Eduardo Ustaran

Photo of Eduardo Ustaran
Connect: Read more about Eduardo Ustaran
Firm/Organization: Hogan Lovells
Blogs: Global Media and Communications Watch, HL Chronicle of Data Protection

Latest Articles

“There is a cliff, whose high and bending head looks fearfully in the confined deep. Bring me but to the very brim of it” says the blinded Earl of Gloucester in Shakespeare’s King Lear, thinking that he is at the edge of the famous white cliffs of Dover. Right now, the whole of the UK appears to be on the same spot looking over a precipice. However, this is not the moment to be blind. As…
Amid the constitutional and political uncertainties surrounding the Brexit process, the UK Government has provided welcome assurance on the data protection front. Guidance issued by the Department for Digital, Culture, Media & Sport (DCMS) confirms how UK data protection law will work in the event the UK leaves the EU without a deal. Whilst the Government still regards a No Deal Brexit as “unlikely”, given the extremely severe implications of that scenario for transfers of…
The EU General Data Protection Regulation is now a fully functioning six-month old creature, which has brought with it significant evolutionary changes. One of the most notable innovations of the new European data protection framework is its ambitious extra-territorial application. The introduction of brand new grounds for the applicability of the law was a major development. As a result, and as essential as this is, the GDPR’s territorial scope of application has become one of…
The draft text of the EU-UK withdrawal agreement was published by the UK Government and the European Union yesterday, providing some of the first concrete indicators of the possible direction of travel in the area of data protection. Analysis of the text has barely started, but some of our initial conclusions are outlined below.…
Unless there is a political earthquake (some would say a miracle) Brexit will happen on 29 March 2019. Many fear a hard Brexit. Some are hoping for a hard Brexit. A majority appear to want a soft Brexit. And many others would strongly prefer that Brexit wasn’t happening at all. But whatever its flavour, upon Brexit the UK will cease to be an EU Member State and become a so-called ‘third country’. As a result,…
compass
As part of its preparations for a “no deal” scenario when the Article 50 negotiating period comes to an end on 29 March 2019, the Department for Digital, Culture, Media and Sport (“DDCMS”) has today released guidance on “Data protection if there’s no Brexit deal”. The UK will become a “third country” on its exit from the European Union, which means that unhindered cross-border transfers of data will no longer automatically be able to take…
In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR. A link to the video of his presentation can be found here and a detailed report of the presentation is available here.…
In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR. A link to the video of his presentation can be found here and a detailed report of the presentation is available here.…
More than 15 years after the adoption of the Data Protection Directive1, the European Commission noticed that the current legislative framework on data protection did not adequately deal with the risks associated with online activity2. Acknowledging this, the General Data Protection Regulation (GDPR)3 was finally adopted by the European Parliament on 14 April 2016, entering into force in May 2016 and becoming directly applicable in all Member States on 25 May 20184. The GDPR targets…
Could the GDPR give rise to forum shopping and are there any pre-litigation strategies that should be considered? Here, we review four key elements that should be kept in mind in respect of data class actions in the EU. Damages In the US, many class actions are dismissed for lack of ‘standing’, i.e. because the litigants do not demonstrate that they suffered an ‘injury in fact’ that is concrete and actual or imminent. Does the…