Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: International

Subscribe to International RSS Feed

European Commission Targets May 28th for Conclusion of Safe Harbor Negotiations

Posted in European Union

Věra Jourová, the European Commissioner for Justice overseeing negotiations with the U.S. Department of Commerce over the future of the EU-U.S. Safe Harbor scheme, has reiterated the May 28th target date for near-completion of the negotiations (previously covered on InsidePrivacy here and here).  Her hope is that an agreement in principle can be found at… Continue Reading

Brazil Extends the Consultation Period on Its Draft Data Protection Law until April 30

Posted in International

In February 2015, the Brazilian government issued a draft of Brazil’s first comprehensive privacy law, the Preliminary Draft Bill for the Protection of Personal Data (the “Draft Bill”).  The Draft Bill builds on and codifies certain concepts relating to the treatment of personal data already present in Brazilian constitutional, statutory and case law. The Draft… Continue Reading

Google Loses Administrative Appeal Against Hamburg Decision Concerning Its Practice of Cross-Service Data Combination

Posted in International

Pursuant to a press release of April 8, 2014, the Hamburg data protection authority (the “Hamburg DPA”) essentially upheld its order of September 2014, in which it found that certain of Google’s data processing operations explained in its 2012 privacy policy violated German data protection law. More in particular, the Hamburg DPA established that Google’s… Continue Reading

U.N. Appoints Special Expert to Monitor Privacy Issues

Posted in International

In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy.  Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings.  Yesterday’s Resolution on… Continue Reading

CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

Posted in European Union, International

By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC)… Continue Reading

The General Data Protection Regulation – Council is Moving Forward in Great Strides

Posted in European Union

Last Friday, the Council, which represents the 28 EU Member States, reached a partial general approach on the so-called “one stop shop” mechanism (Chapters VI and VII) and principles for protecting the personal data (Chapter II) (see the press release here, which also contains links to the latest draft texts as prepared by the Latvian… Continue Reading

Compu-Finder Subjected to $1.1M Penalty, First Fine Under Canada’s New Anti-Spam Law

Posted in Canada, International

By Lala Qadir Canada’s telecommunications regulator, the Canadian Radio-Television and Telecommunications Commission (CRTC), issued its first fine under a new anti-spam law.  The CRTC alleged that Compu-Finder sent users emails without acquiring their consent and did not provide a way for consumers to unsubscribe from the emails.   Compu-Finder has 30 days to submit written representations… Continue Reading

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

Posted in International, United Kingdom

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short,… Continue Reading

European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Posted in European Union, International

By Monika Kuschewsky and Charlotte Ryckman Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

Posted in European Union, International

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here… Continue Reading

Germany Wants to Introduce Class Actions for Privacy Violations

Posted in European Union, International

Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers.  In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to… Continue Reading

China’s Internet Gatekeeper Announces Legislation to Enhance Personal Information Protection

Posted in China, Privacy Policies, Uncategorized

China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry… Continue Reading

Top 10 International Privacy Developments of 2014

Posted in European Union, International

By Dan Cooper and Maria-Martina Yalamova The CJEU “Right to be Forgotten” Ruling.  In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The CJEU’s decision re-interpreted European… Continue Reading

The UK’s Data Protection Regulator to Introduce “Privacy Seals” for Businesses

Posted in International, United Kingdom

By Fredericka Argent The UK’s Information Commissioner’s Office (ICO) has announced that it is looking to introduce a system of “privacy seals” for organizations doing business in the UK.  The seal is intended to be a consumer-facing stamp of approval demonstrating that a particular organization is meeting or surpassing the compliance requirements of the UK’s Data Protection… Continue Reading

Belgian Government Calls for EU Data Protection Authority

Posted in European Union, International

On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority.  He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia).  The… Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

Posted in European Union, International

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety,… Continue Reading

China Clarifies Requirements for Companies Regarding Consumers’ Personal Information

Posted in China, Privacy Policies, Technology Transactions

New consumer protection provisions that clarify how companies may collect, use, and protect personal information of consumers will come into effect in China on March 15, 2015. On January 5, 2015, China’s State Administration of Industry and Commerce (“SAIC”) issued measures to implement China’s Consumer Rights Protection Law (“CRPL”), which was amended effective March 2014… Continue Reading

Russian Data Localization Bill Now Confirmed To Come Into Effect On 1 September 2015

Posted in International

UPDATED:  This post was first published on December 19, 2014; it is now being updated to reflect President Putin’s signature of the bill discussed below on 31 December, 2014. In July 2014, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and… Continue Reading

The EU data protection regulation after 3 years of negotiation

Posted in European Union

By Jean de Ruyt and Sebastian Vos On January 25, 2012, the European Commission presented a proposal for a “Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “Data Protection Regulation” (DPR). The Commissioner in charge of justice at the time,… Continue Reading

Duma Votes to Accelerate Implementation Date of Russian Data Localization Bill By A Year

Posted in International

In July this year, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and would introduce a new requirement for certain businesses (including in particular those processing data concerning Russian citizens and also maintaining offices in Russia) to ensure that personal data… Continue Reading

Canada’s Highest Court Rules That Police Can Search Cell Phone Contents After Arrest

Posted in Canada, International

By Lala Qadir The Supreme Court of Canada recently issued a 4-3 decision that gave the police a green light in conducting warrantless searches of an arrestee’s cell phone as long as the search is directly related to the suspected crime and records are kept.  Over three dissenting judges that characterized mobile phones as “intensely… Continue Reading

The EU’s Highest Court Rules That The EU’s Data Protection Directive Applies To Home Security Surveillance Cameras

Posted in European Union, International

By Fredericka Argent Last week, the Court of Justice of the European Union (CJEU) ruled that owners of home surveillance cameras could be breaching the EU Data Protection Directive 95/46/EU (the Directive), when those cameras are used to monitor public spaces.  The ruling was made following a request from the Nejvyšší správní soud (The Supreme Administrative Court… Continue Reading