Data Protection Report

Data protection legal insight at the speed of technology

Latest from Data Protection Report - Page 2

Tentative further steps towards an agreed ePrivacy Regulation

By Lara White (UK) & Fiona Bundy-Clarke (UK)

February 15, 2021

shutterstock_1105158764 — A computer programmer or hacker prints a code on a laptop keyboard to break into a secret organization system.

It has been some months since we wrote about the ePrivacy Regulation and some years since the first draft was proposed. Since then, we have seen numerous delays in achieving an agreed form of legislation, caused in part by strong views on how privacy and confidentiality shape the development of electronic communications services and passionate industry lobbying by both the AdTech industry and privacy organisations. On 10 February 2021, the Council of the EU’s Permanent…

Data Protection Report

Incentivizing public utilities to enhance cybersecurity: FERC’s proposed regulation

By Will Daugherty (US) & Susan Ross (US)

February 11, 2021

On February 5, 2021, the Federal Energy Regulatory Commission (“FERC”) published proposed regulations in the Federal Register that would provide federal financial incentives to utilities that voluntarily increase certain cybersecurity measures above those required by the Critical Infrastructure Protection Reliability Standards (“CIP Reliability Standards”) or by the NIST, Framework for Improving Critical Infrastructure Cybersecurity (“NIST Framework”). (86 Fed. Reg. 8309-8325 (Feb. 5, 2021).) To obtain the incentive, these voluntary measures must “materially enhance the cybersecurity…

Data Protection Report

Amendments to the Personal Data Protection Act In Force

By Stella Cramer (SG), Wilson Ang (SG), Jeremy Lua (SG) & Crystal Wong

February 1, 2021

On 29 January 2021, the Personal Data Protection Commission (PDPC) announced that certain sections of the Personal Data Protection (Amendment) Act 2020 (the PDPA Amendments) will take effect from 1 February 2021 – please see PDPC’s announcement; the gazetted Commencement Notification. This legal update provides a high-level summary of the PDPA Amendments that have taken effect. The changes introduced by the PDPA Amendments to the Personal Data Protection Act 2012 (the PDPA) are…

Data Protection Report

New German fine: EUR 10.4 million for unlawful CCTV

By Christoph Ritzer (DE) & Natalia Filkina (DE)

January 13, 2021

shutterstock_312787952 — Closed circuit television on wall

A German state data protection authority has issued a fine of EUR 10.4m against a mid-size online retailer who allegedly violated the EU General Data Protection Regulation (GDPR) by monitoring their employees using CCTV. The State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit) of Lower Saxony (the State Commissioner) imposed the fine on the electronics retailer “notebooksbilliger.de AG” (the Retailer) at the end of 2020. The Retailer used CCTV…

Data Protection Report

Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority

By Ffion Flockhart (UK) & Steven Hadwin (UK)

January 6, 2021

The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to be aware of significant changes to the way in which cross-border personal data breaches with a UK angle will need to be notified to data protection authorities (DPAs)…

Data Protection Report

US banking regulators propose a rule for 36-hour notice of breach

By David Kessler (US) & Susan Ross (US)

January 5, 2021

A night neon street at the downtown in Akihabara Tokyo long shot Japan Tokyo City — A night neon street at the downtown long shot. Taito district Akihabara Tokyo / Japan - 01.14.2020 Japan Tokyo City

On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” The proposed rule would also affect companies that provide certain services to those banks, including data processing. Those service providers…

Data Protection Report

EU-UK Trade and Cooperation Agreement: Implications for data protection law

By Fiona Bundy-Clarke (UK)

January 4, 2021

On Christmas Eve, the EU and UK announced that a Trade and Cooperation Agreement (TCA) had been finalised. With it, came a sigh of relief from data protection practitioners everywhere. This is because the TCA provides an extension period, of a sort, to allow the European Commission time to conclude its adequacy assessment of the UK. Without this, EEA-UK data transfers would otherwise have been restricted at the end of the Brexit transition period. The…

Data Protection Report

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Three

By Marcus Evans (UK), Jay Modrall (BE) & Michael Sinclair (UK)

December 17, 2020

On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data. This is part three of a series of three blog posts. In this blog post, we consider the DGR’s relationship to competition law rules. The DGR’s relationship to competition law rules The DGR specifies that: It does not affect the application of…

Data Protection Report

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

By Marcus Evans (UK), Jay Modrall (BE) & Michael Sinclair (UK)

December 17, 2020

On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data. This is part two of a series of three blog posts. In this blog post, we outline the new regimes for data sharing service providers and data altruism under the DGR, and consider the potential impact on businesses. New regime for data…

Data Protection Report

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

By Marcus Evans (UK), Jay Modrall (BE) & Michael Sinclair (UK)

December 17, 2020

On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data. This is part one of a series of three blog posts. In this first blog post, we outline key aspects of the DGR, set it in the context of other reforms proposed by the EC, consider public-sector data sharing under the DGR,…

Data Protection Report

Data protection legal insight at the speed of technology

Tentative further steps towards an agreed ePrivacy Regulation

Incentivizing public utilities to enhance cybersecurity: FERC’s proposed regulation

Amendments to the Personal Data Protection Act In Force

New German fine: EUR 10.4 million for unlawful CCTV

Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority

US banking regulators propose a rule for 36-hour notice of breach

EU-UK Trade and Cooperation Agreement: Implications for data protection law

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Three

EU data governance regulation – A wave of digital, regulatory and antitrust reform begins – Part Two

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Stay Connected

Company

Products

Support

New to the Network