Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: GDPR

Posted in Digital Single Market (EU), e-commerce, Internet, Policy & Regulation, Technology Photo of Christopher ThomasPhoto of Myrto TagaraPhoto of Alexandra Bray

DMA – a whole new world for large platform service providers?

On 15 December The European Commission published the long awaited Digital Markets Act proposal. The Proposed Regulation imposes a series of ex ante behavioural obligations on entities that the Commission designates as ‘gatekeepers’. The obligations for those designated platforms and the potential sanctions largely resemble behavioural remedies and fines that the European Commission might otherwise seek to impose under its competition law powers. The Commission’s enforcement action is expected to be intense, with ten on-site investigations per year and an additional 80 full time staff.

Posted in Data Protection & Privacy Photo of Elisabethann Wright

Belgian DPA Issues Guidance on Temperature Measurements in the Context of COVID-19

In the context of their return-to-work policies companies are seeking solutions to detect individuals with fever at the entrance of their premises with the aim of preventing further contamination within the buildings. This can be achieved by means of conventional thermometers, digital fever scanners directed at the forehead of the person, or sophisticated thermal camera systems. The Belgian Data Protection Authority has issued a guidance in which it adopts a strict position regarding the implications of temperature screenings for individuals’ data privacy rights. More specifically, it provides that the simple

Posted in Data Protection & Privacy

Facial Recognition Challenged by French Administrative Court

In a decision (French only) dated 27 February 2020, the French Administrative Court of Marseille invalidated the deliberation of the Provence-Alpes-Côte d’Azur Regional Council which allowed to set up, on an experimental basis, a facial recognition mechanism in two high schools in order to (i) better control and speed up entry of students into the high schools and (ii) control access to premises of occasional visitors. This decision is important as this is the first administrative court decision in France about facial recognition. Since the GDPR entered into force, it

Posted in Advertising, Data Protection & Privacy, Technology

Webinar Invitation — AdTech and Privacy: Managing Risk in a Complex and Evolving Digital Economy

Join Hogan Lovells and Ankura to learn about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. James Denvil from Hogan Lovells’ Privacy and Cybersecurity practice by senior directors from Ankura to share best practices and their perspectives. Program topics will include: Cookies and Similar Tracking Technologies Defined How cookies and similar tracking technologies support and enhance digital services, including advertising Types of cookies (are your cookies strictly necessary or for marketing purposes?) Ways in which consumers’ digital activities are shared throughout the digital advertising

Posted in Data Protection & Privacy, Internet, Policy & Regulation Photo of Ewa KacperekPhoto of Weronika Wolosiuk

A summary of polish legislation and of the guidelines of authorities concerning covid-19 in the context of data protection

To meet your questions and concerns related to maintaining the principles of personal data protection in the face of the global COVID-19 pandemic, we have prepared a short guide to the key legal regulations and guidelines of authorities that you should keep in mind not only when conducting business and professional activity but also in everyday life. 1.         COVID-19 Act Decisions, orders, recommendations and guidelines addressed to legal entities and entrepreneurs The Act of 2 March 2020 on special solutions related to the prevention, counteracting and combating of COVID-19, other

Posted in Data Protection & Privacy, Policy & Regulation

Brexit and Data Protection: Boom for data centre operators in Continental Europe?

Data centre operators in Europe could benefit from Brexit and have already been preparing for years for precisely this scenario, including by expanding such data centre capacities in Continental Europe. The United Kingdom (UK) finally left the EU on 31 January 2020. The withdrawal agreement provides for the UK to continue to be treated largely as an EU member state until the end of the transition period on 31 December 2020, while both sides work out the future rules for cooperation. For the period after this, current prime Minister Boris

Posted in Policy & Regulation Photo of Eduardo Ustaran

Getting Cookie Consent Right

One could be forgiven for thinking that knowing how to comply with a legal obligation that has been in place for nearly a decade would be clear cut. However, widespread practice tells us that this is far from the truth. In November 2009, as part of wider reforms to the European telecommunications regulatory framework, the European Union introduced various amendments to the existing Directive 2002/58/EC (‘e-Privacy Directive’), including to the provisions regulating the use of cookies. Since then the e-Privacy Directive has required obtaining the consent of users in order

Posted in Policy & Regulation, Privacy and Security Litigation Photo of Eduardo Ustaran

Hogan Lovells calls for an alternative approach to regulating privacy in the digital economy

LONDON, 25 November 2019 – Hogan Lovells has published a study evaluating the ongoing legislative proposal for a new ePrivacy Regulation, a law aimed at updating the current ePrivacy framework in the EU. After nearly three years of debates and negotiations, the European Union is nowhere near agreeing a position on how to achieve the right balance between the need for technological innovation, public security and the protection of privacy in the context of the digital economy. According to Hogan Lovells, this is due to the structure and legislative approach of the

