Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: International

Subscribe to International RSS Feed

New Version of Draft German Cybersecurity Law Published

Posted in European Union, Uncategorized

By Monika Kuschewsky and Sebastian Martin The German Federal Ministry of the Interior recently published its revamped proposal for an “IT Security” Law. A similar proposal had already been adopted by the previous German Government in March last year (see InsidePrivacy, German Government Proposes Cybersecurity Law, March 22, 2014). However, that proposal ultimately failed to… Continue Reading

Fraud Investigators Imprisoned for Illegally Collecting Personal Data in China

Posted in China, International

By Eric Carlson and Scott Livingston On Friday, August 8, 2014, a Chinese court convicted British fraud investigator Peter Humphrey and his wife, Yu Yingzeng, a naturalized US citizen, of illegally obtaining personal information.  Mr. Humphrey was sentenced to two and a half years in prison and fined RMB 200,000 (about US $32,000); Ms. Yu… Continue Reading

EU Court of Justice clarifies the definition of personal data and scope of access requests

Posted in European Union

By Jacqueline Clover and Monika Kuschewsky   The Court of Justice of the European Union (‘CJEU’) has ruled that an analysis produced by an administrative agency to inform and support the agency’s formal decisions (‘legal analysis’) is not of itself “personal data” as defined under Directive 95/46/EC (the ‘EU Data Protection Directive’).  This is the… Continue Reading

European Commission Wants Leaders to Embrace Big Data

Posted in International

On 2 July 2014, the European Commission issued a Communication titled “Towards a thriving data-driven economy”, which describes the features of such economy and sets out some operational conclusions. The Communication responds to the European Council’s conclusions of October last year which called for EU action to provide the right framework conditions for a single… Continue Reading

EU Justice Ministers Reach A Common Position on Aspects of the Draft EDPR

Posted in European Union

By Dan Cooper & Maria-Martina Yalamova On June 6, 2014, the Justice and Home Affairs Council of the European Union (the “Council”), representing individual EU Member States, reached a common position on certain important aspects of the draft European Data Protection Regulation (the “Regulation”).  Specifically, the Council reached an agreement on rules governing transfers of… Continue Reading

EU Parliamentary Elections: What Impact on the EU Data Protection Reform?

Posted in European Union, Uncategorized

By: Sophie Noya On May 22-25, EU citizens elected Members of the European Parliament (“MEPs”) for a five-year term.  Several of the key parliamentary decision-makers on the data protection reform have been reelected, including the strongest supporters of far-reaching privacy rights such as the rapporteur, German Green Member Jan Philipp Albrecht, and Dutch Liberal Sophia… Continue Reading

Google, the CJEU, and the Long Arm of European Data Protection Law

Posted in European Union, Online

By Dan Cooper, Mark Young and Kristof van Quathem On May 13, the European Court of Justice (the “Court”) handed down an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The decision has wide-ranging consequences regarding the application of EU… Continue Reading

Data Breaches on the Rise in 2014

Posted in Cybersecurity, Data Breaches, Data Security, International, United States

More than 200 million records were lost in digital breaches during the first three months of 2014, according to a new report that parses publicly available information on data breaches.   The records were lost in connection with at least 254 publicized breaches, according to SafeNet, a data security company that published the report. Those numbers… Continue Reading

European Data Protection Regulators Clarify the Scope of the Balancing Test Required for Reliance on the “Legitimate Interests” Ground for Data Processing

Posted in European Union

On 9 April, the Article 29 Working Party (“WP29”) adopted an Opinion on the notion of legitimate interests of the data controller under Article 7(f) of the EU Data Protection Directive 95/46/EC (the “Opinion”).  The Opinion has two main objectives:  to ensure correct interpretation and implementation of the “legitimate interest” ground for data processing at… Continue Reading

European Regulators Set Out Data Anonymization Standards

Posted in Data Security, European Union

By Kristof van Quathem and Dan Cooper On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely available – while… Continue Reading

The New EDPS Opinion “Privacy and Competitiveness in the Age of Big Data”

Posted in European Union

“The evolution of big data has exposed gaps in EU competition, consumer protection and data protection policies”, said Peter Hustinx, the European Data Protection Supervisor (EDPS), when presenting the EDP’s preliminary opinion on the interplay between these three policy areas. The Opinion titled “Privacy and Competitiveness in the Age of Big Data”, issued on 26… Continue Reading

EU Data Retention Directive Declared Invalid by Court of Justice of the EU

Posted in European Union

By Philippe Bradley and Mark Young The Court of Justice of the European Union (CJEU) today held that the EU Data Retention Directive (Directive 2006/24/EC)1 is invalid.  The CJEU ruled that the retention of data under the Directive constitutes an impermissibly broad and serious interference with fundamental human rights to private life and the protection of personal… Continue Reading

Is Korea Moving Towards EU-Style Legislation for Financial Institutions?

