Data Protection

France: New guidance for data retention

By Denise Lebeau-Marianna – Partner and  Yaël Hirsch – Senior Associate The French Supervisory Authority (the “CNIL”) has issued new updated guidelines on data retention during the month of July (the “CNIL’s Guidelines”)[1]. They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data[2]. …

France: New guidance for data retention Read More »

France: First sanction of an online shoes company by CNIL acting as a lead authority for several infringements to GDPR requirements

On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees[1]. I. Factual background and …

France: First sanction of an online shoes company by CNIL acting as a lead authority for several infringements to GDPR requirements Read More »

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company?

Thailand’s Personal Data Protection Act (“PDPA“) is in the process of being updated, and full implementation and compliance are expected by 1 June 2021. This comes by way of the Notification of the Ministry of Digital Economy and Society Re: Personal Data Security Standards B.E. 2563 (2020) (“Notification“) which was recently released by the Thai …

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company? Read More »

Europe: New privacy rules for connected vehicles in Europe?

By Anne-Gabrielle Haie Vehicles, drivers and passengers are becoming more and more connected, generating increasing amounts of data. The latest evolution of digital technologies, such as robotics, Internet of Things, Artificial Intelligence, high-performance computers and powerful communication networks leads self-driving cars out of an imaginary world and into our daily lives. While these technologies are …

Europe: New privacy rules for connected vehicles in Europe? Read More »

Global: International Data Protection Day!

International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …

Global: International Data Protection Day! Read More »

UK: UK Controllers – have you paid the ICO’s data protection fee?

The ICO is taking active enforcement against organisations who are not properly registered to pay the UK data protection fee. In our earlier blog post on the UK’s New Data Protection Fee, we explained that the UK was implementing regulations (which are unique in Europe) to require payment of a registration fee to the Information …

UK: UK Controllers – have you paid the ICO’s data protection fee? Read More »

Europe: ‘Right to be forgotten’, but only in Europe?

In its landmark decision of the 24th of September (C-507/17), the EU Court of Justice in Luxembourg has sided with Google over a claim by the French supervisory authority regarding the application of the so-called ‘right to be forgotten’. This right refers to the ability for individuals in Europe to demand that search engines, such …

Europe: ‘Right to be forgotten’, but only in Europe? Read More »

EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing

Since the European Commission unveiled a proposal for an e-Privacy Regulation in January 2017, this new piece of legislation, aiming to adapt rules on electronic communications and cookies, has undergone many iterations. The European Parliament has left its version untouched since October 2017, and in the meantime the Council of the EU has regularly published …

EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing Read More »

Belgium: DPA updating its Recommendation on Direct Marketing – Provide your input before 31 July 2019!

Updated official guidance on direct marketing appears to be on the horizon: the Belgian Data Protection Authority has launched a public consultation on direct marketing, with a view to updating its Recommendation No. 02/2013 of 30 January 2013 on direct marketing. In its 2013 Recommendation, available in Dutch and French, the Belgian DPA covered several …

Belgium: DPA updating its Recommendation on Direct Marketing – Provide your input before 31 July 2019! Read More »

Belgium: Newly appointed Belgian Data Protection Commissioner declares “I will not hesitate to issue fines to those not playing by the rules”

by Patrick Van Eecke & Gilles Hachez A little less than a month ago, the Belgian House of Representatives appointed the new commissioner and directors of the Belgian Data Protection Authority (DPA), as we explained in our blogpost here. Today, little less than eleven months after the establishment of the DPA, the new commissioner, Mr …

Belgium: Newly appointed Belgian Data Protection Commissioner declares “I will not hesitate to issue fines to those not playing by the rules” Read More »

EU: EDPB provides more clarity on the legal basis for processing data in clinical trials

By Ilias Abassi Since the implementation of the GDPR, there has been much discussion with respect to the appropriate legal basis for the processing of personal data in the context of a clinical trial, in particular how this relates to the Clinical Trials Regulation (CTR) which is expected to enter into force in 2020. There …

EU: EDPB provides more clarity on the legal basis for processing data in clinical trials Read More »

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

By Denise Lebeau-Marianna and Yaël Hirsch On 12 December 2018, the French Government issued an ordinance[1] finalizing, at the legislative level[2], the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation[3] (“GDPR”) and the Directive 2016/680[4]. Following-up the adoption of the GDPR, the French Law No. 2018-493 related to personal data protection[5] …

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW Read More »

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs

The Dutch Supervisory Authority (Autoriteit Persoonsgegevens, “AP”) recently communicated a press release stating that it reached out to 30 organizations to request information relating to their data processing agreements (DPAs).  Organizations that have been contacted are companies in the media, energy and trade sectors. The AP has requested, among other things, what agreements organizations have …

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs Read More »

Spanish Senate signs-off new GDPR-compliant Data Protection Act

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018. The new Act (“NLOPD“), in addition to regulating many other topics: …

Spanish Senate signs-off new GDPR-compliant Data Protection Act Read More »

Spanish Government approves new Decree-Law on Data Protection matters

Due to the complex balances inside the Spanish Parliament, Spain has been unable to put in place to date (July 2018) a new Data Protection Act that develops the EU Regulation 2016/679 (“GDPR”) in the areas where EU Member States are entitled to fill the gaps or add gold-plating requirements on top of those established …

Spanish Government approves new Decree-Law on Data Protection matters Read More »

CHINA: Data and cyber – New guidelines you need to know

In the last two weeks the Chinese authorities have been busy providing much-anticipated guidance on the practical steps organisations must take to comply with the new data protection, cybersecurity and technology regulations. In short, the key developments are: Practical implementation guidance under PRC Cybersecurity Law Draft Guidelines on Multi Level Protection Scheme (MLPS) for information …

CHINA: Data and cyber – New guidelines you need to know Read More »

FRANCE: The new data protection law under Constitutional review

The newly adopted French data protection law is already challenged by Senators who requested a constitutional review the day after the new law’s adoption. This had been announced: at least 60 Senators have referred the new French data protection law to the French Constitutional Council. Despite the accelerated procedure initiated by the Government in December …

FRANCE: The new data protection law under Constitutional review Read More »

WP29: (draft) Guidance on BCR’s and annual review of privacy shield

This week, the Article 29 Working Party (“WP29”) published their joint annual review of Privacy Shield and their long awaited (draft) guidance on Binding Corporate Rules (“BCR’s”). Privacy Shield: The WP29 have identified a number of important unresolved issues and warn that if no remedy is brought within the next year, they will bring the …

WP29: (draft) Guidance on BCR’s and annual review of privacy shield Read More »