Regulation

100 Days Until GDPR Effective Date – Sharing Our GDPR Experience

Written by and

In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR. The GDPR raises the bar in terms of requirements substantially higher than the Data Protection Framework Directive. For instance, it recognizes new rights for data subjects (e.g. right to be forgotten and right to data portability), introduces data breach notification requirements, introduces the concept of a Data Protection Officer, and brings enhanced accountability obligations. Given [...] Read more

Privacy & Data Security Team Launches Unique GDPR Tracker Website

Written by

“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation [...] Read more

ePrivacy Regulation Trilogue Negotiations Pushed back to Fall 2018; Final ePrivacy Regulation may not be in Place until 2020

Written by

About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation.  The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy Directive and a patchwork of local implementing legislation – with a uniform set of directly-applicable EU-wide rules.  Since the Parliament released its ePrivacy Regulation draft, both the European Council and the European Parliament have reviewed it and released their own revised drafts. The ePrivacy Regulation contains a number of important rules for companies.  Traditionally, [...] Read more

Data Protection Litigation to Become a New Reality in Belgium

Written by

On November 16, 2017 the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority” (the “Act”). Following Austria, Germany, and the UK, Belgium is the fourth EU Member State to pass a domestic statute implementing the General Data Protection Regulation 2016/679 (“GDPR”) prior to its effective date of 25 May 2018. The new Belgian Act sets forth the structure and legal organization of the Data Protection Authority (“DPA”), which will serve as the successor of the current Belgian Privacy Commission. More importantly, the Act significantly broadens the DPA’s [...] Read more

Bill Proposes Jail Time for Executives Who Conceal Data Breaches

Written by

On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach. The bill also proposes that the Federal Trade Commission (FTC) establish standard, nationwide security protocols for businesses to follow.  The bill would also require companies to report data breaches to consumers or users within 30 days unless a U.S. federal law enforcement or intelligence agency [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 4 of 5

Written by

Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

Irish High Court refers Facebook’s data case to the European Court of Justice

Written by

In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US. The case arose from a complaint [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 3 of 5

Written by

Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

David Keating, Jan Dhont and Karen Sanzaro to Speak at the 2017 Privacy + Security Forum

Written by

David Keating, partner and co-leader of the firm’s Privacy & Data Security practice, Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, and Karen Sanzaro, counsel in the Technology & Privacy Group, will be speakers at the 2017 Privacy + Security Forum in Washington, DC, taking place on October 4-6, 2017. David Keating will be speaking during the session on “Emerging Consumer Tracking and Analytics Technologies.” This session will explore recent regulatory and enforcement developments in this area and discuss practical approaches [...] Read more

UK will soon introduce a new Data Protection Bill

Written by

The UK Department for Culture, Media & Sport is planning to present a new Data Protection Bill to the Parliament in early September. This new Bill will replace the current UK Data Protection Act 1998 and will effectively incorporate the EU General Data Protection Regulation (“GDPR”) in the UK legal system. The new Data Protection Bill is one of the main goals of the recently elected government, as also expressed in the Queen’s Speech in June. Its primary aim is to ensure that the UK upholds the same data protection principles as the rest of the EU once it leaves the Union, which will [...] Read more