Expert opinion on US surveillance laws highlights FISA risk for data transfers to the US

Authors: Andrew Serwin, Carol A.F. Umhoefer, Verena Grentzenberg, and Hayley R. Curry   Germany’s Data Protection Conference (DSK) recently made public an expert opinion on Section 702 of the US Foreign Intelligence Surveillance Act (FISA), which came under close scrutiny in the July 16, 2020 decision of the Court of Justice of the European Union (Schrems II). …

Expert opinion on US surveillance laws highlights FISA risk for data transfers to the US Read More »

FRANCE: the CNIL is aligned with the Austrian Supervisory Authority – the use of Google Analytics leads to illegal transfers to the United States!

The French Supervisory Authority (the “CNIL”) sent a Formal Notice to a web operator using Google Analytics ordering to comply. Though the decision has been taken against one web site it should apply to the use of Google Analytics in general. It should be noted that the European Data Protection Supervisor (“EDPS”) took the same …

FRANCE: the CNIL is aligned with the Austrian Supervisory Authority – the use of Google Analytics leads to illegal transfers to the United States! Read More »

UK: International data transfer agreement and addendum laid before Parliament

Following the ICO’s public consultation, launched in August last year, the final version of the international data transfer agreement (IDTA), as well as the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum), has been laid before Parliament. The IDTA aims to address the UK’s regulatory position, following …

UK: International data transfer agreement and addendum laid before Parliament Read More »

UK: Government launches International Data Transfer Expert Council

The government has announced that it is launching the International Data Transfer Expert Council (‘the Council‘). The Council, which is part of the UK’s National Data Strategy, will meet quarterly to cover issues such as future data adequacy partnerships, the development of new data transfer tools, and how governments can work together to promote greater …

UK: Government launches International Data Transfer Expert Council Read More »

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle

By: Heidi Waem, Simon Verschaeve Data is at the heart of the EU’s digital and green transformation, which are the two priorities of the European Commission. With the General Data Protection Regulation (GDPR), adopted in 2016, the EU has created a solid framework for the protection of personal data in line with the EU Charter …

EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle Read More »

UK: Government publishes its first Government Cyber Security Strategy

The government has launched its first ‘Government Cyber Security Strategy – Building a Cyber Resilient Public Sector’ (“Strategy”), outlining how central government and the public sector will ensure that public services can function in the face of growing cyber threats. The Strategy aims to ‘step up the country’s cyber resilience by better sharing data, expertise and …

UK: Government publishes its first Government Cyber Security Strategy Read More »

Austria: DPA Finds Use of Google Analytics an Unlawful Transfer of Personal Data

The Austrian Data Protection Authority (“DPA”) has recently published its decision concerning the use of Google Analytics. The DPA held that the use of Google Analytics (“GA”) on a website operated by an Austrian company (“Company”), which involved a transfer of personal data to Google LLC in the US, was in breach of Art 44 GDPR …

Austria: DPA Finds Use of Google Analytics an Unlawful Transfer of Personal Data Read More »

China: new rules on use of algorithms for digital business, data analytics and decision-making

Authors: Carolyn Bigg, Venus Cheung, Fangfang Song The new “Administrative Regulations on Algorithm Recommendation of Internet Business Services” comes into force on 1 March 2022, and will introduce important rules on the use of algorithms when operating digital platforms/websites/apps – including targeted marketing – in China. The new regulations are designed to ensure greater transparency …

China: new rules on use of algorithms for digital business, data analytics and decision-making Read More »

FRANCE: Cookies – new record sanctions for tech giants – CNIL fines Facebook Ireland 60 million euros and Google 150 million euros.

On 31 December 2021, the restricted committee of the French Data Protection Supervisory Authority (“CNIL”) (i) fined Facebook Ireland 60 million euros and Google a total of 150 million euros (i.e., 90 million euros for Google LLC and 60 million euros for Google Ireland Limited) for failing to allow the users of facebook.com, google.fr and …

FRANCE: Cookies – new record sanctions for tech giants – CNIL fines Facebook Ireland 60 million euros and Google 150 million euros. Read More »

France: The CNIL publishes a practical guide on Data Protection Officers

On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). The Guide provides a reminder of the applicable obligations regarding the designation, tasks and missions of DPOs as well as good practices to help organizations comply with their obligation to designate a DPO …

France: The CNIL publishes a practical guide on Data Protection Officers Read More »

US – Federal banking regulators issue computer-security incident notification final rule

US – Federal banking regulators issue computer-security incident notification final rule Rule takes effect April 1, 2022   The Federal Deposit Insurance Corporation, Federal Reserve, and Office of the Comptroller of the Currency (collectively the federal banking regulators) have issued a final rule requiring banking organizations and bank service providers to make certain notifications in …

US – Federal banking regulators issue computer-security incident notification final rule Read More »

Europe: EDPB issues guidelines on interplay between Article 3 and Chapter V of GDPR

On 19 November, the European Data Protection Board (‘EDPB‘) published, its draft Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”). The Guidelines aim to clarify the interplay between Article 3 and the provisions of the GDPR on international …

Europe: EDPB issues guidelines on interplay between Article 3 and Chapter V of GDPR Read More »

TechLaw Australia podcast: The shifting landscape of privacy and data governance in the Asia Pacific region

Author: Sinead Lynch At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we …

TechLaw Australia podcast: The shifting landscape of privacy and data governance in the Asia Pacific region Read More »

UK – Another important judgment on the de minimis threshold, and other key takeaways

On 16 November 2021, the English High Court declined to strike-out a claim for damages for distress following an isolated one-off data incident which was quickly remedied. In doing so, however, the Court: confirmed that the de minimis concept is equally applicable to claims under the GDPR and Data Protection Act 2018, as it was …

UK – Another important judgment on the de minimis threshold, and other key takeaways Read More »

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance

In the most significant development this year (arguably more so than the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”) coming into force), draft detailed guidance on how organisations can in practice comply with China’s strict data, e-commerce and online platform rules – including new compliance obligations – has been published. The …

CHINA: Important new risks and practical guidance on China data protection, data security, e-commerce and online platform compliance Read More »

US: FTC adopts updated Safeguards Rule and seeks comment on security event notification requirement

US: FTC adopts updated Safeguards Rule and seeks comment on security event notification requirement On October 27, 2021, the Federal Trade Commission (FTC) issued a final rule updating its information security rules for financial institutions’ protection of consumers’ financial information (the “Final Rule”).  This is the first significant update to the FTC’s Safeguards Rule since …

US: FTC adopts updated Safeguards Rule and seeks comment on security event notification requirement Read More »

UK: Lloyd v Google – Supreme Court Judgment – report and impacts on data protection and mass claims in the UK

On 10 November 2021, the UK Supreme Court, in a unanimous judgment, allowed Google’s appeal against the Court of Appeal decision granting Mr Lloyd permission to continue his representative claim (i.e. a US-style opt-out “class action”) against Google. The judgment brings very welcome clarification in a rapidly evolving area of English law relating to representative “class” actions in general, and in the context of data protection …

UK: Lloyd v Google – Supreme Court Judgment – report and impacts on data protection and mass claims in the UK Read More »