HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Subscribe
Visit Blog
By: Hogan Lovells

Blog Authors

Aaron Lariviere
Adam Cooke
Alexandra Grundy
Ashley Hutto-Schultz
Alvin F. Lindsay
Alla Gorbushina
Allison Bender
Andrew McGinty
Arielle Brown
Arpan Sura
Barbara Bennett
Britanie Hall
Bret Cohen
Brian Kennedy
Catherine Essig
Carly Didden
Charlie Wood
Christian Ritz
Dr. Christian Tinnefeld
Christine Gateau
Dr. Christian E. Mammen
Conor Ward
César Ortiz-Úrculo
Christopher Pickens
Christopher Wolf
Donald DePass
Elizabeth Campion
Ed Bowyer
Edith Ramirez
Ewa Kacperek
Elisabethann Wright
Emily Goldman
Eric Bukstein
Elizabeth Slattery
Eugene Low
Eduardo Ustaran
Federico De Noriega Olea
Fran Faircloth
Falk Schoening
Gerry Oberst
George Willis
Giulia Mariuz
Gonzalo Gallego
Gregory Lisa
H. Deen Kaplan
Dr. Henrik Hanßen
Hannah Jackson
HL Chronicle of Data Protection
Harriet Pearson
Ian MacFarlane
Jan Spittka
Jasmeet Ahuja
Jakub Baczuk
Joke Bodewits
James Denvil
Joe Vladeck
John Bridge
Jamie Potter
Jonathan Stoel
Jon Talotta
Julie Brill
Jun Wei
Kate Wilford
Katherine Gasztonyi
Katie McMullan
Kurt Tiam
C. Kyle Simpson
Logan Breed
Łukasz Czynienik
Leishen Pillay
Lisa Ellman
Liang Xu
Lillian Hardy
Lionel de Souza
Lanah Kammourieh
Louise Crawford
Lilly Taranto
Dr. Lukas Ströbel
Mac Macmillan
Marco Berliri
Dr. Marcus Schreibauer
Marcy Wilder
Maree Sneed
Mark Brennan
Mark Paulding
Mark Taylor
Marta Colonna
Dr. Martin Pflüeger
Matthieu Richard
Meghan Edwards Ford Rissmiller
Melissa Bianchi
Mathilde Gérot
Madeline Gitomer
Michael Epshteyn
Michele Farquhar
Mike Kass
Michelle Kisloff
Massimiliano Masnada
Mark Parsons
Maria Sedykh
Matthew Sharkey
Michelle Tellock
Nadine Peters
Natalia Gulyaeva
Nathan Salminen
Neil O'Hanlon
Nick Westbrook
Nils Rauer
Pablo Rivas
Patrick Kane
Pauline Le Bousse
Paul Maynard
Peter Colegate
Patrice Navarro
Paul Otto
Quentin Archer
Richard Schaberg
Randy Miller
Rod Freeman
Roy Zou
Ryan Woo
Rik Zagers
Stuart Altman
Sam Choi
Sarah Taieb
Scott Loughlin
Sherry Gong
Stephenie Gosnell Handler
Shee Shee Jin
Sachiko Jepson
Sian Rudgard
Steve Spagnolo
Steven Steinborn
Dr. Stefan Schuppert
Stephanie Gold
E. Tazewell Ellett
Tim Lester
Tim Wybitul
Trevor R. Jefferies
Tom McGovern
Timothy Tobin
Tulasi Leonard
Vassi Iliadis
Victoria Hordern
Wesley Platt
Winston Maxwell
Dr. Wolf-Tassilo Böhm
Xenia Legendre

Latest from HL Chronicle of Data Protection

CA Consumer Privacy Act
The California Consumer Privacy Act of 2018 (“CCPA”) provides a series of new compliance obligations and operational challenges for companies doing business in California. A vital first step for any company subject to the CCPA and looking to forge a practical path forward is to inventory the personal information (“PI”) that the company collects, stores, and shares with others. As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise.
Unless there is a political earthquake (some would say a miracle) Brexit will happen on 29 March 2019. Upon Brexit the UK will cease to be an EU Member State and become a so-called 'third country'. As a result, UK-based organisations, which in the context of transfers of personal data to countries outside the EU have always been exporters, will become importers of data originating from the EU. This is a serious concern because transfers of personal data from the EU to third countries are severely restricted. So a key UK Government objective from day one has been to ensure that the UK is regarded as an adequate jurisdiction, which would allow unconstrained transfers of personal data from the EU. But will it be?
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. Legislative history can speak volumes about those word choices, and the unique legislative history of the California Consumer Privacy Act of 2018 (CCPA) only highlights the importance of understanding the terms used in the act. We thus focus here on discussing some of the CCPA’s key definitional terms.
On September 4, the Legislative Decree no. 101 of August 10, 2018 for the national implementation of General Data Protection Regulation (EU) 2016/679 was published in the Official Journal. The Decree integrates the provisions of the GDPR, that were previously left to the autonomy of the Member States and will enter into force on September 19, 2018.
compass
The Department for Digital, Culture, Media and Sport ('DDCMS') has today released guidance on "Data protection if there's no Brexit deal", which is part of its preparations for if there is a "no deal" scenario when the Article 50 negotiating period comes to an end on 29 March 2019. The UK will become a "third country" on its exit from the European Union, which means that unhindered cross-border transfers of data will no longer automatically be able to take place between the UK and the EU. The guidance confirms that, given the "unprecedented alignment" between the UK and EU data protection regimes, the UK would continue to allow transfers of data from the UK to the EU at the point of exit. However, the Commission has made it clear that they would not make a decision on adequacy until the UK is a third country (that is, after 29 March 2018), and its procedure for reaching a decision typically lasts several months.
We have heard the California Consumer Privacy Act of 2018 (CCPA) called many things since its enactment on June 28, 2018. Our experience to date has confirmed the compliance challenge ahead for organizations that engage with the residents of the world's fifth-largest economy. We will explore the ramifications for businesses of this seminal legislation in this multi-part series, "The Challenge Ahead" authored by members of Hogan Lovells' CCPA team. In this first installment, we describe recent activity to enact so-called “technical” amendments to the CCPA.
India's Committee of Experts has submitted a draft Data Protection Bill for review by the Ministry of Electronics and Information Technology. The Bill represents an important milestone for India, which has yet to enact comprehensive, principles-based data protection regulation, lagging a trend set in recent years by Singapore, the Philippines and others in the region playing catch up to Hong Kong and Japan, which have both had such regulation in place for years now.
On June 28, 2018 the European Court of Human Rights decided that the German Supreme Court had correctly denied two individuals their "right to be forgotten" requests in connection with press archives relating to a 1991 murder. The German Supreme court reasoned that the interests of the public in having access to the information outweighed the interference with the plaintiff's privacy rights. Upon hearing the case, the ECtHR agreed and found that Germany had correctly applied the balancing test relating to right to be forgotten claims.