Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: GDPR

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Joke Bodewits

Dutch Data Protection Authority Sets GDPR Fines Structure

On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act).

The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, privacy and security litigation, Technology

A global approach to IoT cybersecurity?

The European Telecommunications Standards Institute (ETSI) has published a new standard for cybersecurity in relation to consumer IoT products. The standard builds on the UK’s Code of Practice for Consumer IoT Security, published in October last year. The Code of Practice was developed by the UK Government following publication of a draft code as part of the Secure by … Continue Reading

Posted in Consumer Privacy, Cybersecurity, Data Protection & Privacy, Employment privacy, Financial privacy, Heath privacy/HIPAA, International/EU privacy, Policy & Regulation, privacy and security litigation Dr. Christian TinnefeldDr. Henrik Hanßen

GDPR Enforcement Update: Increasing Fines Expected from German DPAs | HL Chronicle of Data Protection

Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellChristine Gateau

An Approach for Setting Administrative Fines Under the GDPR

Article 83 of the GDPR provides for two levels of administrative fines: a lower level – maximum of €10 million or 2% of the global turnover – for violations relating to record-keeping, data security, data protection impact assessments, data protection by design and default, and data processing agreements; and a higher level – maximum of €20 million or 4% of … Continue Reading

Posted in Data Protection & Privacy Jakub BaczukEwa Kacperek

Poland: credit scoring in danger?

A draft act on adjusting the Polish legal system to the provisions of the GDPR is under way in the lower house of the Polish Parliament (Sejm).

The draft act contains, among others, provisions amending the rules for processing personal data by banks, credit institutions, loan companies and other entities regulated by Polish banking law.

Particular controversy has … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Drones, Internet, Policy & Regulation, Technology Mark Parsons

Privacy, Cybersecurity, and the Internet of Things in Asia: What to Expect in 2019

Increasing numbers of initiatives, devices, and solutions related to the Internet of Things (IoT) are substantially impacting the development of cybersecurity and data privacy regulations throughout Asia. After the implementation of the General Data Protection Regulation (GDPR) in Europe, for example, Asian lawmakers are considering strengthening their own data protection laws. The region is also characterized by a push in … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation

Are You Ready for Brazil’s New Data Protection Law?

The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on 15 February 2020. The new data protection law significantly improves Brazil’s existing legal framework by regulating the use of personal data by the public and private sectors. Very similar to the General Data Protection … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Christine GateauMichelle KisloffAdam Cooke

Going global: Data class actions make their way to the EU

Class actions have become an increasingly common means to seek redress in data privacy cases. With data breaches and data privacy claims on the rise, we asked our lawyers in France and the U.S. what you should bear in mind.

How real is the risk of class actions in data privacy?

Michelle Kisloff, U.S.: Class actions have long been … Continue Reading

Posted in Data Protection & Privacy Bret Cohen

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. 

As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). At first glance, it is clear that the drafters of the … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Mark BrennanW. James Denvil

California Consumer Privacy Act: the Challenge Ahead – Data Mapping and the CCPA

This is the third installment in Hogan Lovells’ series on the California Consumer Privacy Act.

What personal information do you have about California consumers and households?

The California Consumer Privacy Act of 2018 (“CCPA”) provides a series of new compliance obligations and operational challenges for companies doing business in California. A vital first step for any company subject to the Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Harriet Pearson

California Consumer Privacy Act: The Challenge Ahead – Key Terms in the CCPA

This is the second installment in Hogan Lovells’ series on the California Consumer Privacy Act.

Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. Legislative history can speak volumes about those word choices, and the unique legislative history of the California Consumer … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy Harriet Pearson

California Consumer Privacy Act: The Challenge Ahead – Introduction to Hogan Lovells’Blog Series

Groundbreaking. Watershed. Unprecedented.

We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, ‌2018. Our experience to date has confirmed the compliance challenge ahead for organizations that engage with the residents of the world’s fifth-largest economy.

