Authors: Luc Bigel and Hamza Akli On 24 January 2023, France’s Orientation and Programming Law (“LOPMI“) was enacted and published the next day in the Official Journal. LOPMI introduces amendments to the insurability of losses and damages paid in response to cyber-attacks, including in relation to ransom payments – requiring that the payment of insurance …
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To It’s now the time to focus on the steps that data controllers need to take to legitimize overseas processing of China personal information via the CAC certification route. Background: While most PRC data controllers should have already identified whether to follow the CAC assessment/approval route …
On 15th March 2023, the UK Information Commissioner’s Office (“ICO”) issued updated Guidance on Artificial Intelligence and Data Protection. The updated Guidance follows ‘requests from UK industry to clarify requirements for fairness in AI” and aims to support the UK government’s vision of a “pro-innovation approach to AI regulation” and more specifically its intention to “embed considerations …
UK: ICO issues updated Guidance on Artificial Intelligence and Data Protection Read More »
Authors: Denise Lebeau-Marianna, Divya Shanmugathas and Lucie Dubecq-Princeteau On 15 March 2023, the French Supervisory Authority (the “CNIL”) unveiled in a post its four key priorities regarding its upcoming investigations for 2023 targeting specific sectors (I), to which it added another topic related to DPO in line with the coordinated enforcement framework of the European …
By Jan Pohle, Dr. Philipp Adelberg In its judgment of 2 March 2023, the European Court of Justice (ECJ) (C-268/21) issued a preliminary ruling on whether and to what extent provisions of the General Data Protection Regulation (GDPR) are applicable in the context of national civil procedural law of the EU member states. Specifically, the …
Europe: Applicability of the GDPR in civil proceedings Read More »
On 8 March 2023, the UK Government published its Data Protection and Digital Information (No.2) Bill. This is the second version of the Bill published by the UK Government, the first of which was published in July 2022 and put on hold last September by the then-appointment prime minister, Liz Truss . The new draft Bill …
UK: New Data Protection and Digital Information Bill Read More »
Authors: Andreas Rüdiger, Philipp Adelberg On 14 February 2023, the European Data Protection Board (“EDPB”) published the updated and final version of its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (EDPB Guidelines 05/2021). In comparison to the first …
Authors: Carolyn Bigg, Yue Lin Lee and Daisy Wong Singapore’s Personal Data Protection Commission (“PDPC”) has issued its first decision on the Legitimate Interests Exception under the PDPA. While the PDPA remains largely a consent-based regime, the Legitimate Interests Exception is one of the exceptions from consent available under the PDPA. This RedMart decision illustrates …
Authors: Heidi Waem and Simon Verschaeve On 21 February 2023, the Litigation Chamber of the Belgian Data Protection Authority ruled on a case relating to the lawfulness of a geolocation tracking system for employee vehicles used by a public authority. The decision not only sets out the conditions for the use of such systems, but …
Authors: Jim Sullivan, John Magee, Rachel De Souza & Christopher Connell The European Data Protection Board (“EDPB” or the “Board”) on 28 February 2023, released its non-binding opinion on the draft adequacy decision underlying the EU-US Data Privacy Framework (“DPF”). The Board welcomed the “substantial improvements” to US law concerning signals intelligence gathering of data, …
Author: Sarah Birkett Cyber Security Strategy discussion paper launched This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030. The discussion paper, which acknowledges that the Australian Government was …
Authors: Andreas Rüdiger, Philipp Adelberg The debate on transatlantic data transfers, a possible adequacy decision for the US and the EU-US Data Privacy Framework (“DPF“) is gaining new momentum. On 14 February 2023, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs published its draft motion for a resolution regarding the adequacy of …
Data protection compensation claims continue to manifest themselves. Understanding a data incident, and how to respond in an appropriate manner, is vital to combatting this growing threat. Judgments through 2022 continued to be largely favourable to those facing such claims. But the threat still exists. On Thursday, 2 March 2023, David Cook and Benjamin Fellows …
Authors: Carolyn Bigg, Amanda Ge, Venus Cheung, and Gwyneth To Summary: The final version of the China SCCs has now been published, meaning those organisations that haven’t had to apply for CAC approval for their cross-border transfers of personal information now have until 1 December 2023 to: sign the China SCCs with overseas recipients of …
CHINA: Final China SCCs for CBDT published – What you need to know Read More »
Authors: Heidi Waem and Simon Verschaeve The arrival of the internet has revolutionized the advertising landscape, and since the appearance of the first banner ad in 1994, innovative technologies have been developed in the field of online advertising. Since then, new stakeholders, such as online platforms, have emerged and a whole spectrum of new digital …
Authors: Sarah Birkett, Nicholas Boyle The Australian Attorney-General has published the (long-awaited) results of the Privacy Act review. The report recommends a number of changes to the Australian privacy framework, including various changes to Australia’s core privacy legislation, the Privacy Act 1988 (Cth). The report does not represent official Government policy and there is no …
Australia Privacy Act review – a blueprint for change? Read More »
Author: Keri Bennett As of February 1, 2023, two new sections of the British Columbia Freedom of Information and Protection of Privacy Act (“FIPPA”) and associated regulations are in force. All public bodies governed by FIPPA in the province of British Columbia (generally speaking all government ministries and the broader public sector) are now required to report privacy breaches to individuals …
On 16 January 2023, the Directive on measures for a high common level of cybersecurity across the Union (“NIS2”) entered into force. NIS2 replaces the Directive on Security of Network and Information Systems (“NIS Directive”) and introduces a number of changes, including bringing more sectors and services under the scope of the NIS rules and introducing an updated …
Authors: Heidi Waem – Nicolas Becker Following a reference for a preliminary ruling by the Belgian Council of State, the Belgian Constitutional Court ruled that an interested third party should be able to bring an appeal against a decision of the Litigation Chamber (the sanctioning body within the Belgian Data Protection Authority). As article 108, …
On 12 January 2023, the European Court of Justice (“CJEU”) delivered its judgment regarding the right of access to personal data under Article 15 GDPR. The CJEU held that when exercising their right of access under the GDPR, data subjects must be provided with the individual data recipients of their personal data. Background Under Article 15 GDPR, …
Europe: CJEU decision – Right of access to individual recipients of personal data Read More »
