On 13 September, the Information Commissioner’s Office (ICO) published draft guidance on GDPR contracts and liabilities on contracts between controllers and processors under the GDPR (the “Guidance”).  The ICO is consulting on the Guidance until 10 October.  We summarize the key aspects of the Guidance below.
Continue Reading GDPR Contracts and Liabilities Between Controllers and Processors

As we reported last week, MEP Jan Philipp Albrecht, the rapporteur for the lead European Parliament Committee (LIBE) for the proposed EU Data Protection Regulation, has released a controversial report on the Commission’s proposal

There have been several news articles and commentaries in recent days about numerous aspects of the report — including the threat to the U.S.-EU Safe Harbor, the dilution of the “one-stop shop” concept regarding regulators, the re-emphasis on consent and limiting the “legitimate interests” ground for processing data, further restrictions on profiling, etc. — but one troubling aspect of the report has generally not received the attention that it arguably deserves amidst this hubbub: namely, that the report proposes to expand general compliance obligations and “privacy-by-design”/“privacy-by-default” requirements, in particular, to software and hardware manufacturers — regardless of whether they process personal data.

Continue Reading EU Data Privacy Rules to Extend to All Software and Hardware Manufacturers — Regardless of Whether They Process Personal Data?