We will explore the ramifications for businesses of this seminal legislation … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Massimiliano MasnadaMarco Berliri

GDPR Italian Implementing Decree Has Been Published

On 4 September, the Legislative Decree no. 101 of 10 August 2018 (the “Decree”) for the national implementation of General Data Protection Regulation (EU) 2016/679 (the “GDPR”) has been published in the Official Journal. The approach of the legislator was to maintain the structure of former Legislative Decree 196/2003 (the “Privacy Code”) which, however, has been extensively amended and … Continue Reading

Posted in Data Protection & Privacy

Privacy and Cybersecurity September 2018 Events

Please join us for our September 2018 Privacy and Cybersecurity Events.

September 11
GDPR One Stop Shop
Eduardo Ustaran is participating in DataGuidance’s webinar on “One Stop Shop under the GDPR.”
Location: Webinar

 

September 13
Messaging Forum
Mark Brennan will lead a session at the CTIA Mobile World Congress Americas where he will discuss text messaging privacy and
Continue Reading
Posted in Data Protection & Privacy Eduardo Ustaran

Who Will Get the First Big GDPR Fine and How to Avoid It?

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR. A link to the video of his presentation can be found here and a detailed report of the presentation is available here.… Continue Reading

Posted in Data Protection & Privacy Christine GateauWinston MaxwellEduardo Ustaran

The General Data Protection Regulation timidly opens the doors to data class actions in Europe

More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2.

Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering … Continue Reading

Posted in Data Protection & Privacy Christine GateauWinston MaxwellEduardo Ustaran

Four key lessons when facing data class actions in Europe

Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU.

Damages

In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that … Continue Reading

Posted in Data Protection & Privacy Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – a user’s guide to data lakes and GDPR

A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together.

To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we analyse in our user guide.

The infrastructure phase

Here, the guide covers:

  • Identify the entity that is
Continue Reading
Posted in Data Protection & Privacy Winston MaxwellSam Choi

The starting point for a big data project: the privacy impact assessment

The era of big data is here. Although we are yet to see its full potential, the use of big data analytics is already proving invaluable to businesses and its applications have been found in numerous and diverse sectors.

However, the use of big data has also brought much controversy, particularly when it involves sensitive information, concerns children, minorities or … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Mark BrennanHarriet PearsonBret CohenTimothy Tobin

Now Available: California Consumer Privacy Act: What you need to know now webinar recording and slides

Thank you to everyone who participated in last week’s webinar “California Consumer Privacy Act: What you need to know now.”

In this complimentary webinar, Hogan Lovells partners Mark Brennan, Bret Cohen, Harriet Pearson, and Tim Tobin, discussed:

• What triggered the new law?

• What data is covered?

• What does CCPA require, and how do you start operationalizing the … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Winston MaxwellHarriet PearsonJohn SalmonEduardo Ustaran

Getting to data nirvana – regulatory silo-busting to optimize risk management

“Getting to Data Nirvana” is our four-step approach to help you integrate your legal, regulatory and compliance work streams into your organisation’s overall data strategy.

The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.

Their task is not easy because the number of laws regulating the processing … Continue Reading

Posted in Cybersecurity, Data Protection & Privacy, Technology

The connected home: From smart fish tanks to connected kitchen appliances, product companies must navigate GDPR and Product Liability Directive compliance, cyber risk, and other IoT challenges

In this interview, Hogan Lovells Partner Valerie Kenyon and Senior Associate Anthea Davies — members of our Global Product Law team — discuss some of the exciting opportunities and challenges presented by the Internet of Things (IoT) and the connected home. Manufacturers of smart thermostats and fish tanks, connected baby products, intelligent kitchen appliances, and speakers that connect to voice-controlled … Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Mark BrennanBret CohenHarriet PearsonTimothy Tobin

Webinar Invitation – California Consumer Privacy Act: What you need to know now

On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR).  Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them.

Please … Continue Reading

Posted in Data Protection & Privacy Eduardo Ustaran

The Future of International Data Transfers

With the current focus on the coming into effect of the EU General Data Protection Regulation (GDPR), one could (almost) be forgiven for forgetting about the question of international data flows. However, given the political and legal developments currently affecting the future of international data transfers, that would be a very serious strategic mistake. Legitimising data globalisation remains a top … Continue Reading