Web con: 'U.K. Data Protection Post-Brexit'

(Feb 15, 2019) Brexit is scheduled to take place in March, and organizations should prepare for a new state of data governance in the U.K. and data transfers in other jurisdictions. The U.K. government published draft legislation last December called the “U.K. GDPR” to define what will happen to standard contractual clauses, binding corporate rules and adequacy decisions. Join the IAPP Feb. 14 for this web conference to hear Bird & Bird Partner and Co-Head of International Data Protection Practice Ruth Boa... Read More

EC considered asking Facebook for Privacy Shield help

(Feb 14, 2019) Internal documents reveal the European Commission sought to have Facebook help convince the U.S. government to fulfill its requirements for the EU-U.S. Privacy Shield agreement, EUobserver reports. The documents show EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová considered the plea when she met with Facebook Chief Operating Officer Sheryl Sandberg last January. "As one of the major US tech companies, I count on you to support the sustainability of the Privacy Shield by ... Read More

ICO releases Brexit checklist for law enforcement

(Feb 14, 2019) The U.K. Information Commissioner’s Office has released a checklist for law enforcement authorities to follow in the event the U.K. leaves the European Union without a data deal. The checklist is broken down into five steps. The ICO advises law enforcement to continue to comply with Part 3 of the Data Protection Act 2018, review all their documentation, and educate staff members on “the ongoing importance of data protection compliance, as well as specific implications for data flows.” The checkl... Read More

Dispatch from Paris: DPAs are flooded with complaints

(Feb 13, 2019) If there was a takeaway from the IAPP Data Protection Intensive — Paris session, "The Regulators' View," it was surely this: The General Data Protection Regulation has created massive shifts in how data protection authorities in the EU must budget, staff, prioritize and operate.  At the event here in Paris Wednesday, Cathal Ryan, assistant commissioner at the Data Protection Commission in Ireland, said the most obvious change is the sheer workload. For example, now that the Article 29 Working P... Read More

Dispatch from Paris: DPAs are overwhelmed with complaints

(Feb 13, 2019) If there was a takeaway from the IAPP Data Protection Intensive — Paris session, "The Regulators' View," it was surely this: The General Data Protection Regulation has created massive shifts in how data protection authorities in the EU must budget, staff, prioritize and operate. At the event here in Paris Wednesday, Cathal Ryan, assistant commissioner at the Data Protection Commission in Ireland, said the most obvious change is the sheer workload. Michael Kaiser, data protection officer at the H... Read More

EDPB approves accord for financial markets supervision, guidelines for no-deal Brexit

(Feb 13, 2019) Following its seventh plenary session, the European Data Protection Board has approved an "administrative arrangement" that was created by the European Securities and Markets Authority and International Organization of Securities Commissions to exchange market abuse data without violating Article 46(3)(b) of the EU General Data Protection Regulation. The arrangement will be submitted to relevant supervisory authorities for authorization at the national level. The EDPB also adopted two "informati... Read More

When the US CLOUD Act meets the GDPR

(Feb 12, 2019) Given its relatively recent enactment date, the U.S. Clarifying Lawful Overseas Use of Data Act’s compatibility with the EU General Data Protection Act is still an open question. With regard to data transfer to third countries for which such transfer is subject to the GDPR, Articles 44 to 50 of the GDPR apply. In particular, Article 48 of the GDPR comes into play when EU data is being requested by a U.S. law enforcement agency. In this article for The Privacy Advisor, Walter Delacruz, CIPP/E, CI... Read More

McNamee leaves EDRi

(Feb 8, 2019) For the past decade, Joe McNamee has headed up the European Digital Rights organization in Brussels. Often the sole voice of civil society in the room, his dry wit has influenced lawmakers and public discourse about privacy rights across the EU. He is now stepping down from that role, but he spoke with Jennifer Baker on the future of data privacy for this article in The Privacy Advisor. And he didn’t hold back.Full Story... Read More

Dutch ministry's privacy concerns prompts Microsoft to update Office Pro Plus

(Feb 8, 2019) After privacy concerns were raised by the Dutch justice ministry, Microsoft has agreed to update its Office Pro Plus products by the end of April, Politico reports. The ministry’s primary concern centered on the transfer of diagnostic data by the Microsoft products from Europe to the U.S. The Dutch ministry could raise the concern with European data protection authorities should Microsoft implement “unsatisfactory” changes, a ministry spokesman said. “The ministry commissioned the report in its ... Read More

5 questions to ask in determining whether your company is captured by the GDPR

(Feb 6, 2019) Since the EU General Data Protection Regulation went into effect, under certain circumstances, territorial law subjects U.S. companies that process EU personal data to the GDPR provisions, even if these entities do not have any branches or subsidiaries in Europe. In November, the European Data Protection Board issued guidelines (for consultation) to clarify what could create “certain circumstances” when the GDPR would be applicable. In this article for The Privacy Advisor, Katya Kulesova, CIPP/U... Read More