Ezra Steinhardt

Ezra Steinhardt

Ezra Steinhardt is an associate in the technology and media group in the London office.  His practice encompasses data privacy, information technology, international trade, and legislative advocacy.

Subscribe to all posts by Ezra Steinhardt

European Commission Unveils Data Economy Package: International Data Transfers

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy” (see our post here); and A Communication … Continue Reading

European Commission Unveils Data Economy Package: “Building a European Data Economy”

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy”; and A Communication on exchanging and protecting … Continue Reading

European Commission Unveils Data Economy Package: E-Privacy Regulation

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) ; A Communication on “Building a European Data Economy” (see our post here); and A Communication on exchanging and … Continue Reading

LinkedIn Blocked in Russia Following Breach of Data Localization Laws

By Ezra Steinhardt and Gemma Nash On November 11, 2016, a Russian court in Moscow upheld the decision of an earlier court to block online access to the website LinkedIn throughout Russia.  This decision, which affirms a decision to penalize LinkedIn by the Russian data protection regulator, the Roskomnadzor, was based on the court’s view that … Continue Reading

European Commission Launches Consultation on Reform of the ePrivacy Directive

By Ezra Steinhardt and Vera Coughlan Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive. On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the … Continue Reading

Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement

On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government.  The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading

European Court of Human Rights Rules That Employers Can Monitor Employee Private Communications

On January 12, 2016, the European Court of Human Rights (ECtHR) ruled that an employer who had monitored an employee’s private communications during working hours had not breached the employee’s right to privacy (under Article 8 of the European Convention on Human Rights). This judgment will influence how other European national courts and regulators view … Continue Reading

Russian Data Localization Bill Now Confirmed To Come Into Effect On 1 September 2015

UPDATED:  This post was first published on December 19, 2014; it is now being updated to reflect President Putin’s signature of the bill discussed below on 31 December, 2014. In July 2014, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and … Continue Reading

Duma Votes to Accelerate Implementation Date of Russian Data Localization Bill By A Year

In July this year, Russia enacted Law 242-FZ (the “Localization Law”).  The Localization Law amends the Russian Federal Law on Information, Information Technology and Information Protection, and would introduce a new requirement for certain businesses (including in particular those processing data concerning Russian citizens and also maintaining offices in Russia) to ensure that personal data … Continue Reading

Article 29 Working Party Publishes Full Guidance On CJEU Right To Be Forgotten Ruling Against Google

Late last week, the Article 29 Working Party released a short press statement announcing that it had agreed guidance for the implementation of the May 2014 CJEU ruling against Google on the “right to be forgotten.”  See our first post on the Working Party’s guidance here.  The Working Party has now published a full 20-page … Continue Reading

Article 29 Working Party Agrees Right to Be Forgotten Guidance Following May 2014 CJEU Ruling Against Google

On November 25, 2014, the Article 29 Working Party agreed guidelines for data protection authorities seeking to apply the Court of Justice of the European Union (CJEU) ruling reached earlier this year against Google, which has become known as the right to be forgotten or “RTBF” ruling.  The full guidelines have not yet been published, … Continue Reading

ICO Releases Concrete Guidance on Privacy Requirements When Recording Video with Drones

On October 15, 2014, the UK Information Commissioner’s Office (ICO) published an updated code of practice for surveillance cameras.  Among other topics, the ICO uses the Code to begin to address privacy practices for drones.  Drones are not new, but two factors are now making questions about drones and privacy practices more pressing.  First, many … Continue Reading

EU Article 29 Working Party Publishes Guidance on Data Breach Notification

By Philippe Bradley and Ezra Steinhardt Last week, the Article 29 Data Protection Working Party published a non-binding Opinion on data breach notifications, titled Opinion 03/2014 on Personal Data Breach Notification (the Opinion).  The Opinion provides helpful new guidance to companies seeking to understand whether or not notifications about a breach must be made to … Continue Reading

European Parliament Adopts Report Threatening Disruption to U.S.-EU Data Flows and Upcoming Trade Agreements; However, Legal Impact is Muted

