US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks

US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks By Justine Phillips and Garrett Stallins  #DLAPiperCommodities #DLAPiperCyber On October 14, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations, the Environmental Protection Agency, and the National Security Agency issued a joint advisory warning of active cyber threats to …

US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks Read More »

CHINA: new draft guidance on overseas data transfers

China’s PIPL came into force today, and to accompany this, the Cyberspace Administration of China (“CAC”, the key data regulator) has published for consultation draft guidelines to assist organisations grappling with overseas data transfers with some practical guidance on some of the compliance steps that must be taken. Under the PIPL, certain organisations – or …

CHINA: new draft guidance on overseas data transfers Read More »

UK: CCTV and surveillance – when things go wrong

The case of Dr Mary Fairhurst -v- Mr Jon Woodard illustrates the risks associated with the installation of security cameras and why it is vital to ensure a lawful basis for capturing and processing such images exists. Our article on this recent English court case is available by clicking here.

UK: Important judgment on de minimis threshold in data protection compensation claims – Rolfe -v- Veale

Authors: David Cook, Benjamin Fellows As organisations face an ever increasing volume of civil claims seeking damages for trivial infringements of data protection law, the High Court in Rolfe & Others -v- Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB) has provided a welcome judgment dismissing such a claim in circumstances where it was implausible that …

UK: Important judgment on de minimis threshold in data protection compensation claims – Rolfe -v- Veale Read More »

CDR v3: Australian Treasury moves to expand access to the Consumer Data Right regime

Authors: Anthony Lloyd, Alex Horder, Edmond Lau Background On 30 September, the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) were amended[1] with the aim of lowering barriers of entry to Consumer Data Right regime (CDR) participation, as foreshadowed by the Australian Treasury’s prior proposal in April and related exposure draft legislation released in July. By increasing …

CDR v3: Australian Treasury moves to expand access to the Consumer Data Right regime Read More »

Saudi Arabia’s New Data Protection Law – What you need to know

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s (KSA) newly published Personal Data Protection Law (PDPL). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR. For example, an unlawful transfer of personal data …

Saudi Arabia’s New Data Protection Law – What you need to know Read More »

UK: ICO’s Data Sharing Code of Practice enters into force

The data sharing code (“Code”),  published by the UK Information Commissioner’s Office (“ICO”), enters into force today (5 October 2021) following its publication on 14 September 2021.  The Code is a statutory code of practice made under section 121 of the Data Protection Act 2018 and seeks to provide a guide for organisations about how …

UK: ICO’s Data Sharing Code of Practice enters into force Read More »

Show-me: Spanish Data Protection laws shaken by the Supreme Court

By the end of the 2018, the Spanish Parliament belatedly completed the framework provided by EU’s GDPR approving a new Data Protection Act. Following a local tradition dated in 1992, the Spanish legislators deviated themselves from the mainstream position in the EU. The new Spanish law included, among other deviations, new digital rights unknown by …

Show-me: Spanish Data Protection laws shaken by the Supreme Court Read More »

Australia: Consumer Data Right pipeline to cast a wide net

Authors: Anthony Lloyd, Alex Horder Background With the implementation of the Consumer Data Right (CDR) in the banking sector (known as ‘Open Banking’) well under way, the release of draft amendments to the CDR rules for the energy sector, and the continuing development of the framework for implementing the CDR in the telecommunications sector, the …

Australia: Consumer Data Right pipeline to cast a wide net Read More »

UK: Government publishes consultation on post-Brexit data reforms

The government has today published its eagerly awaited Consultation Paper on Reforms to the UK Data Protection Regime – ‘Data: A New Direction’ (“Consultation Paper”), setting out the specific areas for regulatory reform of the UK’s data protection regime. It follows a spate of activity from the government in relation to plans for its post-Brexit global …

UK: Government publishes consultation on post-Brexit data reforms Read More »

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules

On 2 September 2021, the Data Protection Commission (DPC) announced it has imposed a €225 million administrative fine against WhatsApp Ireland Limited , as well as a reprimand and an order to bring its processing into compliance. This comes following a lengthy background including the EDPB’s first urgent binding decision in relation to the investigation …

Ireland / Europe: DPC’s record GDPR fine has implications for calculation of GDPR fines and regulatory expectations around transparency rules Read More »

UK: ICO rules regarding the online privacy of children enter into force

By James Clark and Anna Ward, DLA Piper UK LLP The Age Appropriate Design Code (“Code”), a new statutory Code of Practice published by the UK Information Commissioner’s Office (“ICO”), enters into force today (2 September 2021) following a one year transition period.  The Code seeks to regulate the provision of online services to children, …

UK: ICO rules regarding the online privacy of children enter into force Read More »

UK: Government unveils plans for post-Brexit global data transfer regime

Following Brexit, the UK now has the ability to adopt its own decisions in relation to adequacy for personal data transfers. Today, the government has set out the first territories which it will prioritise for its data transfer adequacy decisions. These territories will include the United States, Australia, the Republic of Korea, Singapore, the Dubai …

UK: Government unveils plans for post-Brexit global data transfer regime Read More »

Navigating China Episode 20: PIPL has finally arrived, bringing helpful clarification (rather than substantial change) to China’s data privacy framework

In good news for organisations handling personal information, China’s Personal Information Protection Law (“PIPL”) was finalised on 20 August 2021, and will come into force on 1 November 2021. Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a …

Navigating China Episode 20: PIPL has finally arrived, bringing helpful clarification (rather than substantial change) to China’s data privacy framework Read More »

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds

On 17 December 2019, the ICO issued the first administrative fine under the GDPR (known as a monetary penalty notice in the UK), alongside an Enforcement Notice, against Doorstep Disparensee Limited (“DDL”). DDL appealed against both elements of the  enforcement action taken by the ICO which has recently been decided and provides useful guidance from …

UK: First-Tier Tribunal considers first fine imposed by the ICO under the GDPR and slashes the amount by two thirds Read More »

UK: ICO opens consultation on its updated international data transfer guidance and tools

On 11 August 2021, the Information Commissioner’s Office (ICO) launched a public consultation on its  draft international data transfer agreement (IDTA) and guidance on data transfers. These updates have been expected for some time to address the UK regulatory position, following exit from the EU, in relation to the Schrems II decision of the CJEU …

UK: ICO opens consultation on its updated international data transfer guidance and tools Read More »

Considerations on embedding the new standard contractual clauses in IT contracts

Authors: Heidi Waem and Nicolas Becker On 4 June 2021, the European Commission released the final version of the new Standard Contractual Clauses (new SCCs) (see our blogpost here). This new set of clauses was launched in the aftermath of the CJEU’s Schrems II decision and includes specific wording to address certain concerns raised by the …

Considerations on embedding the new standard contractual clauses in IT contracts Read More »

Ireland & UK: Latest trends in data subject access requests in pending litigation

Authors: Marcus Walsh, David Cook, John Magee As individuals become more aware of their rights under data protection law, data subject access requests (DSARs) are an increasingly frequent concern for organisations both large and small. DSARs remain the single most common cause of regulatory complaints for organisations – the latest annual report from the Irish …

Ireland & UK: Latest trends in data subject access requests in pending litigation Read More »

Taking back control: The European Digital Identity

Authors: Kristof De Vulder, Florian De Rouck, Emma Stockman On 3 June 2021, the EU Commission proposed the long-awaited framework for a European Digital Identity (EUid). The proposal stems from the regulatory review of Regulation 910/2014/EU (eIDAS Regulation), and constitutes a complete overhaul of the European digital identification framework. The EU Commissions plans to introduce a new …

Taking back control: The European Digital Identity Read More »