Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: International

Subscribe to International RSS Feed

EU’s Highest Court Invalidates Safe Harbor with Immediate Effect

Posted in European Union, International

Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular,… Continue Reading

UK ICO Issues Largest Ever Fine In Connection With Automated Marketing Calls

Posted in Advertising & Marketing, United Kingdom

By Mark Young and Joseph Jones The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls.  The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in… Continue Reading

EU Parliament Policy Report Takes Dim View of EU Commission’s “Pro-Market” Policies on Big Data and Smart Devices

Posted in European Union

A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts,… Continue Reading

EU’s Highest Court Rules on Applicable Law and Territorial Powers of the National Data Protection Authorities

Posted in European Union

On October 1st, 2015, the Court of Justice of the EU rendered its judgment in the Weltimmo case (C-230/14).  The case addressed two important aspects of EU data protection law, namely applicable law and the scope of the territorial powers of data protection authorities. The case arose out of a dispute between Weltimmo, a company registered… Continue Reading

EU-U.S. Safe Harbor: Judgment in the Schrems Case Scheduled For October 6

Posted in European Union, United States

The Court of Justice of the European Union (“CJEU”) in Luxembourg will render its judgment in the Schrems case (C-362/14 Maximilian Schrems v Data Protection Commissioner) on October 6, at 9:30 am CET (see here). For details on the case and its potential implications for the U.S.-EU Safe Harbor, see our earlier blog post (here)… Continue Reading

Advocate General Considers EU-U.S. Safe Harbor to be Invalid

Posted in European Union, United States

By Jetty Tielemans, Mark Young and Joseph Jones This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection… Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

Posted in Cybersecurity, Data Breaches, Data Security, European Union, Health Privacy, United Kingdom

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. 

Data Localization Requirements Through the Backdoor? Germany’s “Federal Cloud”, and New Criteria For the Use of Cloud Services by the German Federal Administration

Posted in Cloud Computing, Cybersecurity, Data Security, European Union, Sourcing, Technology Transactions

In May 2015, reports about the German government’s plans to establish federal German cloud infrastructure (the “Bundes-Cloud”) raised concerns about the possible introduction of data localization requirements (preventing the storage and processing of data outside Germany).  The criteria for the use of cloud services by Germany’s federal administration, which have recently been published, now give… Continue Reading

What You Need to Know About Germany’s Cybersecurity Law

Posted in Cybersecurity, Data Security, European Union

Whilst the discussions on the proposed Network and Information Security (NIS) Directive at European level are still ongoing (see Update on the Cybersecurity Directive − over to Luxembourg?, InsidePrivacy, June 12, 2015), less has been said about Germany new national Act to Increase the Security of Information Technology Systems (the “IT Security Law”).  The IT Security Law… Continue Reading

EU – US Umbrella Agreement about to be concluded: towards a transatlantic approach to data protection?

Posted in European Union, International, United States

By Jean de Ruyt and Monika Kuschewsky According to the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, the EU and the US have finalized the EU-US Umbrella Agreement (for the press release, see here; a reportedly near-final draft of the agreement can be read here). This is a remarkable breakthrough after the first… Continue Reading

Regulators in the U.S. and U.K. Monitoring Mobile Apps and Websites Directed at Children

Posted in Advertising & Marketing, Children's Privacy, Federal Trade Commission, Mobile, United Kingdom, United States

By Megan L. Rodgers What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues. The FTC recently released a follow-up report on privacy notices in mobile apps directed… Continue Reading

China Issues Draft Network Security Law

Posted in China, Cybersecurity, Data Security, International

By Ashwin Kaja* and Yan Luo Close on the heels of a sweeping new National Security Law, the Standing Committee of the National People’s Congress released last month for public comment a very significant draft Network Security Law (“Draft Law”), also referred to as the draft Cybersecurity Law. Since it came into power in 2012,… Continue Reading

UK Supreme Court Will Hear Google’s Appeal in Important Privacy Case

Posted in Advertising & Marketing, European Union, United Kingdom

The UK Supreme Court has granted Google the right to appeal part of the English and Welsh Court of Appeal’s notable ruling in Google Inc. v. Vidal-Hall & Ors [2015] EWCA Civ 311. Our previous blog highlighted the facts of the case (brought by Internet users against Google’s ad-tracking practices) and the significant consequences of… Continue Reading