Posted in Artificial Intelligence, Blockchain, Copyright, Cybersecurity, Data Protection & Privacy, Intellectual Property, Internet, Policy & Regulation, Technology

A Turning Point for Tech – Global survey on digital regulation

Whilst political uncertainty may have businesses’ attention fixed, the Hogan Lovells Global Survey on Digital Regulation: ‘A Turning Point for Tech’ suggests that tech companies should be looking elsewhere. During yesterday’s launch at Hogan Lovells’ London Office, editor of the survey, Falk Schoening uncovered the 452 digital regulations that had been proposed across 16 jurisdictions in just six months of monitoring. The report aims to provide insight for what is on the horizon for tech companies, giving them a ‘heads up’ on how they should look at their business models

Posted in Policy & Regulation Photo of Eduardo UstaranPhoto of Katie McMullan

CJEU: Consent on the Internet Means ‘Opt-In’

On 1 October 2019, the Court of Justice of the European Union (CJEU) handed down a crucial decision impacting the way that consent is obtained on the internet. The judgment relates to Case C-673/17 (Planet49 – a previous post outlining the background can be found here). In the Planet49 case, the German Federal Court referred a number of questions to the CJEU regarding the validity of consent to cookies placed by a website operating an online lottery. The questions before the CJEU amounted to the following: 1.  Does a pre-checked

Posted in Cybersecurity

Privacy and Cybersecurity September 2019 Events

Please join us for our September events. September 11 Data and Privacy in the Autonomous Car Tim Tobin will speak on the webinar, “Data and Privacy in the Autonomous Car, What New Questions Might We Face?” presented by the Privacy + Security Forum. To register, please click here. Location: Webinar September 13 Medical Technology Executive Forum Paul Otto will speak on cybersecurity & patient safety at the Medical Device Manufacturers Association’s 12th Annual Medical Technology Executive Forum. Location: Palo Alto, California September 16 Association of Independent Research Institutes Annual Meeting Melissa

Posted in Policy & Regulation Photo of Paula Garcia

The ICO Updates Its Data Sharing Code of Practice

On 9 July 2019 the UK data protection authority (ICO) updated its Data Sharing Code of Practice (first published in 2011) (Code). On the same day, the ICO also announced its intention to fine Marriott International just over £99m for infringements of the General Data Protection Regulation (GDPR), highlighting the importance of due diligence in the context of data sharing. The Code, made under section 121 of the UK’s Data Protection Act (DPA), is publicly available for consultation until 9 September 2019. Once finalised, the Code will become a statutory

Posted in Policy & Regulation Photo of Patrice Navarro

New French Guidelines on Cookies and Trackers

On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral recommendations setting out practical methods for obtaining consent. These sectoral recommendations will be included in a final version of the guidelines on cookies and trackers open for public consultation, which

Posted in Policy & Regulation Photo of Joke Bodewits

Dutch DPA: Banks May Not Use Payment Data for Marketing Purposes

In the wake of a recent announcement by a major Dutch bank that it would start providing its customers with personalized advertisements based on their spending patterns, the Dutch Data Protection Authority (DPA) has sent a letter to all Dutch banks urging them to thoroughly review their direct marketing practices. The DPA specifically asked any bank contemplating the use of transaction data for direct marketing to reconsider. In its analysis, the DPA may have introduced a very onerous obligation to re-collect personal data for every single use. The DPA stated

Posted in Cybersecurity, Internet, Policy & Regulation Photo of David Taylor

Analyzing the impact of the EU GDPR on access to WHOIS data, one year on

During the Annual INTA 2019 Meeting, a panel was held on the EU General Data Privacy Regulation (GDPR) and the temporary removal of data for the WHOIS directory. IPMT Partner David Taylor spoke on the following GDPR issues and their impact on global brand protection. When the GDPR came into force back in 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) implemented a temporary policy which resulted in a majority of global registrant data being hidden from public view in the WHOIS directory. This temporary policy cannot extend beyond one year,

Posted in Cybersecurity, Data Protection & Privacy, Internet

Privacy and Cybersecurity June 2019 Events

Please join us for our June events. June 4 Privacy Breakfast Paul Otto and Tim Tobin are presenting at the Hogan Lovells Munich office’s privacy breakfast, “EU General Data Protection Regulation,” on privacy topics such as the California Consumer Privacy Act (CCPA), cybersecurity and data breaches, and sector-specific issues found in the life sciences and health care, automotive, and financial sectors. Click here to register. Location: Munich, Germany June 25-26 National Association of College and University Attorneys Bret Cohen and Stephanie Gold are presenting at the annual conference of the National Association of College and University Attorneys on the panel, “Focus

