The United Arab Emirates (“UAE”) has enacted its long awaited federal level data protection law. This article examines some of its key features. As part of its 50th anniversary, the UAE has issued a set of sweeping legal reforms, including the much anticipated Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data …
On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). The Guide provides a reminder of the applicable obligations regarding the designation, tasks and missions of DPOs as well as good practices to help organizations comply with their obligation to designate a DPO …
France: The CNIL publishes a practical guide on Data Protection Officers Read More »
US – Federal banking regulators issue computer-security incident notification final rule Rule takes effect April 1, 2022 The Federal Deposit Insurance Corporation, Federal Reserve, and Office of the Comptroller of the Currency (collectively the federal banking regulators) have issued a final rule requiring banking organizations and bank service providers to make certain notifications in …
US – Federal banking regulators issue computer-security incident notification final rule Read More »
On 19 November, the European Data Protection Board (‘EDPB‘) published, its draft Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”). The Guidelines aim to clarify the interplay between Article 3 and the provisions of the GDPR on international …
Europe: EDPB issues guidelines on interplay between Article 3 and Chapter V of GDPR Read More »
With the coming into effect of the Personal Data (Privacy) (Amendment) Ordinance 2021 (“Amendment Ordinance”) on 8 October 2021, a new anti-doxxing law is now in force in Hong Kong. The below sets out a summary of the key aspects of the anti-doxxing law: New offences of doxxing; new penalties The Amendment Ordinance introduces two …
HONG KONG: New anti-doxxing provisions now in force Read More »
Author: Sinead Lynch At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we …
On 16 November 2021, the English High Court declined to strike-out a claim for damages for distress following an isolated one-off data incident which was quickly remedied. In doing so, however, the Court: confirmed that the de minimis concept is equally applicable to claims under the GDPR and Data Protection Act 2018, as it was …
UK – Another important judgment on the de minimis threshold, and other key takeaways Read More »
In the most significant development this year (arguably more so than the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”) coming into force), draft detailed guidance on how organisations can in practice comply with China’s strict data, e-commerce and online platform rules – including new compliance obligations – has been published. The …
US: FTC adopts updated Safeguards Rule and seeks comment on security event notification requirement On October 27, 2021, the Federal Trade Commission (FTC) issued a final rule updating its information security rules for financial institutions’ protection of consumers’ financial information (the “Final Rule”). This is the first significant update to the FTC’s Safeguards Rule since …
On 10 November 2021, the UK Supreme Court, in a unanimous judgment, allowed Google’s appeal against the Court of Appeal decision granting Mr Lloyd permission to continue his representative claim (i.e. a US-style opt-out “class action”) against Google. The judgment brings very welcome clarification in a rapidly evolving area of English law relating to representative “class” actions in general, and in the context of data protection …
On 25 September 2021, the Australian Commonwealth Government published a consultation draft of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (Online Privacy Bill) which, if passed, will introduce the following significant changes into the Privacy Act 1988 (Cth) (Privacy Act): an increase in the maximum penalties payable for serious or …
Australia: Increased privacy penalties and binding social media code tabled Read More »
US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks By Justine Phillips and Garrett Stallins #DLAPiperCommodities #DLAPiperCyber On October 14, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations, the Environmental Protection Agency, and the National Security Agency issued a joint advisory warning of active cyber threats to …
US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks Read More »
China’s PIPL came into force today, and to accompany this, the Cyberspace Administration of China (“CAC”, the key data regulator) has published for consultation draft guidelines to assist organisations grappling with overseas data transfers with some practical guidance on some of the compliance steps that must be taken. Under the PIPL, certain organisations – or …
CHINA: new draft guidance on overseas data transfers Read More »
The case of Dr Mary Fairhurst -v- Mr Jon Woodard illustrates the risks associated with the installation of security cameras and why it is vital to ensure a lawful basis for capturing and processing such images exists. Our article on this recent English court case is available by clicking here.
Authors: David Cook, Benjamin Fellows As organisations face an ever increasing volume of civil claims seeking damages for trivial infringements of data protection law, the High Court in Rolfe & Others -v- Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB) has provided a welcome judgment dismissing such a claim in circumstances where it was implausible that …
Authors: Anthony Lloyd, Alex Horder, Edmond Lau Background On 30 September, the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) were amended[1] with the aim of lowering barriers of entry to Consumer Data Right regime (CDR) participation, as foreshadowed by the Australian Treasury’s prior proposal in April and related exposure draft legislation released in July. By increasing …
CDR v3: Australian Treasury moves to expand access to the Consumer Data Right regime Read More »
The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s (KSA) newly published Personal Data Protection Law (PDPL). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR. For example, an unlawful transfer of personal data …
Saudi Arabia’s New Data Protection Law – What you need to know Read More »
A The data sharing code (“Code”), published by the UK Information Commissioner’s Office (“ICO”), enters into force today (5 October 2021) following its publication on 14 September 2021. The Code is a statutory code of practice made under section 121 of the Data Protection Act 2018 and seeks to provide a guide for organisations about …
UK: ICO’s Data Sharing Code of Practice enters into force Read More »
By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. Following a local tradition dated in 1992, the Spanish legislators deviated themselves from the mainstream position in the EU. The new Spanish law included, among other deviations, new digital rights unknown by …
Show-me: Spanish Data Protection laws shaken by the Supreme Court Read More »
Authors: Anthony Lloyd, Alex Horder Background With the implementation of the Consumer Data Right (CDR) in the banking sector (known as ‘Open Banking’) well under way, the release of draft amendments to the CDR rules for the energy sector, and the continuing development of the framework for implementing the CDR in the telecommunications sector, the …
Australia: Consumer Data Right pipeline to cast a wide net Read More »
