On the ninth episode of our Inside Privacy Audiocast, we peer through the looking glass at China’s approach to data protection and the latest developments in its emerging data protection and cybersecurity regime. Dan Cooper, Yan Luo and Zhijing Yu discuss the variety of legal instruments in China’s quickly-evolving data protection and cybersecurity regulatory landscape, and how these … Continue Reading
Recently, there has been a significant level of attention given to data protection and privacy matters on the Continent, and in the just the past year, we have seen new laws proposed or enacted in places like Nigeria, Egypt, Kenya, and of course South Africa, although prior to that, places like Morocco, Ghana and Mali … Continue Reading
On June 22, 2020, the South African President announced that certain provisions of POPIA would take effect on July 1, provisions which most regard as essential to the statute, such as those imposing conditions on the lawful processing of personal information, procedures for handling complaints, and general enforcement provisions. Only days later, the South African Information … Continue Reading
On our third episode of our Inside Privacy Audiocast, we are aiming our looking glass at Brazil’s new data protection statute, Lei Geral de Proteção de Dados (or LGPD), and are joined by Ronaldo Lemos, a partner at Rennó Penteado. In our episode recorded earlier this week, Dan Cooper and Ronaldo discuss the LGPD, which … Continue Reading
As businesses prepare for the Brazil General Law for Data Protection, or LGPD, one key provision is still up in the air: the date the law takes effect. Under the original law, the LGPD was scheduled to take effect next Sunday, August 16. For the past several months, however, that date has been a moving … Continue Reading
On July 24, 2019, the European Commission (“the Commission”) published a report appraising Europe’s progress in implementing the General Data Protection Regulation (“GDPR”) as a central component of its revamped data protection framework. In its report, the Commission highlights certain achievements resulting from implementation efforts, calls attention to issues that require further action, and describes … Continue Reading
Key Provisions in India’s Draft Personal Data Bill This post is a follow-up to our earlier post on the release of India’s draft personal data protection bill. In this post, we go into greater detail about the bill’s provisions and flag issues for companies worldwide that may process data in India or provide goods or … Continue Reading
On August 14, Brazilian President Michel Temer signed into law the new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (English translation), making Brazil the latest country to implement comprehensive data privacy regulation. The law’s key provisions closely mirror the European Union’s General Data Privacy Regulation (“GDPR”), including significant extraterritorial … Continue Reading
Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive). The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or … Continue Reading
On August 18, 2017, the Central Bank of Kenya (“CBK”) used its authority under Section 33(4) of the Banking Act to publish a Guidance Note on identifying and mitigating cyber risk. The Guidance Note directs institutions licensed under the Banking Act (Cap. 488) (“Institutions”) to develop and implement a comprehensive set of program requirements to … Continue Reading
The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year. Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading
On December 7, 2015, the European institutions reached an informal agreement on the EU Network and Information Security (NIS) Directive — dubbed the Cybersecurity Directive (see press release from the Council). Among other things, the NIS Directive imposes security and incident reporting obligations on operators of essential services in critical sectors and on some digital … Continue Reading
By Eric Carlson and Scott Livingston On Friday, August 8, 2014, a Chinese court convicted British fraud investigator Peter Humphrey and his wife, Yu Yingzeng, a naturalized US citizen, of illegally obtaining personal information. Mr. Humphrey was sentenced to two and a half years in prison and fined RMB 200,000 (about US $32,000); Ms. Yu … Continue Reading
On Thursday, the Court of Justice of the EU ordered Sweden to pay a lump sum of €3 million for failure to transpose the EU’s Data Retention Directive (the “Directive”) into national law within the prescribed period. The Directive obliges electronic communications service providers to store information about communications for a period of 6 – … Continue Reading
By Mark Young and Oliver Grazebrook The Irish Presidency of the Council of the EU has published a progress report on negotiations at Member State level on the EU CyberSecurity Strategy and proposed EU Directive on Network and Information Security (“NIS Directive”). As we summarised in this post, if enacted in its current form, the … Continue Reading
To help prepare an impact assessment on the potential effects in the UK of the proposed EU Directive on Network and Information Security (“NIS Directive”), the UK Government has launched a call for evidence to gather data. As we summarised in this post, if enacted in its current form, the NIS Directive will require companies … Continue Reading
On Friday, an Italian appeals court in Milan overturned the 2010 criminal conviction of three Google Inc. executives for violating the privacy of a disabled boy by allowing a video of students bullying him to appear on Google Video. In February 2010, a court handed down six-month prison sentences to three senior Google executives—Senior Vice … Continue Reading
By Alex Berengaut On Monday, October 29, the Supreme Court heard oral argument in Clapper v. Amnesty International (No. 11-1025), a challenge brought by the American Civil Liberties Union (ACLU) against the FISA Amendments Act (FAA) of 2008. The FAA amended the Foreign Intelligence Surveillance Act (FISA) of 1978 by authorizing new procedures for electronic … Continue Reading
On 4 September, 2012, the Cayman Islands’ Data Protection Working Group (DPWG) released a consultation paper, inviting comments from the public on the draft Cayman Islands Data Protection Bill 2012. The Bill, which is modelled on the European Framework Data Protection Directive 95/46/EC, aims to protect individuals’ rights regarding the collection and use of personal … Continue Reading
On 21 August 2012, the European Commission issued an Implementing Decision (the “Decision”) confirming that the Eastern Republic of Uruguay provides an adequate level of protection for personal data transferred from the European Union. The effect of the Decision is to allow organizations established in European Member States to transfer personal data to organizations in … Continue Reading
On July 5, 2012, the U.N. Human Rights Council adopted a resolution on the promotion, protection, and enjoyment of human rights on the Internet. The U.N. General Assembly established the Human Rights Council in 2006 to replace the former U.N. Commission on Human Rights. The Council consists of 47 U.N. member states from all geographic … Continue Reading
On March 20, 2012, the Philippines Senate unanimously passed the Data Privacy Act of 2011 (“the Act”) on its third and final reading. According to one of its sponsors, Senator Edgardo Angara, the Act is heavily based on the current EU Data Protection Directive (Directive 95/46/EC) and meets the standards of the Asia Pacific Economic … Continue Reading
Last week, the American Bar Association adopted a rule calling on U.S. courts to “consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign . . . with regard to data sought in discovery in civil litigation.” In an extensive report accompanying the new rule, the ABA detailed the … Continue Reading
On 5 September 2011, Costa Rica adopted a new data protection law, the “Law on the Protection of Individuals Against the Processing of Personal Data”. The Law aims to protect the fundamental right to information self-determination of any person, regardless of nationality, residence or domicile. Costa Rica is now the seventh country in Central and … Continue Reading