Privacy

France: New guidance for data retention

By Denise Lebeau-Marianna – Partner and  Yaël Hirsch – Senior Associate The French Supervisory Authority (the “CNIL”) has issued new updated guidelines on data retention during the month of July (the “CNIL’s Guidelines”)[1]. They provide more practical guidance and update the CNIL previous Recommendations dated 11 October 2005 on the conditions of archiving personal data[2]. …

France: New guidance for data retention Read More »

EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing

Since the European Commission unveiled a proposal for an e-Privacy Regulation in January 2017, this new piece of legislation, aiming to adapt rules on electronic communications and cookies, has undergone many iterations. The European Parliament has left its version untouched since October 2017, and in the meantime the Council of the EU has regularly published …

EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing Read More »

Belgium: DPA updating its Recommendation on Direct Marketing – Provide your input before 31 July 2019!

Updated official guidance on direct marketing appears to be on the horizon: the Belgian Data Protection Authority has launched a public consultation on direct marketing, with a view to updating its Recommendation No. 02/2013 of 30 January 2013 on direct marketing. In its 2013 Recommendation, available in Dutch and French, the Belgian DPA covered several …

Belgium: DPA updating its Recommendation on Direct Marketing – Provide your input before 31 July 2019! Read More »

ITALY: First GDPR fine issued!

The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party.

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW

By Denise Lebeau-Marianna and Yaël Hirsch On 12 December 2018, the French Government issued an ordinance[1] finalizing, at the legislative level[2], the alignment of the French Data Protection Law (“FDPL”) with the General Data Protection Regulation[3] (“GDPR”) and the Directive 2016/680[4]. Following-up the adoption of the GDPR, the French Law No. 2018-493 related to personal data protection[5] …

FRANCE: ONE MORE STEP TO ENSURE CONSISTENCY OF THE NEW FRENCH DATA PROTECTION LAW Read More »

SPAIN: New Data Protection Act in force from 07 December 2018

After more than two weeks from its approval by the Spanish Senate, the Official Gazette of Spain published this morning the new Spanish Data Protection Act, that shall be in force as from Friday 7 December 2018. Coincidentally or not, the publication was made on the very same day of the 40th anniversary of the …

SPAIN: New Data Protection Act in force from 07 December 2018 Read More »

Spanish Senate signs-off new GDPR-compliant Data Protection Act

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018. The new Act (“NLOPD“), in addition to regulating many other topics: …

Spanish Senate signs-off new GDPR-compliant Data Protection Act Read More »

Spanish Government approves new Decree-Law on Data Protection matters

Due to the complex balances inside the Spanish Parliament, Spain has been unable to put in place to date (July 2018) a new Data Protection Act that develops the EU Regulation 2016/679 (“GDPR”) in the areas where EU Member States are entitled to fill the gaps or add gold-plating requirements on top of those established …

Spanish Government approves new Decree-Law on Data Protection matters Read More »

UK: Personal liability for PECR regulatory fines proposed in Government consultation

On 30 May the Department for Digital, Culture, Media & Sport in the United Kingdom launched a consultation on the functioning of the current regime for holding to account company directors, those holding similar positions in corporate bodies / unincorporated associations, and members of partnerships for breaches of the Privacy and Electronic Communication Regulations 2003 …

UK: Personal liability for PECR regulatory fines proposed in Government consultation Read More »

Guide for accessing and using medical records breaks no new ground and instead doubles down on old processes

Written by Anna Spencer and Milton Gregory On April 4, 2018, the US Department of Health and Human Services’ (“HHS”) Office of the National Coordinator for Health Information Technology (“ONC”) released a new web-based resource – the ONC Guide to Getting and Using your Health Records – that promotes individual access to medical records by educating patients …

Guide for accessing and using medical records breaks no new ground and instead doubles down on old processes Read More »

The new Belgian Data Protection Authority: leaner and (probably) meaner

Patrick Van Eecke and Peter Craddock On 25 May 2018, the Belgian Privacy Commission will be renamed “Belgian Data Protection Authority” (BDPA) and will gain the power to impose fines. This is part of a comprehensive reform approved by the Belgian Parliament on Thursday 16 November 2017. Among the changes, the BDPA will be headed …

The new Belgian Data Protection Authority: leaner and (probably) meaner Read More »

UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors

On 1 August we reported on the launch of the International Regulatory Strategy Group’s “Article 28 GDPR ready contractual terms” for use between controllers and processors. The ICO has now launched its draft guidance on this subject. The purpose of the ICO guidance is to explain, in an accessible fashion, the core requirements that all …

UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors Read More »

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »

CANADA: Key priorities of the Privacy Commissioner in 2017

On March 21, 2017, senior representatives of the Office of the Privacy Commissioner of Canada (OPC) met with privacy practitioners to provide updates on policy, legal, compliance and enforcement activities of the OPC. The information disseminated at this annual meeting is important to all businesses collecting personal information of Canadians for two reasons: It highlights …

CANADA: Key priorities of the Privacy Commissioner in 2017 Read More »

Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean?

Written by Sydney White and Jim Halpert This week the US House of Representatives passed a Congressional Review Act (CRA) resolution of disapproval of the US Federal Communications Commission (FCC) broadband privacy rules that were approved by the FCC in a straight partisan vote at the end of the Obama Administration, but have not yet …

Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean? Read More »