Tag Archives: Data Protection

Dutch Parliament Adopts Data Breach Notification Obligation and Increases Fines

On May 26th, 2015, the Dutch Senate passed a new law (“the Law”) (legislative proposal, as adopted, is accessible here), which introduces an obligation to notify the Dutch DPA ‘without delay’ in case of a data breach.  The law also broadens the powers of the Dutch DPA, enabling it to impose significantly higher fines for … Continue Reading

Google Loses Administrative Appeal Against Hamburg Decision Concerning Its Practice of Cross-Service Data Combination

Pursuant to a press release of April 8, 2014, the Hamburg data protection authority (the “Hamburg DPA”) essentially upheld its order of September 2014, in which it found that certain of Google’s data processing operations explained in its 2012 privacy policy violated German data protection law. More in particular, the Hamburg DPA established that Google’s … Continue Reading

CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC) … Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here … Continue Reading

Top 10 International Privacy Developments of 2014

  The CJEU “Right to be Forgotten” Ruling.  In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The CJEU’s decision re-interpreted European data protection law to include … Continue Reading

The UK’s Data Protection Regulator to Introduce “Privacy Seals” for Businesses

By Fredericka Argent The UK’s Information Commissioner’s Office (ICO) has announced that it is looking to introduce a system of “privacy seals” for organizations doing business in the UK.  The seal is intended to be a consumer-facing stamp of approval demonstrating that a particular organization is meeting or surpassing the compliance requirements of the UK’s Data Protection … Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety, … Continue Reading

European Data Protection Regulators Release Joint Statement on European Values

By Tom Jackson On November 26, 2014, the Article 29 Working Party released a short joint statement containing a series of declarations on:  (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.”  The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies … Continue Reading

ICO Releases Concrete Guidance on Privacy Requirements When Recording Video with Drones

On October 15, 2014, the UK Information Commissioner’s Office (ICO) published an updated code of practice for surveillance cameras.  Among other topics, the ICO uses the Code to begin to address privacy practices for drones.  Drones are not new, but two factors are now making questions about drones and privacy practices more pressing.  First, many … Continue Reading

Client Event: “Data Protection & Privacy Law – 2nd Edition,” September 23, 2014

Covington will be hosting a book launch for the 2014 title ‘Data Protection & Privacy Law 2nd Edition’, edited by Monika Kuschewsky, in partnership with The European Lawyer (Thomson Reuters) on September 23, 2014 in Brussels. The event will comprise a half-day workshop followed by a drinks reception. We are pleased to confirm that the … Continue Reading

Federal Trade Commission Releases Report on Mobile Shopping Apps: Finds Insufficient Disclosures to Consumers

Today, the Federal Trade Commission (“FTC”) issued a staff report examining the consumer-protection implications of popular shopping apps.  These services are intended to ease and enhance the shopping experience by allowing consumers to, for example, compare prices in-store across retailers, collect and redeem deals, or pay for purchases while shopping in brick-and-mortar stores.  The FTC … Continue Reading

Google, the CJEU, and the Long Arm of European Data Protection Law

By Dan Cooper, Mark Young and Kristof van Quathem On May 13, the European Court of Justice (the “Court”) handed down an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The decision has wide-ranging consequences regarding the application of EU … Continue Reading

Senate Commerce Committee To Examine Data Breaches and Cyber Attacks

Continuing a spate of recent legislative activity, the Senate Commerce Committee is bringing the hot topic of data breach back to the Hill.  This Wednesday, the Commerce Committee will hold a hearing entitled, “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.”  According to the Committee, recent data breaches at Target, Neiman Marcus, White … Continue Reading

Data Broker Accountability and Transparency Act Introduced By Senate Democrats

Last Wednesday, Senators John D. Rockefeller IV (D-WV) and Ed Markey (D-MA) introduced the Data Broker Accountability and Transparency Act, which primarily would require greater transparency from data brokers about consumer information they collect and sell.  At a Senate Commerce Committee hearing held on the data broker industry in December, Rockefeller expressed concern that data … Continue Reading

