Inside Privacy

Updates on developments in data privacy and cybersecurity

Subscribe
Visit Blog
By: Covington & Burling LLP

Blog Authors

Ashden Fein
Ani Gevorkian
Anna Herrmann
Alexandra Scott
Ashwin Kaja
Anna D. Kraus
Alexander Berengaut
Anna Carrier (BE)
Anna Oberschelp de Meneses
Adrian Perry
Alyson Sandler
Andrew Vaden
B.J. Altvater
Burr Eckstut
Brooke Kahn
Brandon Rattiner
Bruce Bennett
Bert Wells
Cameron Harvey (AU)
Calvin Cohen
Carlo Kostka
Charlotte Ryckman
Caleb Skeath
David Bender
Dan Cooper
David Fagan
David Fink
Dan Kahn
David Stein
Dustin Cho
Eric Bosset
Libbie Canter
Ethan Forrest
Eric Carlson
Ezra Steinhardt
Fredericka Argent
Franka Felsner
Greg Frischmann
Gemma Nash
Gerard J. Waldron
Harriet Fletcher
Hee-Eun Kim
Hannah Lepow
Helena Marttila-Bridge
Helena Milner-Smith
Jetty Tielemans
Huanhuan Zhang
Inside Privacy
Jayne Ponder
Jonathan Benjamin
Jack Boeglin
Jeff Bozman
John Buchanan
Jadzia Pierce
Sam Jungyun Choi
John Graubert
Joshua Gray
Jordan Hirsch
Jim Garland
Jordan Joachim
Joseph Jones
James Strawbridge
Jetty Tielemans
Katharine Goodloe
Kristi Cercone
Kate Kinchlea
Kristof Van Quathem
Kurt Wimmer
Lindsay Brewer
Laura Brookover
Laura Corbett
Lindsay Burke
Liza Khan
Laura Kim
Lauren Moxley
Lisa Peets
Lindsey Tonsager
Lauren Wiseman
Miranda Cole
Moriah Daugherty
Matthew Davie
Matthew DelNero
Marialuisa Gallozzi
Marty Hansen
Micaela McMurrough
Micha Nandaraj Gallo
Mike Nonaka
Melanie Ramey
Mark Young
Nigel Howard
Nicholas Shepherd
Ben Duke
Priscilla Fasoro
Phil Bradley-Schmieg
Paige Jennings
Robert D. Fram
Randall Friedland
Rafael Reyneri
Rebecca Yergin
Sam Adriance
Sophie Bertin
Susan B. Cassidy
Samantha Clark
Sheng Huang
Scott Levitt
Sari Sharoni
Steve Surdu
Trisha Anderson
Tarek Austin
Ting Xiang
Uttara Dukkipati
Ulrike Elteste
Victor Ban
Victoria Gilbert
Weiss Nusraty
Yaron Dori
Yan Luo
Zachary Mears
Zhijing Yu

Latest from Inside Privacy

On April 19, 2019, China’s Ministry of Public Security (“MPS”) released the final version of its Guideline for Internet Personal Information Security Protection (互联网个人信息安全保护指南) (the “Guideline”).  A previous version of the Guideline was released for public comments on November 30, 2018. Under China’s Cybersecurity Law (the “CSL”), MPS is the key regulator tasked with protecting cybersecurity and combating cybercrime.  Following the issuance of the draft Regulations on Cybersecurity Multi-level Protection Scheme (the “Draft MLPS Regulation”,…
On 9 April 2019, the European Data Protection Board (“EDPB”) adopted new guidelines “on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.” In general, the GDPR requires that processing of personal data be justified under a legal basis in Article 6 GDPR.  One such legal basis is Article 6(1)(b), which covers data processing that is “necessary for the performance of a contract…
On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the  EU General Data Protection Regulation (“GDPR”).  The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on the same topic (which we discuss in our blog post here).  Below, we summarize the main takeaways of the…
On Wednesday, the U.S. Department of Justice released a white paper and FAQ on the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which was enacted in March 2018 and creates a new framework for government access to data held by technology companies worldwide.  The paper, titled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act,” addresses the scope and purpose of…
On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper (available here in German) on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent  and the principle of purpose limitation. According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope…
On April 8, 2019, the EU High-Level Expert Group on Artificial Intelligence (the “AI HLEG”) published its “Ethics Guidelines for Trustworthy AI” (the “guidance”).  This follows a stakeholder consultation on its draft guidelines published in December 2018 (the “draft guidance”) (see our previous blog post for more information on the draft guidance).  The guidance retains many of the same core elements of the draft guidance, but provides a more streamlined conceptual framework and…
The European Commission (“Commission”) has published a Recommendation on cybersecurity in the energy sector (“Recommendation”).  The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here).  It sets out guidance to achieve a higher level of cybersecurity taking into account specific characteristics of the energy sector, including the use of legacy technology and interdependent systems across borders.…
This article originally appeared in Global Data Review on March 29, 2019 Last year, the US passed legislation expanding the geographic reach of certain legal process, including search warrants, issued to technology providers seeking customer data. Under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, warrants issued by US courts can force certain types of providers to disclose customer data stored anywhere in the world. Notably, the CLOUD Act does not affect only US…
On March 28, 2019, the Council of Europe* issued a new Recommendation on the protection of health-related data.  The Recommendation calls on all Council of Europe member states to take steps to ensure that the principles for processing health-related data (in both the public and private sector) set out in the Appendix of the Recommendation are reflected in their law and practice. This Recommendation is likely to be of interest to both public sector and…
On March 26, 2019, the Polish Supervisory Authority (“SA”) issued a fine of around €220,000 against a company that processed contact data obtained from publicly available sources without informing the individuals concerned (decision in Polish here and English summary here). Article 14 of the GDPR requires data controllers, who do not obtain personal data directly from the individuals concerned, to provide these individuals with information about how their data is processed within a reasonable…