AUTHOR ARCHIVES: Privacy & Data Security Team


Privacy & Data Security Team

Read more→

Belgian Privacy Commission Issues DPIA “Black” and “White List” Recommendation

Posted on: 03 May 2018

On February 28, 2018, the Belgian Privacy Commission issued a recommendation on the position it takes with regard to data protection impact assessments (or “DPIAs”) as foreseen in the GDPR. A DPIA under the GDPR is similar in scope and impact to its predecessor, the PIA (or “privacy impact assessment”) and requires businesses to assess processing operations that are likely to present a high risk to individuals’ rights. Such “high risk” is, for instance, likely to present itself in processing operations involving sensitive data, systematic monitoring, or vulnerable individuals such […] Read more

Belgian Court Uses Novel Argument to Assume International Jurisdiction over Non-EU Facebook Entities

Posted on: 21 Mar 2018

On February 16, 2018, the Brussels Court of First Instance rendered a judgment in proceedings brought by the Belgian Privacy Commission’s against Facebook. The case forms one part of two-tiered litigation brought by the Commission in regards to alleged monitoring practices vis-à-vis Belgian internet users. In parallel to the proceedings that resulted in the judgment cited above, the Belgian Privacy Commission had also initiated a procedure referred to as “summary proceedings” against Facebook – and Facebook defeated the Privacy Commission’s claim before the Brussels Court of Appeal in […] Read more

Privacy & Data Security Team Launches Unique GDPR Tracker Website

Posted on: 08 Feb 2018

“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation […] Read more

Data Protection Litigation to Become a New Reality in Belgium

Posted on: 22 Dec 2017

On November 16, 2017 the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority” (the “Act”). Following Austria, Germany, and the UK, Belgium is the fourth EU Member State to pass a domestic statute implementing the General Data Protection Regulation 2016/679 (“GDPR”) prior to its effective date of 25 May 2018. The new Belgian Act sets forth the structure and legal organization of the Data Protection Authority (“DPA”), which will serve as the successor of the current Belgian Privacy Commission. More importantly, the Act significantly broadens the DPA’s […] Read more

Bill Proposes Jail Time for Executives Who Conceal Data Breaches

Posted on: 04 Dec 2017

On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach. The bill also proposes that the Federal Trade Commission (FTC) establish standard, nationwide security protocols for businesses to follow.  The bill would also require companies to report data breaches to consumers or users within 30 days unless a U.S. federal law enforcement or intelligence agency […] Read more

WP29 issues Guidelines on Automated Individual Decision-Making and Profiling in the GDPR

Posted on: 31 Oct 2017

On October 18, 2017, the Article 29 Working Party (the “WP29”) published Guidelines clarifying the new profiling and automated decision-making provisions of the General Data Protection Regulation (“GDPR”).  European Union regulatory authorities and the WP29 consider that technological developments that facilitate the creation of individual profiles, such as big data analytics, AI and machine learning, have created new risks to data protection.  As the majority of industries (insurance, marketing and finance, and even healthcare) already apply and use these new techniques today, the WP29 […] Read more

Virginia Amends Data Breach Notification Law

Posted on: 19 Oct 2017

Virginia amended the state’s data breach notification law, effective July 1, 2017, to expand notification requirements for employers and payroll service providers to data breaches that involve “unauthorized access and acquisition of unencrypted and unredacted computerized data containing a [Virginia] taxpayer’s identification number in combination with the income tax withheld for that taxpayer. . . .”[1] The expanded notification obligation is subject to the same likelihood of harm threshold that applies in the original law. Notification is required only when the employer or payroll […] Read more

David Keating, Jan Dhont and Karen Sanzaro to Speak at the 2017 Privacy + Security Forum

Posted on: 26 Sep 2017

David Keating, partner and co-leader of the firm’s Privacy & Data Security practice, Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, and Karen Sanzaro, counsel in the Technology & Privacy Group, will be speakers at the 2017 Privacy + Security Forum in Washington, DC, taking place on October 4-6, 2017. David Keating will be speaking during the session on “Emerging Consumer Tracking and Analytics Technologies.” This session will explore recent regulatory and enforcement developments in this area and discuss practical approaches […] Read more

A Look Into Europe’s New Cybersecurity Regimes

Posted on: 24 Apr 2017

Europe is facing two important reforms addressing cybersecurity, which will apply in 2018. Jan Dhont and Delphine Charlot outlined the details of these regimes in an article for the Society of Corporate Compliance and Ethics, which you can read here.

French CNIL Releases GDPR Compliance Toolkit

Posted on: 19 Apr 2017

On March 15, 2017, the French data protection authority (CNIL) released its six step- GDPR compliance program together with GDPR-tailored templates for use by companies, the “GDPR Toolkit.” The GDPR Toolkit is helpful for companies because it provides guidance that companies may directly include in their privacy programs. Companies with sophisticated privacy programs may also use the GDPR Toolkit as a reality check against CNIL and, more generally, European data protection authorities’ standards and expectations for GDPR compliance. Click here to access the Toolkit. […] Read more