DLA Piper’s Data Protection and Privacy practice delivers topical legal and regulatory updates and analysis from across the globe.
New Internet Content and Governance Regulation China’s authorities have published a much-anticipated brand new directive on internet content regulation and governance, which will come into force on 1 March 2020. This law will require organizations which host websites in China to make fundamental changes to their website governance frameworks. The changes specifically introduce the following: […]
By Patrick Van Eecke, Frederik Ringoot and Gilles Hachez
The Belgian Data Protection Authority issued a fine of 1% of the annual turnover of the company for not acting in compliance with the cookie rules, despite the corrective actions undertaken by the company. The DPA confirmed that by issuing this sanction, it wanted to set an example, warning all companies that cookie compliance is a “must have”.
By John Magee & Eilís McDonald
As 2019 drew to a close, it was a busy time for the Irish Data Protection Commission (DPC). With the traditional end of year rush, as well as a significant amount of focus in data protection circles on the Advocate General’s opinion in the Schrems II case, privacy professionals could be forgiven for missing out on three new publications issued by the DPC during December alone.
By Patrick Van Eecke, Andrew Dyson & Anne-Gabrielle Haie
On 19 December, the Advocate General issued his opinion in the Schrems 2.0 case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA. In a 97 pages long analysis, the Advocate General developed several arguments. We read the opinion for you and distilled the following 5 key takeaways for businesses.
Under the Law on Protection of Personal Data no. 6698 (“DPL”), there are certain obligations which are similar to those contained in the GDPR, and which are relatively easy to comply with. On the other hand, some DPL obligations will likely be foreign to data controllers in the EU and overseas. One such requirement is […]
The ICO is taking active enforcement against organisations who are not properly registered to pay the UK data protection fee. In our earlier blog post on the UK’s New Data Protection Fee, we explained that the UK was implementing regulations (which are unique in Europe) to require payment of a registration fee to the Information […]
Many companies have scrambled to comply with Russia’s peculiar Data Localization Rules since their enactment in 2015. While these rules apply to a wide range of companies handling Russian personal data both in Russia and abroad, the penalties for non-compliance were traditionally limited only to blocking of the data operator’s websites. This somewhat abstract penalty, […]
On 14th November, the Information Commissioner’s Office (“ICO”) published an update to its guidance on the processing of special category data (“Guidance”). Background The General Data Protection Regulation (“GDPR”) recognises that some types of personal data are more sensitive than others, and as such merit extra protection under the law. By way of reminder, special […]