Posted in Policy & Regulation

GDPR – The Year in Review

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared a compilation of key GDPR-related developments of the past 12 months. The compilation covers regulatory guidance, enforcement actions, court proceedings, and various reports and materials. Regulatory Guidance Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (25.11.2018) – The EDPB confirmed the existing approach to the ‘establishment criterion’ for the application of the GDPR and introduced a ‘targeting criterion’, where the processing is related to the offering of

Posted in Policy & Regulation Photo of Patrice NavarroPhoto of Elisabethann Wright

EDPB’s Position on Clinical Trials Creates Friction with Other EU Legislation

Clinical trials in the EU include the collection of sensitive health data from patients. Trial sponsors are obliged to reconcile their respect of regulations governing data protection with regulations governing the conduct of clinical trials. The GDPR¹ could not fully harmonize these rules since this area is already heavily regulated by public health regulations that vary between EU Member States. One of the most disconcerting areas of divergence between EU Member States is the different national positions on whether patient consent is a valid legal ground for processing personal data in

Posted in Data Protection & Privacy, Policy & Regulation Photo of Joke Bodewits

Will Widened Class Actions Regime Boost Data Litigation in the Netherlands?

On 19 March 2019, the Dutch Senate approved legislation introducing collective damages actions in the Netherlands (the “Legislation”) which will broaden the regime even further. The Legislation introduces an option to claim monetary damages in a “US style” class action, including for violations of the GDPR. This Legislation together with the mechanisms already available under Dutch law put the Netherlands at the forefront of collective redress in Europe. The Legislation is expected to enter into force in July 2019 and will apply to events which took place on or after

Posted in Policy & Regulation

Eduardo Ustaran Discusses Brexit and ePrivacy on IAPP Podcast

Eduardo Ustaran was featured on the IAPP’s Privacy Advisor Podcast to discuss latest developments of Brexit—including various potential outcomes—and how companies doing business in the United Kingdom are looking ahead to prepare post-Brexit privacy and data protection compliance practices. Eduardo also outlined the state-of-legislation of the European Union’s ePrivacy update and discussed how the anticipated regulation may develop during Romania’s term in the Presidency of the Council of the European Union. To access The Privacy Advisor Podcast: Dispatch from London on Brexit and the ePrivacy Regulation, click here.

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation

Asia Pacific Data Protection and Cybersecurity Regulation: 2018 in Review and Looking Ahead to 2019

What is in store for data protection and cyber security regulation in Asia Pacific (APAC) in 2019? 2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the promulgation of an important GDPR-inspired national standard in China and the tabling of a draft data protection law in India that shares the same lineage. Rising public awareness of data

Posted in Data Protection & Privacy Photo of Ewa KacperekPhoto of Weronika Wolosiuk

First Fine Imposed by the Polish DPA Under the GDPR

The President of the Personal Data Protection Office in Poland (Polish DPA) imposed a fine amounting to PLN 943,470 (approximately EUR 220,000; approximately USD 245,977) for failing to fulfil the company’s transparency obligations towards over six million data subjects under Article 14 of Europe’s General Data Protection Regulation (GDPR). This is the first fine imposed by the Polish DPA under the GDPR and Poland’s Act on Personal Data Protection of 10 May 2018 implementing the GDPR. The decision provides some limited insights into the interpretation of the term “disproportionate effort”

Posted in Cybersecurity, Data Protection & Privacy, Policy & Regulation, Privacy and Security Litigation, Technology

Privacy and Cybersecurity April 2019 Events

Please join us for our April events. April 2                             Trust in data, no longer a luxury? Nicola Fulford and James Denvil will speak at the workshop,” Trust in data, no longer a luxury – Privacy, security, and consumer trust for 21st century,” at the Luxury Law London Summit. They will discuss some of the challenges of succeeding in a data-driven market that is undergoing global regulatory upheavals. Location: London April 4                             Global TEC Forum Mark Brennan will speak on the panel, “California Breaks New Privacy Ground (Again): The California Consumer Privacy

Posted in Data Protection & Privacy, Internet, Policy & Regulation

Crumbs of Comfort: the Advocate-General’s Opinion on Consent and Cookies in Planet49

It’s no secret that a hot topic, perhaps the hot topic, in the European data protection world at present is the interplay between the GDPR and the e-Privacy Directive, in particular how it affects online advertising involving cookies. The European Data Protection Board recently released an opinion on this topic (as we discuss here), and on 21 March the Court of Justice of the European Union (CJEU) released Advocate-General Szpunar’s opinion in the case of Planet49 (C-673/17), which discusses the requirements for valid consent, in the context of both cookies