Data Protection Report

Data protection legal insight at the speed of technology

Latest from Data Protection Report - Page 2

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

By Ann Henderson (CA), Julie Himo (CA), John Cassell (CA) & Alexis Kerr (CA)

October 1, 2019

On September 23, the Office of the Privacy Commissioner of Canada (OPC) announced, following consultation with stakeholders, that it will maintain the position set out in its 2009 guidelines that an organization’s transfer of personal information to a third party for processing, including a transfer across the Canadian border, is a “use” of that personal information, and not a disclosure that requires separate consent. This announcement brings at least temporary clarity to an issue…

Data Protection Report

Data protection and cyber risk issues in arbitration – dealing with regulation, cyber attacks and hacked evidence

By Pierre Bienvenu (CA) & Ben Grant (UK)

September 20, 2019

The GDPR has significantly altered the landscape of data protection. Its broad scope and potentially severe penalties have forced those who hold and process data to take note of its provisions. In certain instances, that will include many in the international arbitration community, such as arbitral institutions. In parallel, cyber attacks and instances of hacking in the arbitration context have brought cyber security issues to the fore. As a result, data protection and cyber security…

Data Protection Report

And then there were five: CCPA amendments pass legislature

By Jeewon Kim Serrato (US) & Susan Ross (US)

September 17, 2019

Executive Summary: The wait is over: Only five CCPA amendments made it through the California legislature. The amendments are limited in scope, which means the CCPA will go into effect, largely intact, on January 1, 2020.…

Data Protection Report

Deadline extended for compulsory registration on Data Controller registry

By Ekin Inal (TR)

September 6, 2019

Obligations We previously reported that Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior to processing any personal data.…

Data Protection Report

CCPA: “Wait and see” is not the right approach

By Chris Cwalina (US), David Kessler (US), Steve Roosa (US), Jeewon Kim Serrato (US) & Susan Ross (US)

August 29, 2019

We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links below). Others point to the California Attorney General regulations that will be released in draft form in the next few…

Data Protection Report

ICO joins other data protection authorities in issuing statement on Facebook’s cryptocurrency Libra project

By Lara White (UK), Shiv Daddar (UK) & Hemin Hazar (UK)

August 22, 2019

On 18 June 2019, Facebook announced plans to launch a new blockchain enabled cryptocurrency called Libra.…

Data Protection Report

Turkey’s data protection legislation on data controller registry to impact data controllers outside of Turkey

By Ekin Inal (TR)

August 20, 2019

Obligations Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior to processing any personal data. Data controllers which fail to fulfil this obligation may be subject to an administrative fine of an amount between…

Data Protection Report

The CNIL publishes new guidelines on cookies and other similar technologies

By Nilofar Moini Shabestari (FR) & Nadège Martin (FR)

August 13, 2019

Mobile phones background. Pile of different modern smartphones. 3d

On 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on how to collect consent.…

Data Protection Report

One-Month Countdown to Pass CCPA Amendments Begins

By Jeewon Kim Serrato (US) & Susan Ross (US)

August 12, 2019

authorization on virtual screen with blue matrix

On August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline. As previously reported, any amendment that passes from the Senate will likely need to go back to the Assembly since many of them have been…

Data Protection Report

Website operators joint controllers with third-party plugin providers

By Lara White (UK), Natalia Filkina (DE) & Shiv Daddar (UK)

August 12, 2019

On 29 July 2019, the European Court of Justice (ECJ) issued its judgement on Case C-40/17 (the “Fashion-ID” case). In its ruling, the ECJ held that operators of websites embedding Facebook’s “Like” button act as data controllers jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to the relevant websites. In relation to these processing activities, the website operators must inform their website visitors about the…

Data Protection Report

Data protection legal insight at the speed of technology

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

Data protection and cyber risk issues in arbitration – dealing with regulation, cyber attacks and hacked evidence

And then there were five: CCPA amendments pass legislature

Deadline extended for compulsory registration on Data Controller registry

CCPA: “Wait and see” is not the right approach

ICO joins other data protection authorities in issuing statement on Facebook’s cryptocurrency Libra project

Turkey’s data protection legislation on data controller registry to impact data controllers outside of Turkey

The CNIL publishes new guidelines on cookies and other similar technologies

One-Month Countdown to Pass CCPA Amendments Begins

Website operators joint controllers with third-party plugin providers

Stay Connected

Company

Support

New to the Network