Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: International

Subscribe to International RSS Feed

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

Posted in International, United Kingdom

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short,… Continue Reading

European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Posted in European Union, International

By Monika Kuschewsky and Charlotte Ryckman Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

Posted in European Union, International

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here… Continue Reading

Germany Wants to Introduce Class Actions for Privacy Violations

Posted in European Union, International

Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers.  In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to… Continue Reading

China’s Internet Gatekeeper Announces Legislation to Enhance Personal Information Protection

Posted in China, Privacy Policies, Uncategorized

China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry… Continue Reading

Top 10 International Privacy Developments of 2014

Posted in European Union, International

By Dan Cooper and Maria-Martina Yalamova The CJEU “Right to be Forgotten” Ruling.  In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The CJEU’s decision re-interpreted European… Continue Reading

The UK’s Data Protection Regulator to Introduce “Privacy Seals” for Businesses

Posted in International, United Kingdom

By Fredericka Argent The UK’s Information Commissioner’s Office (ICO) has announced that it is looking to introduce a system of “privacy seals” for organizations doing business in the UK.  The seal is intended to be a consumer-facing stamp of approval demonstrating that a particular organization is meeting or surpassing the compliance requirements of the UK’s Data Protection… Continue Reading

Belgian Government Calls for EU Data Protection Authority

Posted in European Union, International

On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority.  He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia).  The… Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

Posted in European Union, International

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety,… Continue Reading

China Clarifies Requirements for Companies Regarding Consumers’ Personal Information

Posted in China, Privacy Policies, Technology Transactions

New consumer protection provisions that clarify how companies may collect, use, and protect personal information of consumers will come into effect in China on March 15, 2015. On January 5, 2015, China’s State Administration of Industry and Commerce (“SAIC”) issued measures to implement China’s Consumer Rights Protection Law (“CRPL”), which was amended effective March 2014… Continue Reading

Russian Data Localization Bill Now Confirmed To Come Into Effect On 1 September 2015

Posted in International

UPDATED:  This post was first published on December 19, 2014; it is now being updated to reflect President Putin’s signature of the bill discussed below on 31 December, 2014. In July 2014, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and… Continue Reading

The EU data protection regulation after 3 years of negotiation

Posted in European Union

By Jean de Ruyt and Sebastian Vos On January 25, 2012, the European Commission presented a proposal for a “Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “Data Protection Regulation” (DPR). The Commissioner in charge of justice at the time,… Continue Reading

Duma Votes to Accelerate Implementation Date of Russian Data Localization Bill By A Year

Posted in International

In July this year, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and would introduce a new requirement for certain businesses (including in particular those processing data concerning Russian citizens and also maintaining offices in Russia) to ensure that personal data… Continue Reading

Canada’s Highest Court Rules That Police Can Search Cell Phone Contents After Arrest

Posted in Canada, International

By Lala Qadir The Supreme Court of Canada recently issued a 4-3 decision that gave the police a green light in conducting warrantless searches of an arrestee’s cell phone as long as the search is directly related to the suspected crime and records are kept.  Over three dissenting judges that characterized mobile phones as “intensely… Continue Reading

The EU’s Highest Court Rules That The EU’s Data Protection Directive Applies To Home Security Surveillance Cameras

Posted in European Union, International

By Fredericka Argent Last week, the Court of Justice of the European Union (CJEU) ruled that owners of home surveillance cameras could be breaching the EU Data Protection Directive 95/46/EU (the Directive), when those cameras are used to monitor public spaces.  The ruling was made following a request from the Nejvyšší správní soud (The Supreme Administrative Court… Continue Reading

Article 29 Working Party Publishes Working Document Setting Out Cooperation Procedure for Issuing Common Opinions on Contractual Clauses

Posted in European Union, International

By Tom Jackson On November 26, 2014, the Article 29 Working Party adopted a working document setting out a cooperation procedure for issuing common opinions on contractual clauses considered as compliant with the EC Model Clauses (the “Working Document”).  The Working Document sets out the framework for a procedure designed to streamline the process of… Continue Reading

European Data Protection Regulators Release Joint Statement on European Values

Posted in European Union, International

By Tom Jackson On November 26, 2014, the Article 29 Working Party released a short joint statement containing a series of declarations on:  (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.”  The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies… Continue Reading

Have EU Privacy Regulators Just Spelled the End of Web Tracking?

Posted in European Union, International

On November 25, 2014, the Article 29 Working Party (“WP29”) issued an opinion paper on device fingerprinting (the “Opinion”).  The Opinion builds on existing guidance on cookies (Opinion 04/2012) and confirms that organizations wishing to generate “device fingerprints” by storing or accessing information on a user’s device must obtain user consent (unless an exemption applies)…. Continue Reading

Article 29 Working Party Publishes Full Guidance On CJEU Right To Be Forgotten Ruling Against Google

Posted in European Union, International

Late last week, the Article 29 Working Party released a short press statement announcing that it had agreed guidance for the implementation of the May 2014 CJEU ruling against Google on the “right to be forgotten.”  See our first post on the Working Party’s guidance here.  The Working Party has now published a full 20-page… Continue Reading

Buttarelli Confirmed as Next European Data Protection Supervisor

Posted in European Union, International

By Phil Bradley-Schmieg  As we previewed last month, it has now been confirmed that Giovanni Buttarelli will be appointed as the next European Data Protection Supervisor (EDPS), the data protection watchdog and advisor to the various rulemaking and supervisory bodies that make up the EU.  Mr Buttarelli currently serves as Deputy EDPS under Peter Hustinx. Mr… Continue Reading

Article 29 Working Party Agrees Right to Be Forgotten Guidance Following May 2014 CJEU Ruling Against Google

Posted in European Union, International

On November 25, 2014, the Article 29 Working Party agreed guidelines for data protection authorities seeking to apply the Court of Justice of the European Union (CJEU) ruling reached earlier this year against Google, which has become known as the right to be forgotten or “RTBF” ruling.  The full guidelines have not yet been published,… Continue Reading

UK Data Protection Regulator Surveys Use of Smart Medical Devices

Posted in European Union, International, United Kingdom

By Phil Bradley-Schmieg The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance… Continue Reading

Trans-Atlantic Business Dialogue Holds Briefing Session on EU-U.S. Safe Harbor Agreement

Posted in European Union, International

On October 23, the Trans-Atlantic Business Dialogue held a briefing session on the EU-U.S. Safe Harbor Agreement.  Ted Dean, Deputy Assistant Secretary at the U.S. Department of Commerce, gave an update on the negotiations with the European Commission.  Following the Snowden revelations and a resolution of the European Parliament, the European Commission on November 17,… Continue Reading

UK Parliamentarians Seek FOI Changes To Force Private Sector Suppliers To Disclose NHS Contract Details

Posted in European Union, International, United Kingdom

By Tom Jackson and Phil Bradley-Schmieg A cross-party group of UK Members of Parliament (“MPs”) is seeking to amend the UK’s ‘freedom of information’ regime under the Freedom of Information Act 2000 (“FOIA”) to also cover current and prospective private sector suppliers to the National Health Service (“NHS”) in England and Wales. The Freedom of… Continue Reading