litigation in the Netherlands?
On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. The Legislation introduces an option to claim monetary damages in a “US style” class action, including for violations of the GDPR. This Legislation together with the mechanisms already available under Dutch law put the Netherlands … Continue Reading
Eduardo Ustaran Discusses Brexit and ePrivacy on IAPP Podcast
Eduardo Ustaran was featured on the IAPP’s Privacy Advisor Podcast to discuss latest developments of Brexit—including various potential outcomes—and how companies doing business in the United Kingdom are looking ahead to prepare post-Brexit privacy and data protection compliance practices. Eduardo also outlined the state-of-legislation of the European Union’s ePrivacy update and discussed how the anticipated regulation may develop during Romania’s … Continue Reading
Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019
What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019?
2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the … Continue Reading
First Fine Imposed by the Polish DPA Under the GDPR
The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR).
This is the first fine imposed by the Polish DPA under … Continue Reading
Privacy and Cybersecurity April 2019 Events
Please join us for our April events.
April 2 Trust in data, no longer a luxury?
Nicola Fulford and James Denvil will speak at the workshop,” Trust in data, no longer a luxury – Privacy, security, and consumer trust for 21st century,” at the Luxury Law London Summit. They will discuss some of the challenges of succeeding in a data-driven … Continue Reading
Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49
It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic (as we discuss here), and on 21 March the … Continue Reading
Assessing the Evolving U.S. Privacy Landscape and the Road Ahead
New proposals to protect consumer privacy in the U.S. seem to be appearing every day. There are now more than 90 privacy proposals that federal, state, and local regulators and policymakers are considering as privacy continues to dominate the news cycle. Hogan Lovells partners Mark Brennan and Nicola Fulford led a panel of industry stakeholders at the INCOMPAS Policy Summit … Continue Reading
UK House of Lords Select Committee calls for a Digital Authority to regulate the online world
On 9 March 2019, the House of Lords Select Committee on Communications published its report on “Regulating in a digital World”. It included a number of recommendations to the government, including 10 guiding principles for the development of regulation online, a new public interest test for data driven mergers and a new Digital Authority, to oversee regulation of the digital … Continue Reading
EDPB Joins the Dots of ePrivacy and GDPR
On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation (“GDPR”). The Belgian Data Protection Authority had, on 3 December 2018, requested that the EDPB examine the overlap between the two laws and in particular the … Continue Reading
Dutch Data Protection Authority Sets GDPR Fines Structure
On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act).
The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 … Continue Reading
A global approach to IoT cybersecurity?
The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by … Continue Reading
GDPR Enforcement Update: Increasing Fines Expected from German DPAs | HL Chronicle of Data Protection
Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made … Continue Reading
An Approach for Setting Administrative Fines Under the GDPR
Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of … Continue Reading
Poland: credit scoring in danger?
A draft act on adjusting the Polish legal system to the provisions of the GDPR is under way in the lower house of the Polish Parliament (Sejm).
The draft act contains, among others, provisions amending the rules for processing personal data by banks, credit institutions, loan companies and other entities regulated by Polish banking law.
Particular controversy has … Continue Reading