Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: International

Subscribe to International RSS Feed

Draft Regulations in China Preview Stricter Rules on Internet Advertising

Posted in Advertising & Marketing, China, Mobile, Online

On July 1, 2015, China’s State Administration for Industry and Commerce published a draft of the Interim Measures on Supervision of Internet Advertising (“Draft Internet Advertising Measures”; original Chinese here) for public comment. If adopted as drafted, the Draft Internet Advertising Measures would (1) require advertisements in email and instant messaging to contain conspicuous options… Continue Reading

EU General Data Protection Regulation – First day of ‘trilogue’ discussions

Posted in European Union

By Monika Kuschewsky and Vera Coughlan Today, the first meeting between the European Parliament (“EP”), the Council and the Commission (called “trilogue”) took place with the aim of reaching an agreement on the General Data Protection Regulation (“GDPR”) by the end of the year.  (For background, please see our previous InsidePrivacy post on the Council’s recently… Continue Reading

Highlights of the Canada Digital Privacy Act 2015

Posted in Canada

On June 18, 2015, the Canadian Parliament passed the Digital Privacy Act (DPA), Senate Bill S-4, into law.  The DPA amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) in important respects, including introducing a new data breach notification requirement (which is not yet in force) and making other… Continue Reading

Covington Webinar: The EU General Data Protection Regulation – What’s Next and What It Means For Your Business

Posted in European Union

As we recently covered on this blog, on June 15, the Council of Ministers of the EU reached a long-awaited ‘common approach’ on a revised text of the proposed General Data Protection Regulation (GDPR). Covington will be running a webinar on July 1, repeated on July 2 to accommodate attendees from different timezones, at which specialists from Covington’s… Continue Reading

Council Agrees Common Approach on EU General Data Protection Regulation – Negotiations With Parliament and Commission on Final Text To Begin Imminently

Posted in European Union

In today’s Justice and Home Affairs (“JHA”) Council meeting (see here), the Council of Ministers of the EU agreed the Council’s long-awaited common approach on a revised text of the proposed General Data Protection Regulation (“GDPR”). The Presidency of the Council of the EU had published a compromise text for approval by the JHA Council… Continue Reading

Update on the Cybersecurity Directive – over to Luxembourg?

Posted in Cybersecurity, Data Breaches, Data Security, European Union

Next week we expect to find out if the Council of the EU will finally agree (“adopt a general approach”) on its version of the proposed General Data Protection Regulation (GDPR).  Progress with a “little brother” of the GDPR – namely the proposed Network and Information Security (NIS) Directive, tagged the Cybersecurity Directive – continues in parallel.  Before… Continue Reading

U.S. and EU Miss Target for Safe Harbor Renegotiation, But Remain Optimistic

Posted in European Union, United States

The U.S. and EU’s negotiators on the EU-U.S. Safe Harbor data transfer program have missed an end of May target date for reaching an agreement on amendments to the program. They nevertheless publicly reaffirmed their commitment to reaching an agreement on the Safe Harbor program, and on an “Umbrella Agreement” that would protect personal data… Continue Reading

May 2015 EU mHealth Round-Up

Posted in Data Security, European Union, Health Privacy, Mobile Online, United Kingdom

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced… Continue Reading

Article 29 Working Party Updates BCR Guidance

Posted in European Union

On June 2, 2015, the Article 29 Working Party updated its published guidance on the topic of Processor BCRs.  In their latest guidance document, the Working Party focus specifically on the sensitive topic of disclosures to  law enforcement agencies (LEAs). By means of Processor BCRs, data processors are able to share EU-originating personal data within… Continue Reading

China Clarifies Requirements for Marketing via SMS

Posted in China

By Eric Carlson and Sheng Huang New clarifying provisions in China regulating how marketing can be done via short message service (“SMS”) will come into effect on June 30, 2015.

Dutch Parliament Adopts Data Breach Notification Obligation and Increases Fines

Posted in Data Breaches, European Union

On May 26th, 2015, the Dutch Senate passed a new law (“the Law”) (legislative proposal, as adopted, is accessible here), which introduces an obligation to notify the Dutch DPA ‘without delay’ in case of a data breach.  The law also broadens the powers of the Dutch DPA, enabling it to impose significantly higher fines for… Continue Reading

European Commission Targets May 28th for Conclusion of Safe Harbor Negotiations

Posted in European Union

Věra Jourová, the European Commissioner for Justice overseeing negotiations with the U.S. Department of Commerce over the future of the EU-U.S. Safe Harbor scheme, has reiterated the May 28th target date for near-completion of the negotiations (previously covered on InsidePrivacy here and here).  Her hope is that an agreement in principle can be found at… Continue Reading

Brazil Extends the Consultation Period on Its Draft Data Protection Law until April 30

Posted in International

In February 2015, the Brazilian government issued a draft of Brazil’s first comprehensive privacy law, the Preliminary Draft Bill for the Protection of Personal Data (the “Draft Bill”).  The Draft Bill builds on and codifies certain concepts relating to the treatment of personal data already present in Brazilian constitutional, statutory and case law. The Draft… Continue Reading

Google Loses Administrative Appeal Against Hamburg Decision Concerning Its Practice of Cross-Service Data Combination

Posted in International

Pursuant to a press release of April 8, 2014, the Hamburg data protection authority (the “Hamburg DPA”) essentially upheld its order of September 2014, in which it found that certain of Google’s data processing operations explained in its 2012 privacy policy violated German data protection law. More in particular, the Hamburg DPA established that Google’s… Continue Reading

U.N. Appoints Special Expert to Monitor Privacy Issues

Posted in International

In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy.  Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings.  Yesterday’s Resolution on… Continue Reading

CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

Posted in European Union, International

By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC)… Continue Reading

The General Data Protection Regulation – Council is Moving Forward in Great Strides

Posted in European Union

Last Friday, the Council, which represents the 28 EU Member States, reached a partial general approach on the so-called “one stop shop” mechanism (Chapters VI and VII) and principles for protecting the personal data (Chapter II) (see the press release here, which also contains links to the latest draft texts as prepared by the Latvian… Continue Reading

Compu-Finder Subjected to $1.1M Penalty, First Fine Under Canada’s New Anti-Spam Law

Posted in Canada, International

By Lala Qadir Canada’s telecommunications regulator, the Canadian Radio-Television and Telecommunications Commission (CRTC), issued its first fine under a new anti-spam law.  The CRTC alleged that Compu-Finder sent users emails without acquiring their consent and did not provide a way for consumers to unsubscribe from the emails.   Compu-Finder has 30 days to submit written representations… Continue Reading

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

Posted in International, United Kingdom

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short,… Continue Reading

European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Posted in European Union, International

By Monika Kuschewsky and Charlotte Ryckman Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

Posted in European Union, International

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here… Continue Reading

Germany Wants to Introduce Class Actions for Privacy Violations

Posted in European Union, International

Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers.  In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to… Continue Reading

China’s Internet Gatekeeper Announces Legislation to Enhance Personal Information Protection

Posted in China, Privacy Policies, Uncategorized

China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry… Continue Reading