Tag Archives: Binding Corporate Rules

Live Coverage from Budapest: Day One of the Hungarian International Data Protection Conference

Posted on June 16, 2011 by Hunton & Williams LLP

On June 16, 2011, the Hungarian Presidency of the Council of the European Union hosted the first day of a high-level international data protection conference in Budapest.  The conference was attended by approximately 150 people, most of whom are representatives of EU governments, data protection authorities (“DPAs”), the European Commission, and other governmental groups such as the Council of Europe. 

Continue reading…

Tags: , , , , , , ,

Polish DPA Hosts First Conference on BCRs in Warsaw

Posted on June 14, 2011 by Hunton & Williams LLP

On June 13, 2011, the Polish Data Protection Authority (Generalny Inspektor Ochrony Danych Osbowych or “GIODO”) hosted a conference in Warsaw on the use of binding corporate rules (“BCRs”) for international data transfers.  The conference was notable as the first on this topic in Poland, and was designed to introduce BCRs to a Polish audience and to promote their use.  The audience of approximately 70 people heard presentations by the Polish Inspector General for Data Protection, Wojciech Rafał Wiewiórowski, as well as representatives of the Belgian, French, Polish, Spanish and UK DPAs, and the international and Polish business communities.  Christopher Kuner, partner in the Brussels office of Hunton & Williams, spoke at the conference on a panel entitled “BCRs requirements and practical implementation.”  View the conference program.

In his presentation, Wiewiórowski explained that, although he personally looks favorably on the use of BCRs, Poland has not been able to join the Article 29 Working Party’s mutual recognition procedure due to legal impediments under Polish law.  Several of the DPAs expressed interest in exploring the use of BCRs for data processors, but indicated that a number of obstacles must be overcome before such use could be approved.  Following the workshop, on June 15, 2011, a number of DPAs met in closed session in Warsaw to work on better coordination of the mutual recognition and approval procedure.

Tags: , , , ,

European Parliament Meeting Offers Update on Review of EU Data Protection Directive

Posted on March 16, 2011 by Hunton & Williams LLP

On March 16, 2011, a meeting of the “European Privacy Platform” group of the European Parliament was held in Brussels.  The meeting provided important insights into the likely structure and content of proposed revisions to the European Data Protection Directive 95/46/EC that the European Commission has been working on for the past several months.

Continue reading…

Tags: , , , , , , , , , , , , , ,

German Federal DPA Approves Binding Corporate Rules of Deutsche Post DHL

Posted on February 3, 2011 by Hunton & Williams LLP

On February 3, 2011, the German Federal Commissioner for Data Protection and Freedom of Information issued a press release announcing that it has approved the privacy policy formulated by Deutsche Post DHL.  This allows Deutsche Post DHL to transfer personal data abroad in accordance with its privacy policy without having to obtain approval in individual cases.  Deutsche Post DHL is the first German company to have its binding corporate rules (“BCRs”) approved at the European level, following an extensive consultation process among EU data protection authorities.

Continue reading…

Tags: , , , , ,

Centre’s Response to the EU Consultation Paper

Posted on January 18, 2011 by Hunton & Williams LLP

On January 17, 2011, the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) released a response to the European Commission’s consultation paper, “A comprehensive approach on personal data protection in the European Union.”  In its response, prepared by Richard Thomas, former UK Information Commissioner and Global Strategy Advisor of the Centre, the Centre calls for a modernized European framework for data protection that addresses the realities of the digital age.

Continue reading…

Tags: , , , , , , , , ,

Article 29 Working Party Finds Uruguay’s Data Protection Regime Adequate

Posted on October 18, 2010 by Hunton & Williams LLP

On October 15, 2010, the Article 29 Working Party published an Opinion finding that Uruguay ensures an adequate level of protection within the meaning of the European Data Protection Directive (Article 25(6) of Directive 95/46/EC).

This Opinion was issued pursuant to an official request Uruguay filed with the European Commission in October 2008.  While the Article 29 Working Party’s Opinion is an important step toward adequacy, the European Commission must now make a formal decision that the Uruguayan legal framework provides an adequate level of data protection under EU data protection law.  The European Commission will take the Article 29 Working Party’s Opinion into account when determining whether to issue an “adequacy decision” in the coming months.  As recently illustrated by the adequacy procedure for Israel, this process may prove to be difficult.

Continue reading…

Tags: , , , , , , ,

Industry’s Response to the UK Government’s Call for Evidence

Posted on October 13, 2010 by Hunton & Williams LLP

On behalf of a group of interested parties (the “Group”), Hunton & Williams and Acxiom submitted a response to the UK Ministry of Justice’s (“MoJ”) recent Call for Evidence on the effectiveness of current data protection legislation in the UK.  The Group is comprised of representatives from more than 40 organizations, including Barclays Bank, Dell, Fujitsu and GE Capital, all of which are committed to using personal data responsibly.  Hunton & Williams and Acxiom, a global leader in interactive marketing services, with the attendance of the Group, worked together over the last two months to host two discussion meetings, and produced a submission summarizing the Group’s views.

Continue reading…

Tags: , , , , , ,

German DPA Issues Legal Opinion on Cloud Computing

Posted on June 23, 2010 by Hunton & Williams LLP

On June 18, 2010, the data protection authority of the German federal state of Schleswig-Holstein published a press release and a comprehensive legal opinion on cloud computing.  The opinion provides an overview of cloud computing and discusses various practical and legal matters, including:

  • Applicable law issues
  • The legal basis for cloud computing and related processor and controller issues
  • Problems associated with the possibility of third-party access
  • The minimum requirements for data processor relationships and service provider contracts under the new German data protection law
  • Technical and organizational security measures
  • The legal landscape for clouds located outside the European Union

Continue reading…

Tags: , , , , , , ,

French Data Protection Authority Unveils 2009 Annual Activity Report

Posted on June 22, 2010 by Hunton & Williams LLP

On June 17, 2010, the French data protection authority (the “CNIL”) published its Annual Activity Report for 2009 (the “Report”) in which it outlines some of its priorities for the upcoming year.

In February 2009, the CNIL published a report on online targeted advertising. Among other things, the CNIL voiced its concern regarding online behavioral and advertising activities and analyzed the risks of increasing user profiling.  In 2010, the CNIL is expected to issue a joint opinion with the Article 29 Working Party on targeted advertising and behavioral analysis.  The CNIL also will open a dialogue with several stakeholders from the marketing sector to work on adopting a code of best practices.

Continue reading…

Tags: , , , , , , ,

Article 29 Working Party Issues Contribution to Consultation on the EU Data Protection Framework

Posted on January 5, 2010 by Hunton & Williams LLP

On December 1, 2009, the Article 29 Working Party adopted a contribution (the “Contribution”) to the Consultation of the European Commission on the legal framework for the fundamental right to the protection of personal data (the “Consultation”).  View the full text of the Contribution, which was published today.  The Consultation was launched on July 9, 2009, to explore the challenges to personal data protection presented by new technologies and globalization.  The Consultation was also motivated by the recent adoption by the EU of the Lisbon Treaty, which will necessitate a reworking of structure of the EU legal framework for data protection.  The Contribution’s thoughtful examination of several important data protection issues makes it one of the most significant documents that the Working Party has issued in recent years.

Continue reading…

Tags: , , ,