Category Archives for "Legislation"

Is a Service Provider’s Privacy Shield Certification Good Enough?

The GDPR imposes two requirements when a company (referred to in the GDPR as a “data controller”) uses a service provider (referred to in the GDPR as a “data processor”).

The first requirement is that if a data controller is based in the EEA and is transferring personal data to a processor that is based outside of the EEA, the parties must take steps to ensure that the jurisdiction in which the data is going affords the data “an adequate level of protection.” When the GDPR refers to an “adequate level of protection” it is not talking about the security of the data. Instead, it is referring to the protections afforded by the laws of the country to which the data will be transferred.

Source: Bryan Cave – GDPR: The Most Frequently Asked Questions: Is a Service Provider’s Privacy Shield Certification Good Enough?

A third of Brits plan to exercise right to be forgotten

After the General Data Protection Regulation compliance deadline, a third of Britons polled say they plan to exercise their right to be forgotten, but few fully understand the GDPR and how it will affect them.

A survey has found that Britons are concerned about their privacy and data protection, and many would like to exercise the rights granted by the EU’s General Data Protection Regulation (GDPR).

Source: A third of Brits plan to exercise right to be forgotten

French DPA takes pragmatic approach to GDPR enforcement

The French data protection authority (‘CNIL’) published, on 19 February 2018, a press release outlining its approach in terms of enforcing compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) from 25 May 2018.

Source: France: CNIL takes ”very pragmatic approach” to GDPR enforcement

Data protection impact assessments and data protection by default and by design

In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation.

This fourth installment in the 10-part series addresses privacy risk analysis, including, importantly, formalized risk management processes such as data protection impact assessments (known as DPIAs), as well as the newly legislated principles of data protection by default and by design.

Source: Top 10 Operational Responses to the GDPR – Part 4: Data protection impact assessments and data protection by default and by design

Are the Standard Contractual Clauses Enough?

The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018, there continues to be a great deal of confusion regarding the requirements of the GDPR.

To help address that confusion, Bryan Cave is publishing a multi-part series that discusses the questions most frequently asked by clients concerning the GDPR.

Source: Bryan Cave – GDPR: The Most Frequently Asked Questions: Are the Standard Contractual Clauses Enough?

Article 29 Working Party Comments on FATCA

Article 29 Working responded to a letter on effect of U.S. Foreign Account Tax Compliance Act (FATCA) on European citizens who, due to U.S.
citizenship law, are either “accidental Americans” or dual European/US nationals.

At the moment all EU Member States have now signed individual intergovernmental agreements (IGAs) with the US. These IGAs provide the legal basis for the processing of the personal data of American nationals in the context of FATCA. In addition, EU data protection authorities have been monitoring the measures taken by European governments
to implement FATCA at national level.

Source: ARTICLE29 Newsroom – Letter of the Chair of the ART 29 WP to FATCA – European Commission

GDPR + e-Privacy = :-(

At some point in your life, you’ve probably had the experience of meeting someone who you feel you ought to like but, no matter how hard you try, you just can’t seem to gel with them – awkward silences creep into conversations and you find that, while you may share similar values, the ways you each go about approaching things are just different.

Source: GDPR + e-Privacy = 🙁

Legislating privacy by design in Canada

The Standing Committee on Access to Information, Privacy and Ethics is ready to table its report following its months€™ long review of Canada’€™s Personal Information Protection and Electronic Documents Act. The Committee adopted its report , entitled “€œTowards Privacy by Design: A Review of Personal Information Protection and Electronic Documents Act (PIPEDA)”€ Feb. 13 and ordered that the Chair of the Committee table the report to the House of Commons.

Source: Legislating privacy by design in Canada

May Wants Total Alignment With EU Data Rules After Brexit

U.K. Prime Minister Theresa May proposed keeping Britain in total alignment with the European Union’s data-sharing rules after Brexit, something that would allow both intelligence agencies and business to continue to share information across borders.

The U.K. regards the EU’s data rules, which are crucial to both companies and security agencies, as one of its successes within the bloc — the British Information Commissioner’s Office played a large role in their development. Staying aligned would allow the sharing of information between offices in different countries confident that it was subject to proper protection rules.

Source: May Wants Total Alignment With EU Data Rules After Brexit – Bloomberg

Isle of Man introduces new Data Protection Bill

In the Programme for Government, the Council of Ministers committed to ensuring that the Island’s legislative position is equivalent to the EU General Data Protection Regulation (GDPR) by May 2018.

The Isle of Man Government’s proposed approach is the introduction of a short Data Protection Bill giving specific powers to apply EU data protection instruments as part of Manx law (with any necessary modifications) by Order approved by Tynwald and then implemented with Manx Regulations.

Source: Introduction of a new Data Protection Bill (GDPR) – Isle of Man Government – Citizen Space

1 2 3 53
>