Singapore: Cybersecurity service providers’ mandatory licensing by October 2022

Authors: Carolyn Bigg, Yue Lin Lee, Gwyneth To and Jing Qin Cho Companies providing cybersecurity services (“CSPs“) in Singapore will now have to obtain a licence for the provision of such services by 11 October 2022. The licensing framework took effect from 11 April 2022. The licensing framework is part of the Cybersecurity Act and …

Singapore: Cybersecurity service providers’ mandatory licensing by October 2022 Read More »

Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence

Authors: Zoltán Kozma, Mark Almasy The Hungarian Data Protection Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH) has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million). The case involved the personal data processing of a bank (acting …

Hungary: Record GDPR fine by the Hungarian Data Protection Authority for the unlawful use of artificial intelligence Read More »

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

Authors: Carolyn Bigg, Yue Lin Lee, Gwyneth To Increased financial penalties From 1 October 2022, companies that breach the PDPA may face fines of up to: SGD 1 million; or where the organisation’s annual turnover in Singapore exceeds SGD 10 million, 10% of the organisation’s Singapore turnover. Penalties imposed under the PDPA could potentially be …

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover Read More »

Privacy Shield 2.0? EU and US announce potential new data transfer framework

What has happened? The European Union has today announced ‘agreement in principle’ with the United States on a new data transfer framework, intended to replace the Privacy Shield framework that was struck down in the 2020 Schrems II decision of the Court of Justice of the European Union. The agreement was announced in a joint …

Privacy Shield 2.0? EU and US announce potential new data transfer framework Read More »

UK: Draft Telecoms Security Regulations and Code of Practice released for consultation

On 1 March 2022, the Department for Digital, Culture, Media & Sport (“DCMS”) released their most recent draft Telecommunications Security Regulations (“Regulations”) and an associated draft Code of Practice (“Code of Practice”) for consultation. The Regulations and Code of Practice form part of several new security measures introduced by the Government specifically to address the security …

UK: Draft Telecoms Security Regulations and Code of Practice released for consultation Read More »

Belgian DPA decision on IAB Transparency and Consent Framework

By: Heidi Waem and Verena Grentzenberg On 2 February 2022, the Belgian Data Protection Authority (Belgian DPA) rendered its long-awaited decision against IAB Europe with regard to the IAB Transparency and Consent Framework (TCF). In this blogpost we will discuss: The procedure TCF, RTB and the TC String The findings of the Inspection Service The …

Belgian DPA decision on IAB Transparency and Consent Framework Read More »

UK: New guidance on processing personal data for scientific research purposes

Experiencing a global pandemic has provided us with many examples of the importance of scientific research to our lives.  Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. Consequently, new guidance from the UK’s Information Commissioner’s …

UK: New guidance on processing personal data for scientific research purposes Read More »

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

By John Magee, Eilis McDonald, Nicole Fitzpatrick, Sarah Dunne & Laoise McMahon The Data Protection Commission (DPC) has published its 2021 Annual Report, highlighting key observations, emerging guidance, and large-scale inquiries and decisions of 2021. Primary areas of focus for the DPC in 2021 included the safeguarding of children’s data protection rights, progressing ongoing large-scale …

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up Read More »

Ukraine Crisis – Heightened Cyber Threat – Be Prepared

By: Andy Serwin ‖ Ross McKean ‖ Carolyn Bigg In response to the heightened geo-political tensions resulting from Russia’s invasion of Ukraine and the package of economic sanctions imposed by the West, the risk of cyber-attacks by Russia and her proxies is high.  We may see an increase in economic extortion to generate revenue to …

Ukraine Crisis – Heightened Cyber Threat – Be Prepared Read More »

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’

By: Heidi Waem, Simon Verschaeve The European Commission today presented its second instrument in the European Data Strategy; a “Regulation on harmonised rules on fair access to and use of data”, better known as the Data Act. After the adoption of the Digital Governance Act (DGA) at the end of 2021, which essentially defines the …

EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’ Read More »

France: the CNIL has released its annual dawn raid Program for 2022: three key priorities!

