California continues to be a first mover in privacy in the United States, enacting the US’s toughest and most comprehensive privacy legislation on Thursday, June 28, 2018. Unlike existing state and federal privacy legislation that has generally focused on specific sectors or privacy issues, the California Consumer Privacy Act of 2018 (AB 375), applies broadly to businesses that … Continue Reading
With the coming into effect of the GDPR on 25 May 2018, the modernisation of European privacy laws has reached a critical milestone. Businesses operating in Europe or targeting European customers now need to comply with the new regime. At stake are not only the consequences of non-compliance, but also the ability to take advantage of new technologies, data analytics … Continue Reading
The job of the legal and compliance teams is to make sure that their company’s data projects do not breach applicable laws.
Their task is not easy because the number of laws regulating the processing … Continue Reading
In the third instalment of the 2018 Internet of Things Webinar (IoT) Series, Yarmela Pavlovic, Paul Otto, Elisabethann Wright, and Fabien Roy hosted an educational webinar focusing on the evolving world of connected medical devices.
Fabien described the regulatory framework applicable to digital health technologies regulated as medical devices in the EU. He explained the criteria which must be met … Continue Reading
If you’ve got any worries about the GDPR – Europe’s new data privacy regime – then we’re here to help with our recently recorded webcast, explaining why there’s no need to panic.
It’s a great discussion, with our industry-leading panel looking offering lots of helpful tips and practical examples of how you can prepare for the GDPR, even after the … Continue Reading
The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR). With the GDPR having come into force, the EDPB thus replaces the … Continue Reading
The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on … Continue Reading
Advancements in technology may provide consumers with a continuous stream of upgraded products, but they’re also proving that current security and privacy regulations fall short within the Internet of Things (IoT). New devices with unprecedented capabilities are challenging traditional beliefs about liability and consumer protections. In an environment of ever-changing regulations, how do device manufacturers reduce liability risks?
In this … Continue Reading
The Portability Regulation (EU) 2017/1128 came into force on 1 April 2018. Part of the EU Commission’s aim to establish a Digital Single Market, the Regulation facilitates cross-border portability of online content. It allows for subscribed content services to “travel” with the subscriber throughout the entire European Union. Be it movies, sport events, music, e-books, online games, they … Continue Reading
With the GDPR about to come into effect, join our experts for a live webinar on 23 May to learn what you should be focusing on now.
The GDPR becomes applicable on 25 May and will affect organisations worldwide.
It is a complex and strict law with dozens of obligations which will be fiercely enforced.
Getting it right will be … Continue Reading
“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from … Continue Reading
New connected products are hitting the market at an unprecedented rate, so staying aligned with the evolving regulatory and legal issues is more important than ever. With the opportunity … Continue Reading
It is finally here. This is the year of the GDPR. A journey that started with an ambitious policy paper about modernising data protection almost a decade ago – a decade! – is about to reach flying altitude. No more ‘in May next year this, in May next year that’. Our time has come. Given the amount of attention that … Continue Reading
To date, the main legacy of the Brexit referendum of 2016 appears to be a country split in half: some badly wish the UK would continue to be a member of the EU and some are equally keen on making a move. Yet, there seems to be at least one thing on which Remainers and Leavers will agree: nobody knows … Continue Reading
Following the European Commission and European Parliament’s proposed versions of the EU Regulation on Privacy and Electronic Communications (the ePR), we are now waiting for the Council of the European Union to agree their position before discussions between the three bodies can begin. A discussion paper from the Bulgarian Presidency of the Council dated 11 January 2018 (the Paper… Continue Reading
Last month we hosted our annual ‘Intellectual Values’ seminar in London which this year focused on the ‘connected world’. Sarah Turner, an IP partner in our Tech Hub, gave a talk on the steps companies can take to improve their cybersecurity. The potential damage resulting from a cybersecurity attack is ever increasing as the world becomes more and more … Continue Reading
Hogan Lovells partner Winston Maxwell spoke on October 12, 2017 at a conference on artificial intelligence organized by the French think tank “Le Club des Juristes”. What follows is an English version of his prepared remarks.
Artificial intelligence (“AI”) permits valuable new applications for society. Autonomous vehicles will increase safety and reduce pollution. Voice recognition could make computer keyboards obsolete. … Continue Reading
Exactly one year before the EU General Data Protection Regulation (GDPR) becomes applicable, global law firm Hogan Lovells has launched GDPRnow, a mobile application that provides companies with assistance to identify practical steps to comply with the new framework.
On 27 April 2017 the German Parliament passed an entirely new Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The new BDSG replaces the old BDSG, which has been in force for the last 40 years. The new BDSG shall adapt the German law to the provisions of the EU General Data Protection Regulation (GDPR). The new … Continue Reading
The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments (DPIA), the full text of which is available on the Working Party website. Comments can be submitted to the … Continue Reading
On 19 April 2017, the UK Government’s Department for Culture, Media and Sport (DCMS) published a report on cybersecurity breaches and how they affected UK companies in the last year. Headline statistics from the report include:
- 61% of businesses hold personal data electronically;
- 46% of all UK businesses identified at least one cybersecurity breach in the past year, rising to
A close observer of the GDPR will have noticed that, in several places, individual EU Member States can implement derogations from the GDPR requirements. Of course, as a regulation under EU law there is less scope for local flexibility under the GDPR than under the current EU Data Protection Directive 95/46. Yet the GDPR does, in a number of key … Continue Reading
The UK ICO has published what it describes as a feedback request on profiling and automated decision-making, with the intention that responses will “help inform the UK’s contribution to the WP29 guidelines due to be published later this year.”
Given the growing importance of profiling to most businesses, companies should consider whether they wish to contribute their views, particularly on … Continue Reading
The Information Commissioner’s Office (ICO) has issued a £70,000 fine against Flybe and a £13,000 fine against Honda Motor Europe Ltd for breaching Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) by sending emails requesting individuals to update their marketing preferences. The two cases confirm that:
- the interpretation by the ICO of what constitutes “marketing material” is very