By Ezra Steinhardt and Henriette Tielemans On March 12, 2014, the European Parliament voted 544 to 78, with 60 abstentions, to endorse a report prepared by MEP Claude Moraes (S&P, UK) (the Report), and to pass a resolution summarising Mr. Moraes’ findings (the Resolution).  The Report and Resolution conclude a six-month investigation by the influential … Continue Reading

Google Fined by the CNIL for Privacy Breaches as European Regulators Continue Investigation

On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period of … Continue Reading

Criticism of Safe Harbor Continues to Rise in European Union Institutions

On 8 October, 2013, a group of Social and Democrat MEPs called for the suspension of the U.S.-EU Safe Harbor Framework (the “Safe Harbor”).  Their comments, which were triggered by the unauthorized disclosure of document describing a U.S. National Security Agency surveillance program known as “PRISM”, argued that the Safe Harbor is, variously, “misleading,” “vulnerable,” … Continue Reading

Article 29 Working Party Releases New Opinion on Purpose Limitation

By Ezra Steinhardt and Oliver Grazebrook On April 2, the Article 29 Working Party (the “Working Party”) approved a new Opinion on a principle of European data protection law known as the “purpose limitation”.  The principle (which stems from Article 6(1)(b) of the Data Protection Directive) requires that data controllers only collect data for “specific”, … Continue Reading

ICO Issues Fine of £90,000 for Breach of PECR

By Oliver Grazebrook and Ezra Steinhardt On 20 March 2013, the UK Information Commissioner’s Office (ICO) announced that it had issued a fine of £90,000 against DM Design, a Glasgow-based kitchen and bedroom fitting company, for breaching the Privacy and Electronic Communications Regulations (PECR) by making thousands of unwanted direct marketing calls.  This fine, made two years … Continue Reading

Article 29 Working Party Releases Further Comments on EU Data Protection Reform

By Oliver Grazebrook and Ezra Steinhardt On 27 February 2013, the Article 29 Working Party published its latest statement regarding the draft General Data Protection Regulation (the “Regulation”), which continues to undergo revision in the European Parliament and Council.  (The latest European body to comment on the draft was the European Parliament’s Committee on Employment … Continue Reading

ICO fines Sony £250,000 following the 2011 Playstation Network Platform data breach

On 24 January 2013, the UK Information Commissioner’s Office (ICO) announced that Sony Computer Entertainment Europe Limited (Sony) would be fined £250,000 following a data breach of the Playstation Network.  The breach occurred in 2011 when hackers accessed the personal details of “millions” of Playstation Network customers, including names, dates of birth, passwords, and other … Continue Reading

Singapore’s New Data Protection Law Comes Into Force

By Ezra Steinhardt and Fredericka Argent On 2 January 2013 the new Personal Data Protection Act  (PDPA) came into force in Singapore, following its enactment by the Singaporean Parliament on 15 October 2012.  A December press release also announced that Singapore’s government has also now established a Personal Data Protection Commission (PDPC) and a Data … Continue Reading

EDPS Suggests Amendments to the Commission Proposal for a new Regulation on Clinical Trials on Medicinal Products for Human Use

On 19 December 2012, the European Data Protection Supervisor (EDPS) and the Assistant Supervisor, M. Giovanni Buttarelli, published a new Opinion that sets out their views on the Commission proposal for a new Regulation on Clinical Trials on Medicinal Products for Human Use (the Regulation).  The Commission proposal, released in July 2012, touches on a … Continue Reading

ENISA Publishes New Guidelines for Smart Grid Cyber Security

By Jacqueline Clover and Ezra Steinhardt In December 2012, the European Network and Information Security Agency (ENISA) published a set of (non-binding) Guidelines titled, “Appropriate security measures for smart grids; Guidelines to assess the sophistication of security measures implementation”.  The Guidelines are intended to help EU Member States and smart grid stakeholders improve the resilience … Continue Reading
LexBlog