Authors: Denise Lebeau-Marianna & Divya Shanmugathas The French Supervisory Authority (the “CNIL”) regularly conducts investigations based on various triggering events such as a complaint, an article or its annual program that the CNIL regularly publishes on its website. On 15 February 2022, published a post regarding its upcoming dawn raids for 2022. As a reminder, …

France: the CNIL has released its annual dawn raid Program for 2022: three key priorities! Read More »

Expert opinion on US surveillance laws highlights FISA risk for data transfers to the US

Authors: Andrew Serwin, Carol A.F. Umhoefer, Verena Grentzenberg, and Hayley R. Curry   Germany’s Data Protection Conference (DSK) recently made public an expert opinion on Section 702 of the US Foreign Intelligence Surveillance Act (FISA), which came under close scrutiny in the July 16, 2020 decision of the Court of Justice of the European Union (Schrems II). …

Expert opinion on US surveillance laws highlights FISA risk for data transfers to the US Read More »

FRANCE: the CNIL is aligned with the Austrian Supervisory Authority – the use of Google Analytics leads to illegal transfers to the United States!

The French Supervisory Authority (the “CNIL”) sent a Formal Notice to a web operator using Google Analytics ordering to comply. Though the decision has been taken against one web site it should apply to the use of Google Analytics in general. It should be noted that the European Data Protection Supervisor (“EDPS”) took the same …

FRANCE: the CNIL is aligned with the Austrian Supervisory Authority – the use of Google Analytics leads to illegal transfers to the United States! Read More »

UK: International data transfer agreement and addendum laid before Parliament

Following the ICO’s public consultation, launched in August last year, the final version of the international data transfer agreement (IDTA), as well as the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum), has been laid before Parliament. The IDTA aims to address the UK’s regulatory position, following …

UK: International data transfer agreement and addendum laid before Parliament Read More »

UK: Government launches International Data Transfer Expert Council

The government has announced that it is launching the International Data Transfer Expert Council (‘the Council‘). The Council, which is part of the UK’s National Data Strategy, will meet quarterly to cover issues such as future data adequacy partnerships, the development of new data transfer tools, and how governments can work together to promote greater …

UK: Government launches International Data Transfer Expert Council Read More »

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

By: Heidi Waem, Simon Verschaeve Data is at the heart of the EU’s digital and green transformation, which are the two priorities of the European Commission. With the General Data Protection Regulation (GDPR), adopted in 2016, the EU has created a solid framework for the protection of personal data in line with the EU Charter …

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle Read More »

UK: Government publishes its first Government Cyber Security Strategy

The government has launched its first ‘Government Cyber Security Strategy – Building a Cyber Resilient Public Sector’ (“Strategy”), outlining how central government and the public sector will ensure that public services can function in the face of growing cyber threats. The Strategy aims to ‘step up the country’s cyber resilience by better sharing data, expertise and …

UK: Government publishes its first Government Cyber Security Strategy Read More »

Austria: DPA Finds Use of Google Analytics an Unlawful Transfer of Personal Data

The Austrian Data Protection Authority (“DPA”) has recently published its decision concerning the use of Google Analytics. The DPA held that the use of Google Analytics (“GA”) on a website operated by an Austrian company (“Company”), which involved a transfer of personal data to Google LLC in the US, was in breach of Art 44 GDPR …

Austria: DPA Finds Use of Google Analytics an Unlawful Transfer of Personal Data Read More »

China: new rules on use of algorithms for digital business, data analytics and decision-making

Authors: Carolyn Bigg, Venus Cheung, Fangfang Song The new “Administrative Regulations on Algorithm Recommendation of Internet Business Services” comes into force on 1 March 2022, and will introduce important rules on the use of algorithms when operating digital platforms/websites/apps – including targeted marketing – in China. The new regulations are designed to ensure greater transparency …

China: new rules on use of algorithms for digital business, data analytics and decision-making Read More »