A German state data protection authority has issued a fine of EUR 10.4m against a mid-size online retailer who allegedly violated the EU General Data Protection Regulation (GDPR) by monitoring their employees using CCTV. The State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit) of Lower Saxony (the State Commissioner) imposed the fine on the electronics retailer “notebooksbilliger.de AG” (the Retailer) at the end of 2020. The Retailer used CCTV…

Data Protection Report

Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority

By Ffion Flockhart (UK) & Steven Hadwin (UK)

January 6, 2021

The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to be aware of significant changes to the way in which cross-border personal data breaches with a UK angle will need to be notified to data protection authorities (DPAs)…

Data Protection Report

US banking regulators propose a rule for 36-hour notice of breach

By David Kessler (US) & Susan Ross (US)

January 5, 2021

A night neon street at the downtown in Akihabara Tokyo long shot Japan Tokyo City — A night neon street at the downtown long shot. Taito district Akihabara Tokyo / Japan - 01.14.2020 Japan Tokyo City

On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” The proposed rule would also affect companies that provide certain services to those banks, including data processing. Those service providers…

Data Protection Report

EU-UK Trade and Cooperation Agreement: Implications for data protection law

By Fiona Bundy-Clarke (UK)

January 4, 2021

On Christmas Eve, the EU and UK announced that a Trade and Cooperation Agreement (TCA) had been finalised. With it, came a sigh of relief from data protection practitioners everywhere. This is because the TCA provides an extension period, of a sort, to allow the European Commission time to conclude its adequacy assessment of the UK. Without this, EEA-UK data transfers would otherwise have been restricted at the end of the Brexit transition period. The…

Data Protection Report

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Three

By Marcus Evans (UK), Jay Modrall (BE) & Michael Sinclair (UK)

December 17, 2020

On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data. This is part three of a series of three blog posts. In this blog post, we consider the DGR’s relationship to competition law rules. The DGR’s relationship to competition law rules The DGR specifies that: It does not affect the application of…

Data Protection Report

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

By Marcus Evans (UK), Jay Modrall (BE) & Michael Sinclair (UK)

December 17, 2020

On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data. This is part two of a series of three blog posts. In this blog post, we outline the new regimes for data sharing service providers and data altruism under the DGR, and consider the potential impact on businesses. New regime for data…

Data Protection Report

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

By Marcus Evans (UK), Jay Modrall (BE) & Michael Sinclair (UK)

December 17, 2020

On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data. This is part one of a series of three blog posts. In this first blog post, we outline key aspects of the DGR, set it in the context of other reforms proposed by the EC, consider public-sector data sharing under the DGR,…

Data Protection Report

CCPA regulations: perhaps the fourth time is the charm

By David Kessler (US) & Susan Ross (US)

December 14, 2020

On December 10, 2020, the California Attorney General proposed a fourth set of modifications to the California Consumer Privacy Act (CCPA) regulations, in response to comments received regarding the October proposed modifications. (We had written about the October proposals here.)…

Data Protection Report

Bill C-11: Canada proposes new data privacy legislation

By Colin Hyslop (CA)

November 20, 2020

shutterstock_477883783 — Blockchain digital background

On November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Act, will create new data privacy obligations and new enforcement mechanisms for these obligations if it becomes law.…

Data Protection Report

COVID tracing & AI: Physically distant, socially together

By Daniel Daniele (CA)

November 18, 2020

authorization on virtual screen with blue matrix

As the second wave of COVID-19 spreads across Canada, the use of COVID-19 tracing apps is on the rise. For example, the Government of Canada released COVID Alert–an app using Bluetooth technology to help people report positive diagnoses, and control the spread of the virus. The success of the app depends on a high quantity of users, but concerns over privacy and the use of artificial intelligence (AI) in analyzing the data may hinder…

Data Protection Report

Data protection legal insight at the speed of technology

Blog Authors

New German fine: EUR 10.4 million for unlawful CCTV

Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority

US banking regulators propose a rule for 36-hour notice of breach

EU-UK Trade and Cooperation Agreement: Implications for data protection law

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Three

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

CCPA regulations: perhaps the fourth time is the charm

Bill C-11: Canada proposes new data privacy legislation

COVID tracing & AI: Physically distant, socially together

Stay Connected

Company

Products

Support

New to the Network