On Episode 15 of Covington’s Inside Privacy Audiocast, Dan Cooper is joined by Nick O’Connell, head of Al Tamimi’s Digital & Data practice in Saudi Arabia. Nick shares his insights on recent privacy developments in Saudi Arabia and the broader Middle East region, in particular as they relate to emerging data protection frameworks in these
French CNIL Publishes Recommendations for Protecting Minors Online
On June 9, 2021, the French Supervisory Authority (“CNIL”) published recommendations to help strengthen the protection of minors online (see here, in French). These recommendations are the result of a survey and public consultation conducted by the CNIL in 2020, which focused on the digital practices of minors (see our blog post here). The results of the CNIL’s survey and public consultation indicate that children are accessing the Internet at an early age on a “massive” scale. In light of this reality, the CNIL underscores the importance of ensuring that minors benefit from the effective protection of their personal data when engaging online.
Continue Reading French CNIL Publishes Recommendations for Protecting Minors Online
German Supervisory Authorities Probe Data Transfers
On June 1, 2021, several German supervisory authorities (“SAs”) announced the launch of a “nationwide investigation” into German companies transferring personal data outside of the European Economic Area. Currently, there is no official list of all the SAs participating in the investigation, but at least 8 of Germany’s 16 regional SAs have announced their intention to take part in it, including: Baden Wuerttemberg, Bavaria, Berlin, Brandenburg, Hamburg, Lower Saxony, Rhineland-Palatinate, and Saarland.
Continue Reading German Supervisory Authorities Probe Data Transfers
European Commission Publishes New Standard Contractual Clauses
Today, June 4th, 2021, the European Commission (“Commission”) published the final version of its new standard contractual clauses for the international transfer of personal data (“SCCs”) (see here). While the final version retains much of the language of the draft version released in November 2020 (see here), it includes several notable updates. When finalizing the SCCs, the Commission took into account the joint opinion of the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor, feedback submitted by stakeholders during the public consultation period, and the opinions of EU Member States’ representatives.
In this blog post, we identify several key features of the new SCCs that organizations should keep in mind when preparing to implement them in contractual agreements going forward.
Continue Reading European Commission Publishes New Standard Contractual Clauses
Inside Privacy Audiocast: Episode 14 – China’s Draft Data Security Law
On Episode 14 of Covington’s Inside Privacy Audiocast, Dan Cooper and Yan Luo discuss recent privacy developments in China, in particular as they relate to China’s draft Data Security Law.
Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside Privacy Blog to receive notifications on new episodes.
Final Countdown to POPIA Compliance: Five Critical Steps to Take Before July 1st, 2021
In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate and the implementation of data protection legislation in South Africa. Now, with less than a month to go before South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) takes full effect on July 1, 2021, it is critical for organizations operating in South Africa to ensure that they are ready, if and when the Information Regulator comes knocking.
It is only when organizations start their POPIA journey that they realize just how wide the POPIA net is cast, and that very few businesses fall outside of its reach. The road to POPIA compliance should be viewed as a marathon, and not a sprint. While implementing and maintaining an effective POPIA compliance program will take continued effort and resources well beyond the July 1, 2021 go-live date, here we outline five steps to which companies subject to POPIA should give their attention in the short term.
Inside Privacy Audiocast: Episode 13 – Data Privacy Developments in Israel
On Episode 13 of Covington’s Inside Privacy Audiocast, Dan Cooper is joined by Dotan Hammer, a Partner in the Internet, Cyber & Copyright Group at Pearl Cohen, to discuss recent privacy developments in Israel, including Israel’s data-economy relations with the EU and the U.S.
Covington’s Inside Privacy Audiocast offers insights into topical global privacy
Inside Privacy Audiocast: Episode 12 – Conversation with Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa
In celebration of data privacy as a human right as part of South Africa’s Human Rights Day 2021, we feature special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa on Episode 12 of Covington’s Inside Privacy Audiocast. Together with Dan Cooper and Mosa Mkhize, we discuss the Information Regulator of
European Commission Publishes Draft UK Adequacy Decisions
On February 19, 2021, the European Commission published two draft decisions finding that UK law provides an adequate level of protection for personal data. The first would allow private companies in the EU to continue to transfer personal data to the UK without the need for any additional safeguards (e.g., the Commission’s standard contractual clauses), while the second would allow EU law enforcement agencies to transfers personal data subject to Directive 2016/680 — the Data Protection and Law Enforcement Directive (LED) — to their UK counterparts.
Continue Reading European Commission Publishes Draft UK Adequacy Decisions
Inside Privacy Audiocast: Episode 11 – Latest Developments on the EU’s ePrivacy Regulation
The EU’s ePrivacy Regulation, like the EU GDPR, has been highly anticipated since it was first proposed in 2017. What are the current developments and next steps in the process to enactment? What are some of the complicating factors of the proposed Regulation? Are there major differences between the initial proposal and where the text