Progress on EU GDPR Reform: International Aspects Debated

Posted in European Union

A second round of “trilogue” negotiation on the EU General Data Protection Regulation (GDPR), on July 14th, has addressed the law’s territorial scope and rules relating to international data transfers (Articles 3 and Chapter 5, respectively). Although no agreed text has been released, public comments made by Jan Philipp Albrecht, the European Parliament’s lead negotiator… Continue Reading

Draft Regulations in China Preview Stricter Rules on Internet Advertising

Posted in Advertising & Marketing, China, Mobile, Online

On July 1, 2015, China’s State Administration for Industry and Commerce published a draft of the Interim Measures on Supervision of Internet Advertising (“Draft Internet Advertising Measures”; original Chinese here) for public comment. If adopted as drafted, the Draft Internet Advertising Measures would (1) require advertisements in email and instant messaging to contain conspicuous options… Continue Reading

EU General Data Protection Regulation – First day of ‘trilogue’ discussions

Posted in European Union

By Monika Kuschewsky and Vera Coughlan Today, the first meeting between the European Parliament (“EP”), the Council and the Commission (called “trilogue”) took place with the aim of reaching an agreement on the General Data Protection Regulation (“GDPR”) by the end of the year.  (For background, please see our previous InsidePrivacy post on the Council’s recently… Continue Reading

Highlights of the Canada Digital Privacy Act 2015

Posted in Canada

On June 18, 2015, the Canadian Parliament passed the Digital Privacy Act (DPA), Senate Bill S-4, into law.  The DPA amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) in important respects, including introducing a new data breach notification requirement (which is not yet in force) and making other… Continue Reading

Covington Webinar: The EU General Data Protection Regulation – What’s Next and What It Means For Your Business

Posted in European Union

As we recently covered on this blog, on June 15, the Council of Ministers of the EU reached a long-awaited ‘common approach’ on a revised text of the proposed General Data Protection Regulation (GDPR). Covington will be running a webinar on July 1, repeated on July 2 to accommodate attendees from different timezones, at which specialists from Covington’s… Continue Reading

Council Agrees Common Approach on EU General Data Protection Regulation – Negotiations With Parliament and Commission on Final Text To Begin Imminently

Posted in European Union

In today’s Justice and Home Affairs (“JHA”) Council meeting (see here), the Council of Ministers of the EU agreed the Council’s long-awaited common approach on a revised text of the proposed General Data Protection Regulation (“GDPR”). The Presidency of the Council of the EU had published a compromise text for approval by the JHA Council… Continue Reading

Update on the Cybersecurity Directive – over to Luxembourg?

Posted in Cybersecurity, Data Breaches, Data Security, European Union

Next week we expect to find out if the Council of the EU will finally agree (“adopt a general approach”) on its version of the proposed General Data Protection Regulation (GDPR).  Progress with a “little brother” of the GDPR – namely the proposed Network and Information Security (NIS) Directive, tagged the Cybersecurity Directive – continues in parallel.  Before… Continue Reading

U.S. and EU Miss Target for Safe Harbor Renegotiation, But Remain Optimistic

Posted in European Union, United States

The U.S. and EU’s negotiators on the EU-U.S. Safe Harbor data transfer program have missed an end of May target date for reaching an agreement on amendments to the program. They nevertheless publicly reaffirmed their commitment to reaching an agreement on the Safe Harbor program, and on an “Umbrella Agreement” that would protect personal data… Continue Reading

May 2015 EU mHealth Round-Up

Posted in Data Security, European Union, Health Privacy, Mobile Online, United Kingdom

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced… Continue Reading

Article 29 Working Party Updates BCR Guidance

Posted in European Union

On June 2, 2015, the Article 29 Working Party updated its published guidance on the topic of Processor BCRs.  In their latest guidance document, the Working Party focus specifically on the sensitive topic of disclosures to  law enforcement agencies (LEAs). By means of Processor BCRs, data processors are able to share EU-originating personal data within… Continue Reading

China Clarifies Requirements for Marketing via SMS

Posted in China

By Eric Carlson and Sheng Huang New clarifying provisions in China regulating how marketing can be done via short message service (“SMS”) will come into effect on June 30, 2015.