Posted in Financial Institutions, Financial Privacy, International, Korea

By Hee-Eun Kim and Monika Kuschewsky In January 2014, a massive data leak of some 104 million credit card accounts shocked South Korea.  The number of affected accounts was twice the number of the population of South Korea’s.  The incident arose when a temporary employee of a personal credit rating agency that manages personal financial… Continue Reading

European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

Posted in Cybersecurity, European Union, International

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In… Continue Reading

Covington to Discuss Cyber Warfare at #SXSW 2014

Posted in Cybersecurity, International, Uncategorized

Kristen Eichensehr, a member of Covington’s Global Privacy and Data Security Practice Group, will be speaking at a panel entitled “Intangible Weapons, Invisible Enemies” at the South By Southwest (“SXSW”) Interactive conference this Sunday, March 9.  Joined by University of Texas Law School Professor Derek Jinks, Kristen will discuss the nature of cyber warfare, if… Continue Reading

Dissuading Companies from Violating Data Protection Rules: Senior European Commission Official Calls for ‘Significant’ Fines

Posted in European Union, International

By Charlotte Ryckman & Jetty Tielemans Speaking at Berkeley’s Online Tracking Workshop today, Françoise Le Bail, Director-General of the European Commission’s DG Justice (the leading department regarding the EU data protection reforms) confirmed the European Commission’s vision that the EU needs stronger penalties in order to ensure effective enforcement of European data protection rules. Ms…. Continue Reading

Google Fined by the CNIL for Privacy Breaches as European Regulators Continue Investigation

Posted in European Union, Privacy Policies, Uncategorized

On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period of… Continue Reading

Advocate General finds the EU’s Data Retention Directive Incompatible with the Fundamental Right to Privacy

Posted in European Union, International

By Maria-Martina Yalamova & Mark Young On 12 December 2013, the Advocate General (“AG”) to the Court of Justice of the European Union (the “CJEU”), Mr Cruz Villalón, gave an opinion that the EU’s Data Retention Directive 2006/24/EC (the “Directive”) violates the fundamental right to privacy in the EU.  His reason, in short, is that… Continue Reading

Updating Ofcom’s Guidance on Network Security – New Consultation

Posted in Cybersecurity, European Union, United Kingdom

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on the responses received, Ofcom intends… Continue Reading

Berlin Court Condemns Google, Strikes Provisions in Privacy Policy and Terms

Posted in European Union, International, Privacy Policies

On Tuesday, 19 November, the Regional Court of Berlin ruled against Google in a case brought by the Federation of German Consumer Associations (vzbv).  The vzbv had initiated an action for injunction against Google, requesting it to stop using certain clauses in its Terms of Use and Privacy Policy.  In Germany, consumer associations have a… Continue Reading

European Council Taps the Breaks–Adoption of EU General Data Protection Regulation Delayed

Posted in European Union

Only a few days after the leading parliamentary committee waved through the proposed amendments to the European Commission’s legislative proposal for a General Data Protection Regulation (see here and here), the EU Member States’ governments have decided to postpone the adoption of the Regulation to 2015.  Germany and the UK, in particular, supported the delay, albeit… Continue Reading

What Companies Should Know About the LIBE Committee’s Amendments to the EU’s Proposed Data Protection Regulation

Posted in European Union, International

By Monika Kuschewsky & Mark Young On Monday, the LIBE Committee of the European Parliament adopted proposed amendments to the Commission’s legislative proposal for a General Data Protection Regulation.  Earlier this week we summarized the vote and procedural details (here).  In this alert, we provide more detail on the amendments that companies are likely to… Continue Reading

European Parliament Calls for Suspension of the SWIFT Agreement following NSA Surveillance Claims

Posted in European Union, Financial Privacy, International

On October 23, 2013, the European Parliament adopted a resolution calling for the suspension of an EU-US Agreement on the transfer of financial data for the purposes of the Terrorist Finance Tracking Program (the so-called “SWIFT Agreement”).  The resolution comes after allegations that the US National Security Agency (NSA) has had unauthorized access to EU citizens’ bank… Continue Reading