Jay Modrall (BE)

Firm/Organization: Norton Rose Fulbright

Blogs: Data Protection Report, Financial services: Regulation tomorrow

Latest Articles

EU Data Package Highlights Connections between Data Protection and the Digital Single Market

By Jay Modrall (BE) on January 16, 2017

On January 10, 2017, the EU Commission published a package of documents on the EU’s data economy strategy, including e-privacy, data protection and the “European Data Economy.” The Commission documents, published in the context of the Commission’s digital single market (“DSM”) initiative announced in May 2015, illustrate again the strong links between the EU’s digital regulatory strategy, data protection, intellectual property and antitrust policy, notably including the Commission’s preliminary report on its sector inquiry on…

Data Protection Report

Big data: French and German authorities explore antitrust issues

By Jay Modrall (BE) on May 12, 2016

CISA cybersecurity sharing — HTML code over deep blue background

On May 10, 2016, the French and German antitrust authorities published a joint study on competition law and the collection and use of data, particularly so-called big data (the Big Data Study). Data protection as such is outside the scope of EU competition laws, but antitrust authorities have considered the significance of data on a number of occasions, often in the context of merger reviews such as the EU Commission’s Facebook/WhatsApp case.…

Data Protection Report

Details of Privacy Shield published

By Marcus Evans (UK), Jay Modrall (BE), Christoph Ritzer (DE) & Sven Jacobs (DE) on March 1, 2016

On February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The Commission’s proposed adequacy decision holds that “the United States ensures an adequate level of protection for personal data…

Data Protection Report

EU Article 29 Working Party prepares for General Data Protection Regulation and responsibilities as European Data Protection Board

By Marcus Evans (UK) & Jay Modrall (BE) on February 15, 2016

iStock_000011704397_XXXLarge Europe Map Cartography World Map Mediterranean Sea — Europe

On February 11, 2016, the Article 29 Working Party (WP29) issued a statement setting out its 2016 action plan for implementation of the General Data Protection Regulation (GDPR) and its work programme for 2016-2018. WP29 will have 8 working groups leading the implementation of the 2016-2018 work programme. The statement highlights the following points: WP29 will develop guidelines, tools and procedures for the GDPR framework to be effective for the first semester of 2018. The…

Data Protection Report

EU-US Privacy Shield scrutinized in Article 29 Working Party initial response

By Marcus Evans (UK), Jay Modrall (BE) & Adam Smith (UK) on February 3, 2016

On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.…

Data Protection Report

Political agreement on EU Data protection reforms: the real count-down to compliance has started

By Marcus Evans (UK) & Jay Modrall (BE) on December 17, 2015

On December 15, the Civil Liberties Committee (LIBE) of the European Parliament issued a press release announcing a provisional political agreement between the European Parliament and Council negotiators on the texts of both the General Data Protection Regulation and the Police & Judicial Cooperation Data Protection Directive. Formal approval by the Council is expected shortly and by the European Parliament in early 2016, after which the legislation will be published in the Official Journal. The…

Data Protection Report

Council and European Parliament reach agreement on NIS Directive

By Jay Modrall (BE) & Marcus Evans (UK) on December 10, 2015

On December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union for Foreign Affairs and Security Policy published a strategy for ‘An Open, Safe and Secure Cyberspace’ and proposed a directive…

Data Protection Report

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

By Marcus Evans (UK) & Jay Modrall (BE) on November 23, 2015

On November 9, 2015, the President of the Brussels Court of First Instance ordered Facebook to stop tracking non-members in Belgium without their consent. The court imposed a penalty of EUR 250,000 per day for non-compliance. The proceeding is the result of a formal recommendation that the Belgian Privacy Commission (BPC) issued in May 2015 requesting Facebook to cease the tracking of non-users. The BPC alleged that Facebook collected information about the web browsing behavior…

Data Protection Report

WP29 Issues Post-Safe Harbor Guidance

By Marcus Evans (UK), Jamie Nowak (DE) & Jay Modrall (BE) on October 16, 2015

The following is the statement of WP29 on the Schrems decision. It is a short opinion that we replicated here in full. We note that WP29 appears to suggest that model clauses and BCRs remain viable through at least January 2016, which is when WP29 would like to see the US and EU agree to a legal, political and technical solution on data transfers. The opinion suggests coordinated enforcement by DPAs after January 2016, but it is…

Data Protection Report

CJEU decision in Schrems: what businesses should do next

By Marcus Evans (UK), Jay Modrall (BE) & Daniel Ashkar (GER) on October 8, 2015

This week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case). This followed a similar opinion from its Advocate General, which also sets out the facts of the case. The decision will impact businesses that rely on the EU-US Safe Harbor to legitimize their storage in, or access from, the US of personal data that is subject to EU data protection…

Jay Modrall (BE)

EU Data Package Highlights Connections between Data Protection and the Digital Single Market

Big data: French and German authorities explore antitrust issues

Details of Privacy Shield published

EU Article 29 Working Party prepares for General Data Protection Regulation and responsibilities as European Data Protection Board

EU-US Privacy Shield scrutinized in Article 29 Working Party initial response

Political agreement on EU Data protection reforms: the real count-down to compliance has started

Council and European Parliament reach agreement on NIS Directive

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

WP29 Issues Post-Safe Harbor Guidance

CJEU decision in Schrems: what businesses should do next

Company

Support

New to the Network