On July 24, 2019, the European Commission (“the Commission”) published a report appraising Europe’s progress in implementing the General Data Protection Regulation (“GDPR”) as a central component of its revamped data protection framework. In its report, the Commission highlights certain achievements resulting from implementation efforts, calls attention to issues that require further action, and describes … Continue Reading
Key Provisions in India’s Draft Personal Data Bill This post is a follow-up to our earlier post on the release of India’s draft personal data protection bill. In this post, we go into greater detail about the bill’s provisions and flag issues for companies worldwide that may process data in India or provide goods or … Continue Reading
On August 14, Brazilian President Michel Temer signed into law the new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (English translation), making Brazil the latest country to implement comprehensive data privacy regulation. The law’s key provisions closely mirror the European Union’s General Data Privacy Regulation (“GDPR”), including significant extraterritorial … Continue Reading
Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive). The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or … Continue Reading
On August 18, 2017, the Central Bank of Kenya (“CBK”) used its authority under Section 33(4) of the Banking Act to publish a Guidance Note on identifying and mitigating cyber risk. The Guidance Note directs institutions licensed under the Banking Act (Cap. 488) (“Institutions”) to develop and implement a comprehensive set of program requirements to … Continue Reading
The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year. Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading
On December 7, 2015, the European institutions reached an informal agreement on the EU Network and Information Security (NIS) Directive — dubbed the Cybersecurity Directive (see press release from the Council). Among other things, the NIS Directive imposes security and incident reporting obligations on operators of essential services in critical sectors and on some digital … Continue Reading
By Eric Carlson and Scott Livingston On Friday, August 8, 2014, a Chinese court convicted British fraud investigator Peter Humphrey and his wife, Yu Yingzeng, a naturalized US citizen, of illegally obtaining personal information. Mr. Humphrey was sentenced to two and a half years in prison and fined RMB 200,000 (about US $32,000); Ms. Yu … Continue Reading
On Thursday, the Court of Justice of the EU ordered Sweden to pay a lump sum of €3 million for failure to transpose the EU’s Data Retention Directive (the “Directive”) into national law within the prescribed period. The Directive obliges electronic communications service providers to store information about communications for a period of 6 – … Continue Reading
By Mark Young and Oliver Grazebrook The Irish Presidency of the Council of the EU has published a progress report on negotiations at Member State level on the EU CyberSecurity Strategy and proposed EU Directive on Network and Information Security (“NIS Directive”). As we summarised in this post, if enacted in its current form, the … Continue Reading
To help prepare an impact assessment on the potential effects in the UK of the proposed EU Directive on Network and Information Security (“NIS Directive”), the UK Government has launched a call for evidence to gather data. As we summarised in this post, if enacted in its current form, the NIS Directive will require companies … Continue Reading
On Friday, an Italian appeals court in Milan overturned the 2010 criminal conviction of three Google Inc. executives for violating the privacy of a disabled boy by allowing a video of students bullying him to appear on Google Video. In February 2010, a court handed down six-month prison sentences to three senior Google executives—Senior Vice … Continue Reading
By Alex Berengaut On Monday, October 29, the Supreme Court heard oral argument in Clapper v. Amnesty International (No. 11-1025), a challenge brought by the American Civil Liberties Union (ACLU) against the FISA Amendments Act (FAA) of 2008. The FAA amended the Foreign Intelligence Surveillance Act (FISA) of 1978 by authorizing new procedures for electronic … Continue Reading
On 4 September, 2012, the Cayman Islands’ Data Protection Working Group (DPWG) released a consultation paper, inviting comments from the public on the draft Cayman Islands Data Protection Bill 2012. The Bill, which is modelled on the European Framework Data Protection Directive 95/46/EC, aims to protect individuals’ rights regarding the collection and use of personal … Continue Reading
On 21 August 2012, the European Commission issued an Implementing Decision (the “Decision”) confirming that the Eastern Republic of Uruguay provides an adequate level of protection for personal data transferred from the European Union. The effect of the Decision is to allow organizations established in European Member States to transfer personal data to organizations in … Continue Reading
On July 5, 2012, the U.N. Human Rights Council adopted a resolution on the promotion, protection, and enjoyment of human rights on the Internet. The U.N. General Assembly established the Human Rights Council in 2006 to replace the former U.N. Commission on Human Rights. The Council consists of 47 U.N. member states from all geographic … Continue Reading
On March 20, 2012, the Philippines Senate unanimously passed the Data Privacy Act of 2011 (“the Act”) on its third and final reading. According to one of its sponsors, Senator Edgardo Angara, the Act is heavily based on the current EU Data Protection Directive (Directive 95/46/EC) and meets the standards of the Asia Pacific Economic … Continue Reading
Last week, the American Bar Association adopted a rule calling on U.S. courts to “consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign . . . with regard to data sought in discovery in civil litigation.” In an extensive report accompanying the new rule, the ABA detailed the … Continue Reading
On 5 September 2011, Costa Rica adopted a new data protection law, the “Law on the Protection of Individuals Against the Processing of Personal Data”. The Law aims to protect the fundamental right to information self-determination of any person, regardless of nationality, residence or domicile. Costa Rica is now the seventh country in Central and … Continue Reading
By Dan Cooper and Helena Marttila On 11th of July, 2011, Hungary adopted a new data privacy law (Act CXII of 2011 on Informational Self-Determination and Freedom of Information) (the “Act”), which will enter into force on 1 January 2012. The main changes brought about by the Act are briefly discussed below:… Continue Reading
The South Korean Ministry of Public Administration and Security reiterated support this week for its plans to abolish legislation that requires Internet users on social networks to use their real names on websites. Currently, the law requires websites with more than 100,000 visitors per day to require users to register with their real names. In … Continue Reading
On July 2, 2011 Peruvian President Alan Garcia signed into law the country’s Personal Data Protection Law (Ley de Protección de Datos Personales, Proyecto de Ley, available here), making Peru the latest Latin American country to adopt European-style privacy legislation. Peru is expected to develop implementing regulations to the new law in the coming months. … Continue Reading
Qatar has published a first version of its new Personal Information Privacy Protection Law. This is a groundbreaking development as, should the law be enacted, it will make Qatar the only country in the Middle East to have nationally-applicable data protection legislation. The draft legislation applies to operators in the private and public sectors and … Continue Reading
by Katie Keith On June 16, 2011, the United States Chamber of Commerce organized a forum for business leaders addressing challenges to the free flow of electronic commercial information. Panelists included academics, government officials, and policy and privacy directors from Google, AT&T, GE, Citigroup, and IBM. The event was moderated by leaders from the Commerce … Continue Reading