Dissuading Companies from Violating Data Protection Rules: Senior European Commission Official Calls for ‘Significant’ Fines

Speaking at Berkeley’s Online Tracking Workshop today, Françoise Le Bail, Director-General of the European Commission’s DG Justice (the leading department regarding the EU data protection reforms) confirmed the European Commission’s vision that the EU needs stronger penalties in order to ensure effective enforcement of European data protection rules. Ms. Le Bail said that European privacy … Continue Reading

New ICO Guidance Offers Employers Practical Advice on Implementing Safer “Bring Your Own Device” Policies

On 7 March 2013, the UK Information Commissioner’s Office (ICO) issued new guidance on the use of personal devices for business purposes. The guidance is largely informed by a survey commissioned by the ICO and carried out by the market research firm YouGov. According to the survey, 47% of adults in the UK use personal … Continue Reading

UK’s Information Commissioner’s Office Issues Consultation on Data Protection and the Press

By Fredericka Argent and Helena Marttila-Bridge On 21 February 2013, the ICO launched a consultation on its proposal for a new code of practice regulating the press in the UK.  The consultation is in response to the publication of the Leveson Report in November 2012, which recommended significant and wide-ranging changes to the structure and … Continue Reading

EU Adopts CyberSecurity Strategy and Proposes Network and Information Security Directive

The European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, has today published a CyberSecurity Strategy alongside a Commission proposed Directive on Network and Information Security (“NIS”). While much of the Strategy and Directive is aimed at Member State governments (e.g., to improve capabilities and cooperation to prevent … Continue Reading

Singapore’s New Data Protection Law Comes Into Force

By Fredericka Argent On 2 January 2013 the new Personal Data Protection Act  (PDPA) came into force in Singapore, following its enactment by the Singaporean Parliament on 15 October 2012.  A December press release also announced that Singapore’s government has also now established a Personal Data Protection Commission (PDPC) and a Data Protection Advisory Committee … Continue Reading

Australia Introduces New Privacy Act

By Daniel Cooper and Fredericka Argent On 29 November 2012, the Office of the Australian Information Commissioner announced that the Australian government passed the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“the Act”). The Act, due to come into force in March 2014, is the biggest reform to Australian privacy law in over 20 … Continue Reading

EU Competition Commissioner: Data Privacy Could Become a Competition Issue

Speaking in Brussels yesterday on “Competition and Privacy in Markets of Data,” EU Competition Commissioner Joaquín Almunia observed that privacy is “becoming one of the central debates of our time.”  Technological and commercial developments have strengthened companies’ ability and incentive to “gather, manipulate and trade personal data.”  Because “personal data are a type of asset … Continue Reading

Australian Government Launches Discussion Paper on Privacy Breach Notification

By Fredericka Argent This month, following an inquiry by the Australian Law Reform Commission (“ALRC”) into the effectiveness of the Australian Privacy Act 1988, the Australian government launched a discussion paper which calls for views from the public on whether a mandatory data breach notification scheme should be introduced in Australia. This scheme refers to … Continue Reading

European Data Protection Supervisor Calls For Clearer and More Privacy-Friendly Rules On Internet Intermediary Liability

The European Data Protection Supervisor (EDPS), Peter Hustinx, recently published a response to a European Commission consultation on reform of the “notice-and-action” (“N&A”) procedure rules — i.e., the legal regime that requires Internet intermediaries to remove hosted content when they are notified that such content is illegal.  As set out in more detail below, the … Continue Reading

ICO Issues New £250,000 Fine to Scottish Local Government Body

On 11 September 2012, the UK Information Commissioner’s Office (ICO) announced that it had fined the Scottish Borders Council £250,000 under the Data Protection Act 1998 (the DPA) following the discovery of a former Council employee’s pension records in a supermarket’s car park paper recycling bank. The document was one of at least 676 files … Continue Reading
LexBlog