Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

GDPR territorial guide has ‘sting in tail’ for US companies

Guidance published by an EU data protection watchdog on the territorial scope of the General Data Protection Regulation (GDPR) is likely to raise concern about the costs to US companies of entering the EU market.

“The sting in this document is in the last line for US corporates,” Ann Henry of Pinsent Masons said. “It is the law-abiding companies that will appoint a representative. Arguably making a representative liable will make it more difficult to find people or bodies willing to take on the role of representative given the extent of potential liability both by means of regulatory enforcement and through private rights of action under the GDPR regime.”

Full article: GDPR territorial guide has ‘sting in tail’ for US companies

The post GDPR landscape

With the panic over to ‘comply’ with GDPR, it is seen as becoming more of a day to day compliance matter. Of course, this assumes that organisations have the correct processes embedded in their day to day business and their staff are trained on and aware of the implications. However, there are still many questions around what is the correct approach.

Full article: The post GDPR landscape: Our Findings

The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

The Clarifying Lawful Overseas Use of Data Act (Pub. L. No. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. law enforcement agencies (LEAs) had when attempting to gain access to data held by cloud service providers through Stored Communication Act (SCA) warrants, as the SCA did not contemplate cloud computing when it was enacted into law; likewise, LEAs were also forced to utilize U.S. Senate-approved mutual legal-assistance treaties (T.I.A.S. No. 10-201 or MLATs) or letters rogatory to access data stored overseas.

Full article: The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

Spain finalises new data protection and digital rights law

A new law on data protection and digital rights has been approved by Spain’s parliament and will come into force in the coming days. The law will complement the General Data Protection Regulation (GDPR).

The new law, the Organic Law on Data Protection and Digital Rights Guarantee (LOPDGDD), was approved by a large majority in the Spanish Senate on 21 November after being nearly two years in development. The Senate did not amend any of the text that was previously approved by the Congress, ending a period of delay in the parliamentary process.

Source: Spain finalises new data protection and digital rights law

New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties

The new Law on Data Protection and Digital Rights (LOPD), recently enacted in Spain, includes a highly controversial provision allowing political parties and organizations to collect and use personal data revealing political views of individuals.

The controversial article was introduced as a last-minute amendment to the bill, which was voted unanimously on October 18 by the House of Representatives (Congreso de los Diputados). By then, the contentious article had largely gone unnoticed by the public opinion. Shortly after that, however, concerns that political parties might get broad leeway to process sensitive personal data were widely reported in the mainstream media. Nonetheless, the Spanish Senate definitively approved the law on November 21 – including the controversial section. The text is expected to be officially published shortly.

Full article: New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties | Center for Internet and Society

Russia, stung by intelligence leaks, plans to tighten data protection

Russia has drawn up draft legislation aimed at stopping leaks of personal information from state agencies, a step that follows publication of details of Russians allegedly involved in clandestine intelligence operations abroad.

The bill, produced by Russia’s communications ministry, bars unauthorized people from creating and publishing databases of personal data drawn from official sources, and fines anyone violating that rule.

Full article: Russia, stung by intelligence leaks, plans to tighten data protection | Reuters

EDPS calls for closer alignment between consumer and data protection rules in the EU

Consumer law and data protection can no longer afford to work in silos. The EU needs a big-picture approach to addressing systemic harms to individuals in digital markets, involving closer cooperation between enforcers in order to avoid legal uncertainty, the European Data Protection Supervisor (EDPS) said, as he published his Opinion on the legislative package A New Deal for Consumers.

Source: EDPS calls for closer alignment between consumer and data protection rules in the EU | European Data Protection Supervisor

Irish watchdog clarifies record keeping and DPIAs interaction under GDPR

Ireland’s data protection authority has clarified how record keeping obligations under the General Data Protection Authority (GDPR) interact with the duties of businesses to carry out data protection impact assessments (DPIAs).

Full article: GDPR: Irish watchdog clarifies record keeping and DPIAs interaction

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

>