By Denise Lebeau-Marianna – Partner and Yaël Hirsch – Senior Associate The French Supervisory Authority (the “CNIL”) has issued new updated guidelines on data retention during the month of July (the “CNIL’s Guidelines”)[1]. They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data[2]. …
Since the European Commission unveiled a proposal for an e-Privacy Regulation in January 2017, this new piece of legislation, aiming to adapt rules on electronic communications and cookies, has undergone many iterations. The European Parliament has left its version untouched since October 2017, and in the meantime the Council of the EU has regularly published …
Updated official guidance on direct marketing appears to be on the horizon: the Belgian Data Protection Authority has launched a public consultation on direct marketing, with a view to updating its Recommendation No. 02/2013 of 30 January 2013 on direct marketing. In its 2013 Recommendation, available in Dutch and French, the Belgian DPA covered several …
The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party.
By Denise Lebeau-Marianna and Yaël Hirsch On 12 December 2018, the French Government issued an ordinance[1] finalizing, at the legislative level[2], the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation[3] (“GDPR”) and the Directive 2016/680[4]. Following-up the adoption of the GDPR, the French Law No. 2018-493 related to personal data protection[5] …
FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW Read More »
After more than two weeks from its approval by the Spanish Senate, the Official Gazette of Spain published this morning the new Spanish Data Protection Act, that shall be in force as from Friday 7 December 2018. Coincidentally or not, the publication was made on the very same day of the 40th anniversary of the …
SPAIN: New Data Protection Act in force from 07 December 2018 Read More »
After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018. The new Act (“NLOPD“), in addition to regulating many other topics: …
Spanish Senate signs-off new GDPR-compliant Data Protection Act Read More »
Due to the complex balances inside the Spanish Parliament, Spain has been unable to put in place to date (July 2018) a new Data Protection Act that develops the EU Regulation 2016/679 (“GDPR”) in the areas where EU Member States are entitled to fill the gaps or add gold-plating requirements on top of those established …
Spanish Government approves new Decree-Law on Data Protection matters Read More »
On 30 May the Department for Digital, Culture, Media & Sport in the United Kingdom launched a consultation on the functioning of the current regime for holding to account company directors, those holding similar positions in corporate bodies / unincorporated associations, and members of partnerships for breaches of the Privacy and Electronic Communication Regulations 2003 …
UK: Personal liability for PECR regulatory fines proposed in Government consultation Read More »
The Italian privacy law integrating the GDPR has been finalized by the Board of Ministers, unveiling unexpected surprises a few days before the 25th of May 2018.
Written by Anna Spencer and Milton Gregory On April 4, 2018, the US Department of Health and Human Services’ (“HHS”) Office of the National Coordinator for Health Information Technology (“ONC”) released a new web-based resource – the ONC Guide to Getting and Using your Health Records – that promotes individual access to medical records by educating patients …
Patrick Van Eecke and Peter Craddock On 25 May 2018, the Belgian Privacy Commission will be renamed “Belgian Data Protection Authority” (BDPA) and will gain the power to impose fines. This is part of a comprehensive reform approved by the Belgian Parliament on Thursday 16 November 2017. Among the changes, the BDPA will be headed …
The new Belgian Data Protection Authority: leaner and (probably) meaner Read More »
The role of the Data Protection Officer (DPO) and what requirements needs to meet has now been partially clarified by the Italian privacy authority.
On 1 August we reported on the launch of the International Regulatory Strategy Group’s “Article 28 GDPR ready contractual terms” for use between controllers and processors. The ICO has now launched its draft guidance on this subject. The purpose of the ICO guidance is to explain, in an accessible fashion, the core requirements that all …
UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors Read More »
Personal data, including big data, is a valuable asset for businesses, but how to maximise its exploitation at the age of the EU Privacy Regulation?
Privacy risks can arise from the usage of new technologies by employees at work and require a deep assessment especially in the light of the General Data Protection Regulation.
Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …
New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »
The European privacy regulation (GDPR) can now rely on detailed guidelines from Italian data protection authority on how to comply with it.
On March 21, 2017, senior representatives of the Office of the Privacy Commissioner of Canada (OPC) met with privacy practitioners to provide updates on policy, legal, compliance and enforcement activities of the OPC. The information disseminated at this annual meeting is important to all businesses collecting personal information of Canadians for two reasons: It highlights …
CANADA: Key priorities of the Privacy Commissioner in 2017 Read More »
Written by Sydney White and Jim Halpert This week the US House of Representatives passed a Congressional Review Act (CRA) resolution of disapproval of the US Federal Communications Commission (FCC) broadband privacy rules that were approved by the FCC in a straight partisan vote at the end of the Obama Administration, but have not yet …
Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean? Read More »
