EDPB releases agenda for fifth plenary

(Dec 5, 2018) The European Data Protection Board has released the agenda for its fifth plenary taking place in Brussels from Dec. 4 to 5. Topics the entire EDPB are currently discussing include the opinion of the European Commission’s adequacy decision for Japan and a request for an Article 64 opinion on the relationship between the EU General Data Protection Regulation and the ePrivacy Directive. EDPB subgroups and secretariat will focus on other issues, such as the second annual review of the EU-U.S. Privac... Read More

Legitimate interests in Turkey compared to EU

(Dec 4, 2018) In this Privacy Tracker post, Ozan Karaduman, CIPP/E, looks at legitimate interest as a lawful basis for data processing within the Turkish Data Protection Law and compares it to the rules around legitimate interest in the EU General Data Protection Regulation and the EU Data Protection Directive. "As the Turkish Data Protection Law is modeled on Directive 95/46/EC and also includes some concepts from the GDPR, legitimate interest became an important topic also in the Turkish data protection pra... Read More

South Korea's EU adequacy rests on new legislative proposals

(Nov 30, 2018) South Korea is making changes to its data protection enforcement system that will hopefully clear the way for its long-awaited adequacy decision from the European Union. South Korea initiated the EU adequacy decision process in 2015; however, there are problems with the independence of its enforcement bodies, and that's what the new legislation is designed to fix. When South Korea started down the adequacy road, the basis was its strict Personal Information Protection Act. The law created a Pers... Read More

Canada becomes attractive data spot as distrust of US grows

(Nov 30, 2018) As distrust mounts around the U.S. government’s data policies, Canada has become an attractive spot for companies to store data, The Globe and Mail reports. Global Relay Communications, a company that offers several data-based services, has been able to use the skepticism around the U.S. to expand into European markets. “European companies, if they had their choice, would prefer to store their data in Canada than in the United States,” Global Relay Founder Warren Roy said. University of Toronto ... Read More

EC warns against data localization proposal in India

(Nov 29, 2018) In a submission to the Ministry of Electronics and Information Technology, the European Commision said India’s proposed data localization requirements would likely carry “unnecessary costs, difficulties and uncertainties that could hamper business and investments,” The Economic Times reports. European Commission Head of International Data Flows and Protection Bruno Gencarelli cautioned that the draft policy contained “no clear guidance on when the central government might consider an exception ‘... Read More

Dispatch from DPC: GDPR enforcement, guidance to come in 2019

(Nov 28, 2018) Now that six months have passed since the EU General Data Protection Regulation went into effect, gauging the potential for enforcement action is top of mind here in Brussels. Threaded throughout this opening day of the IAPP Europe Data Protection Congress have been insights from some of the EU's top data protection regulators — from European Data Protection Board Chairwoman Andrea Jelinek and newly renamed Data Protection Commissioner for Ireland Helen Dixon to representatives from France's dat... Read More

Dispatch from Brussels: GDPR enforcement, guidance to come in 2019

(Nov 28, 2018) Now that six months have passed since the EU General Data Protection Regulation went into effect, gauging the potential for enforcement action is top of mind here in Brussels. Threaded throughout this opening day of the IAPP Europe Data Protection Congress has been insights from some of the EU's top data protection regulators — from European Data Protection Board Chairwoman Andrea Jelinek and newly renamed Data Protection Commissioner for Ireland Helen Dixon to representatives from French data p... Read More

South Korea's EU adequacy decision rests on new legislative proposals

(Nov 27, 2018) South Korea is making changes to its data protection enforcement system that will hopefully clear the way for its long-awaited adequacy decision from the European Union. The EU only allows frictionless personal data transfers to outside countries if their data protection regimes are deemed to be "adequate," or essentially comparable to that of the EU itself. Lucky recipients of such decisions include Canada, Argentina, Israel, Switzerland and — effectively, via the Privacy Shield framework — th... Read More

BCRs: 'Best case route' or 'better call reinforcements'?

(Nov 27, 2018) General Data Protection Regulation compliance was top of the list for many global corporate legal departments in 2018. As we plan for a world "post- GDPR" and set priorities for next year, what are appropriate next steps to strengthen a company’s privacy regime? Should a company react to worldwide privacy developments as they come, or is there a way to include biding corporate rules as part of a comprehensive and scalable privacy program? Binding corporate rules are known as the “gold standard”... Read More

A privacy pro's first-hand account of Privacy Shield's annual review: A Q&A

(Nov 27, 2018) Last month, the European Commission and U.S. Department of Commerce held their second annual joint review of the EU-U.S. Privacy Shield Framework in Brussels, Belgium. Harry Valetk, CIPP/E, CIPP/US, CIPM, a member of Baker McKenzie’s Privacy and Cyber Security Practice Group, was invited to Brussels by the Commerce Department to share his expertise with the European Commission on the trans-Atlantic data-transfer agreement. In this Q&A with Privacy Perspectives, Valetk shares some of his firs... Read More