Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: International

Subscribe to International RSS Feed

U.N. Appoints Special Expert to Monitor Privacy Issues

Posted in International

In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy.  Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings.  Yesterday’s Resolution on… Continue Reading

CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

Posted in European Union, International

By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC)… Continue Reading

The General Data Protection Regulation – Council is Moving Forward in Great Strides

Posted in European Union

Last Friday, the Council, which represents the 28 EU Member States, reached a partial general approach on the so-called “one stop shop” mechanism (Chapters VI and VII) and principles for protecting the personal data (Chapter II) (see the press release here, which also contains links to the latest draft texts as prepared by the Latvian… Continue Reading

Compu-Finder Subjected to $1.1M Penalty, First Fine Under Canada’s New Anti-Spam Law

Posted in Canada, International

By Lala Qadir Canada’s telecommunications regulator, the Canadian Radio-Television and Telecommunications Commission (CRTC), issued its first fine under a new anti-spam law.  The CRTC alleged that Compu-Finder sent users emails without acquiring their consent and did not provide a way for consumers to unsubscribe from the emails.   Compu-Finder has 30 days to submit written representations… Continue Reading

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

Posted in International, United Kingdom

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short,… Continue Reading

European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Posted in European Union, International

By Monika Kuschewsky and Charlotte Ryckman Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

Posted in European Union, International

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here… Continue Reading

Germany Wants to Introduce Class Actions for Privacy Violations

Posted in European Union, International

Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers.  In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to… Continue Reading

China’s Internet Gatekeeper Announces Legislation to Enhance Personal Information Protection

Posted in China, Privacy Policies, Uncategorized

China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry… Continue Reading

Top 10 International Privacy Developments of 2014

Posted in European Union, International

By Dan Cooper and Maria-Martina Yalamova The CJEU “Right to be Forgotten” Ruling.  In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The CJEU’s decision re-interpreted European… Continue Reading

The UK’s Data Protection Regulator to Introduce “Privacy Seals” for Businesses

Posted in International, United Kingdom

By Fredericka Argent The UK’s Information Commissioner’s Office (ICO) has announced that it is looking to introduce a system of “privacy seals” for organizations doing business in the UK.  The seal is intended to be a consumer-facing stamp of approval demonstrating that a particular organization is meeting or surpassing the compliance requirements of the UK’s Data Protection… Continue Reading

Belgian Government Calls for EU Data Protection Authority

Posted in European Union, International

On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority.  He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia).  The… Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

Posted in European Union, International

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety,… Continue Reading

China Clarifies Requirements for Companies Regarding Consumers’ Personal Information

Posted in China, Privacy Policies, Technology Transactions

New consumer protection provisions that clarify how companies may collect, use, and protect personal information of consumers will come into effect in China on March 15, 2015. On January 5, 2015, China’s State Administration of Industry and Commerce (“SAIC”) issued measures to implement China’s Consumer Rights Protection Law (“CRPL”), which was amended effective March 2014… Continue Reading

Russian Data Localization Bill Now Confirmed To Come Into Effect On 1 September 2015

Posted in International

UPDATED:  This post was first published on December 19, 2014; it is now being updated to reflect President Putin’s signature of the bill discussed below on 31 December, 2014. In July 2014, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and… Continue Reading

The EU data protection regulation after 3 years of negotiation

Posted in European Union

By Jean de Ruyt and Sebastian Vos On January 25, 2012, the European Commission presented a proposal for a “Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “Data Protection Regulation” (DPR). The Commissioner in charge of justice at the time,… Continue Reading

Duma Votes to Accelerate Implementation Date of Russian Data Localization Bill By A Year

Posted in International

In July this year, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and would introduce a new requirement for certain businesses (including in particular those processing data concerning Russian citizens and also maintaining offices in Russia) to ensure that personal data… Continue Reading

Canada’s Highest Court Rules That Police Can Search Cell Phone Contents After Arrest

Posted in Canada, International

By Lala Qadir The Supreme Court of Canada recently issued a 4-3 decision that gave the police a green light in conducting warrantless searches of an arrestee’s cell phone as long as the search is directly related to the suspected crime and records are kept.  Over three dissenting judges that characterized mobile phones as “intensely… Continue Reading

The EU’s Highest Court Rules That The EU’s Data Protection Directive Applies To Home Security Surveillance Cameras

Posted in European Union, International

By Fredericka Argent Last week, the Court of Justice of the European Union (CJEU) ruled that owners of home surveillance cameras could be breaching the EU Data Protection Directive 95/46/EU (the Directive), when those cameras are used to monitor public spaces.  The ruling was made following a request from the Nejvyšší správní soud (The Supreme Administrative Court… Continue Reading

Article 29 Working Party Publishes Working Document Setting Out Cooperation Procedure for Issuing Common Opinions on Contractual Clauses

Posted in European Union, International

By Tom Jackson On November 26, 2014, the Article 29 Working Party adopted a working document setting out a cooperation procedure for issuing common opinions on contractual clauses considered as compliant with the EC Model Clauses (the “Working Document”).  The Working Document sets out the framework for a procedure designed to streamline the process of… Continue Reading

European Data Protection Regulators Release Joint Statement on European Values

Posted in European Union, International

By Tom Jackson On November 26, 2014, the Article 29 Working Party released a short joint statement containing a series of declarations on:  (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.”  The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies… Continue Reading

Have EU Privacy Regulators Just Spelled the End of Web Tracking?

Posted in European Union, International

On November 25, 2014, the Article 29 Working Party (“WP29”) issued an opinion paper on device fingerprinting (the “Opinion”).  The Opinion builds on existing guidance on cookies (Opinion 04/2012) and confirms that organizations wishing to generate “device fingerprints” by storing or accessing information on a user’s device must obtain user consent (unless an exemption applies)…. Continue Reading

Article 29 Working Party Publishes Full Guidance On CJEU Right To Be Forgotten Ruling Against Google

Posted in European Union, International

Late last week, the Article 29 Working Party released a short press statement announcing that it had agreed guidance for the implementation of the May 2014 CJEU ruling against Google on the “right to be forgotten.”  See our first post on the Working Party’s guidance here.  The Working Party has now published a full 20-page… Continue Reading

Buttarelli Confirmed as Next European Data Protection Supervisor

Posted in European Union, International

By Phil Bradley-Schmieg  As we previewed last month, it has now been confirmed that Giovanni Buttarelli will be appointed as the next European Data Protection Supervisor (EDPS), the data protection watchdog and advisor to the various rulemaking and supervisory bodies that make up the EU.  Mr Buttarelli currently serves as Deputy EDPS under Peter Hustinx. Mr… Continue Reading