Archives: International

Subscribe to International RSS Feed

UK Supreme Court Rules That Supermarket Is Not Vicariously Liable For Data Breach Committed By Employee

On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12.  The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee.  The judgment is significant in that it overturned the decisions of the two lower … Continue Reading

Global Privacy Assembly Issues Statement on COVID-19

On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”). The GPA … Continue Reading

German Authorities Issue Guidance Related to Coronavirus

Over the past several days, Germany Supervisory Authorities and health authorities have issued statements and guidance about the handling of personal data in the context of the ongoing COVID-19 pandemic.  In this blog, we consider some these statements in greater detail, as well as their implications for employers and employees.… Continue Reading

Key COVID-19 Issues for Privacy and Cybersecurity Professionals

Covington experts on issues as varied as supply chain and other commercial contracts, employment, and insurance are supporting companies on the commercial implications of Coronavirus COVID-19.  But this blog post provides a brief overview of some of the key issues that privacy and cybersecurity professionals should have top of mind in dealing with response efforts.  … Continue Reading

Advocate General delivers opinion on GDPR consent

On March 4, 2020, Advocate General Szpunar (“AG”) delivered his opinion in the case C-61/19 Orange România SA v Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).  The AG concluded that a printed telecommunication contract stating that customers consent to the processing of a copy of their identification card does not meet … Continue Reading

European Commission’s Plans for AI and Data: Focus on Digital Health (Part 4 of 4)

In this final instalment of our series of blogs on the European Commission’s plans for AI and data, announced on 19 February 2020, we discuss some potential effects on companies in the digital health sector. As discussed in our previous blog posts (here, here and here), the papers published by the European Commission cover broad … Continue Reading

China Releases Personal Financial Information Protection Technical Specification

In December 2019, the People’s Bank of China (“PBOC”) issued the draft Measures for the Protection of Financial Consumers’ Rights and Interests for public comment (“draft Financial Consumer Measures”) (an official Chinese version is available here).  Although the draft Financial Consumer Measures focus more broadly on consumer rights in the financial sectors, they imposes upon … Continue Reading

European Commission’s plans on data and Europe’s digital future (Part 3 of 4)

On 19 February 2020, the new European Commission published two Communications relating to its five-year digital strategy: one on shaping Europe’s digital future, and one on its European strategy for data (the Commission also published a white paper proposing its strategy on AI; see our previous blogs here and here).  In both Communications, the Commission … Continue Reading

European Commission’s White Paper on Artificial Intelligence (Part 2 of 4)

The European Commission, as part of the launch of its digital strategy for the next five years, published on 19 February 2020 a White Paper On Artificial Intelligence – A European approach to excellence and trust (the “White Paper”).  (See our previous blog here for a summary of all four of the main papers published … Continue Reading

European Commission Presents Strategies for Data and AI (Part 1 of 4)

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers … Continue Reading

French Supervisory Authority Publishes Guidance for Website and App Developers

On January 27, 2020, the French Supervisory Authority (“CNIL”) issued a guidance for developers of websites and applications which sets out the main principles of the General Data Protection Regulation (“GDPR”), expounds on their application in the online environment, and gives practical tips to help developers respect users’ privacy when deploying websites and apps. The … Continue Reading

German Federal Commissioner for Data Protection and Freedom of Information Launches Public Consultation on Anonymization

On February 10, 2020, Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI) launched its first public consultation procedure.  The consultation invites comments on a position paper of the BfDI which addresses the anonymization of personal data under the General Data Protection Regulation (GDPR), with a particular focus on the telecommunications sector (for … Continue Reading

Cyberspace Administration of China Releases Notice on the Protection of Personal Information in the Fight Against Coronavirus

In response to the recent coronavirus outbreak (“2019-nCoV”), a wide range of Chinese regulators, including many levels of local governments (down to the neighborhood committee level) and local public security bureaus (“PSBs”), have been actively collecting personal information to monitor and potentially mitigate the spread of the outbreak.  For example, Shenzhen PSB has issued a … Continue Reading

Germany Publishes Draft Regulation on the Reimbursement of Digital Health Applications

Germany recently enacted a law that enables state health insurance schemes to reimburse costs related to the use of digital health applications (“health apps”), but the law requires the Federal Ministry of Health to first develop the reimbursement process for such apps.  Accordingly, on January 15, 2020, the German government published a draft regulation setting … Continue Reading

French Supervisory Authority Publishes Second Guidance on Cookies and Similar Technologies

On January 14, 2020, the French Supervisory Authority (“CNIL”) published a new draft guidance on the use of cookies and similar technologies on websites and applications (see here, in French).  The draft guidance is open for public consultation until February 25, 2020. In its nine articles, the guidance sets out how to properly inform users … Continue Reading

Dutch Court Decides on Scope of GDPR Right of Access

In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here, in Dutch).  The Court was asked to decide on the scope of the right of access under the GDPR. The defendant in this case was a bailiff involved in the bankruptcy procedure.  The individual who was target of … Continue Reading

AG Publishes Opinion on the Validity of the EU Standard Contractual Clauses

On December 19, 2019, Advocate General (“AG”) Henrik Saugmandsgaard Øe handed down his Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The AG’s Opinion provides non-binding guidance to the Court of Justice of the EU (“CJEU”) on how to decide the case. In brief, the AG recommended that … Continue Reading

EDPB Publishes Article 28 Standard Clauses Adopted by Danish Supervisory Authority

On December 11, 2019, the European Data Protection Board (“EDPB”) published the final text of the standard clauses adopted by the Danish Supervisory Authority (Datatilsynet, hereafter “Danish SA”) pursuant to Article 28(8) of the General Data Protection Regulation (“GDPR”).  The Danish clauses are now accessible on the EDPB’s register of decisions taken by Supervisory Authorities.  … Continue Reading

India Proposes Updated Personal Data Protection Bill

More than a year after the Government of India’s Committee of Experts released a draft Personal Data Protection Bill in July 2018 (the “2018 draft”), India is one step closer to passing a comprehensive data privacy law.  On December 11, 2019, India’s Minister for Electronics and Information Technology introduced an updated draft of Personal Data … Continue Reading

German Supervisory Authorities Propose Changes to the GDPR

On December 2, 2019, the German Supervisory Authorities issued a report evaluating the implementation of the EU General Data Protection Regulation (“GDPR”) in Germany.  The report describes the Supervisory Authorities’ experience thus far in applying the GDPR and lists the provisions of the GDPR they see as problematic in practice.  For each of these provisions, … Continue Reading

UK ICO and The Alan Turing Institute Issue Draft Guidance on Explaining Decisions Made by AI

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI.  The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.  Among other things, the guidance sets out key principles to follow and steps … Continue Reading

New E-Privacy Proposal on the Horizon?

On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November … Continue Reading

German Constitutional Court Reshapes “Right to be Forgotten” and Expands Its Oversight of Human Rights Violations

In two recent landmark decisions issued on November 6, 2019, the German Constitutional Court (“BVerfG”) presented its unique perspective on the “right to be forgotten” and announced that it will assume a greater role in safeguarding German residents’ fundamental rights from now on.… Continue Reading
LexBlog