Ann J. LaFrance

Blogs: Brexit Legal, eSQUIRE Global Crossings, Global IP & Technology Law Blog, SECURITY & PRIVACY // BYTES

Latest Articles

How Might a No-Deal Brexit Impact Your Organisation’s Data Protection Obligations?

By Ann J. LaFrance & Chloe Rankin on January 15, 2019

The UK Parliament has today, 15th January 2019, rejected the Government’s Brexit withdrawal agreement with the EU. This turn of events, which was widely anticipated, increases the prospect of a no deal Brexit, i.e. a break-up without a divorce settlement. According to law, the UK will leave the EU from 11pm GMT on 29th March 2019 with no deal unless Parliament has accepted the withdrawal agreement, or a modified version of it, or a new…

SECURITY & PRIVACY // BYTES

Data Protection Compliance: Do You Have an Appropriate Policy Document in Place?

By Ann J. LaFrance & Emma Yaltaghian on October 7, 2018

Just because 25 May 2018 has passed does not mean that data protection compliance has ended! The Data Protection Act 2018 (“DPA”) works with the GDPR, and introduces additional requirements that businesses will need to watch out for; there are however a number of derogations that are intended to better accommodate business needs.…

SECURITY & PRIVACY // BYTES

Why the ICO Fined Equifax £500,000

By Ann J. LaFrance & Chloe Abbott on September 27, 2018

On 19th September 2018, the Information Commission Officer (“ICO”) fined credit reference agency Equifax Limited £500,000 for breaching the Data Protection Act 1998 (“DPA”). Finding that Equifax Limited failed to protect the personal data of up to 15 million UK individuals, the ICO awarded the maximum penalty for a breach under the DPA. The ICO found that of the eight data protection principles established in the DPA, Equifax breached five. The finding considered how Equifax…

SECURITY & PRIVACY // BYTES

Procedure Launched for Japan and the European Union to Become the World’s Largest Area of Safe Data Transfers

By Ann J. LaFrance, Scott Warren, Bethany Bradley & Chloe Abbott on September 20, 2018

What’s New? On 5 September 2018, the EU Commission commenced proceedings to adopt an Adequacy Decision in relation to Japan’s protection of personal data by issuing a draft ‘Commission Implementing Decision’. This is an important step towards the culmination of discussions between the EU and Japan that were initiated in January 2017, with the aim of permitting the free flow of personal data between the parties. These discussions were part of the broader free trade…

SECURITY & PRIVACY // BYTES

European Parliament Calls on US to Show Compliance with EU-US Privacy Shield Within Two Months

By Ann J. LaFrance & Christina Economides on July 6, 2018

The European Parliament plenary adopted on 5 July 2018 the LIBE Committee’s Motion for Resolution on the EU-US Privacy Shield (‘Privacy Shield) indicating the general Parliament’s position towards its functioning. The non-binding resolution calls for the suspension of the Privacy Shield unless the US demonstrates compliance with its requirements by 1 September 2018. As per our previous post, the European Parliament considers that the personal data protection provided by the Privacy Shield is not adequate. …

SECURITY & PRIVACY // BYTES

WP29 Publishes Draft Guidelines on Transparency

By Ann J. LaFrance & Lucia Hartnett on December 13, 2017

On 12 December 2017, Article 29 Working Party (WP29) published its draft guidelines on transparency under the GDPR. As with the draft guidance on consent, published on the same day, WP29 invites comments to be submitted by 23 January 2018.…

SECURITY & PRIVACY // BYTES

WP29 Publishes Draft Guidelines on Consent

By Ann J. LaFrance & Lucia Hartnett on December 12, 2017

On 12 December 2017, Article 29 Working Party (WP29) published its long-awaited draft guidelines on consent under the GDPR. The guidelines build on WP29’s ‘Opinion on the definition of consent’, adopted in July 2011. As with the draft guidance on transparency, published the same day, WP29 invites comments to be submitted by 23 January 2018. The guidelines state that generally, in order to use consent as an appropriate lawful basis the data subject should…

SECURITY & PRIVACY // BYTES

Proposed e-Privacy Regulation in Trilogue Phase Making May 2018 Enforcement Unlikely

By Ann J. LaFrance & Matt Buckwell on December 10, 2017

Nearly a year ago, on 10 January 2017, the EU Commission released the proposed ePrivacy Regulation (ePR). The three main areas covered by the legislation are the use of electronic communications data by telecommunications operators and other specified entities, the use of tracking applications, and unsolicited direct marketing communications. The ePR aims to ensure a coherent, up-to-date framework capable of balancing economic interests and privacy rights of natural persons reflected in the Article 7 of…

SECURITY & PRIVACY // BYTES

GDPR Data Protection Impact Assessments Guidelines Released

By Ann J. LaFrance on October 19, 2017

The Article 29 Working Party has adopted Guidelines on Data Protection Impact Assessments (DPIAs), following its consultation on a draft version published in April 2017. The final version provides additional guidance in a number of areas without materially changing the position. Further guidance is provided on the trigger for mandatory DPIAs – whether the processing is likely to result in a “high risk to the rights and freedoms of natural persons.” Additional emphasis is placed…

eSQUIRE Global Crossings

Shining a light on the GDPR – is the insolvency profession prepared?

By Ann J. LaFrance on October 19, 2017

What is the GDPR? The General Data Protection Regulation (GDPR) is an EU regulation designed to strengthen and harmonise data protection rules for processing data of all individuals within the EU and covers the transfer of such personal data outside the EU. One of the aims of the new legislation is to give control back to individuals over their personal data by establishing new rights for individuals in relation to their data and imposing more stringent obligations…

Ann J. LaFrance

How Might a No-Deal Brexit Impact Your Organisation’s Data Protection Obligations?

Data Protection Compliance: Do You Have an Appropriate Policy Document in Place?

Why the ICO Fined Equifax £500,000

Procedure Launched for Japan and the European Union to Become the World’s Largest Area of Safe Data Transfers

European Parliament Calls on US to Show Compliance with EU-US Privacy Shield Within Two Months

WP29 Publishes Draft Guidelines on Transparency

WP29 Publishes Draft Guidelines on Consent

Proposed e-Privacy Regulation in Trilogue Phase Making May 2018 Enforcement Unlikely

GDPR Data Protection Impact Assessments Guidelines Released

Shining a light on the GDPR – is the insolvency profession prepared?

Company

Support

New to the Network