Tag Archives: Data Controller

German DPAs Comment on Proposed EU Data Protection Law Reform

Posted on February 2, 2012 by Hunton & Williams LLP

On January 26, 2012, the German Data Protection Commissioners (“DPAs”) of the federal states Rhineland-Palatinate and Hesse held a joint press conference to present their views on the European Commission’s legislative proposal for a comprehensive reform of current EU data protection rules. The day before, the European Commission proposed replacing the existing EU Data Protection Directive 95/46/EC with a Regulation that would be directly applicable in all European Member States and therefore not require implementing legislation on the national level.

Continue reading…

Tags: , , , ,

European Commission Drafts to Reform the EU Data Protection Framework Enter Interservice Consultation

Posted on December 6, 2011 by Hunton & Williams LLP

In early December 2011, drafts of two legal instruments prepared by DG Justice of the European Commission to reform the EU data protection framework entered interservice consultation. This process will give other Directorates-General of the Commission the opportunity to comment on the drafts before they are formally released as legislative proposals; accordingly, changes to the drafts are likely. Following this comment period, the drafts will enter the EU legislative process, which is likely to take at least two to three years before they become law. It is believed that Justice Commissioner and Commission Vice-President Viviane Reding will formally announce final versions of the drafts at an appearance at the World Economic Forum in late January 2012.

Continue reading…

Tags: , , , , , , , , , ,

New Breach Notification Requirement in Lithuania

Posted on November 30, 2011 by Hunton & Williams LLP

Lithuanian firm LAWIN Lideika, Petrauskas, Valiūnas ir partneriai reports that recent amendments to Lithuania’s Law on Legal Protection of Personal Data and the Law on Electronic Communications have established a breach notification requirement. Specifically, providers of publicly-available electronic communications services or of public communications networks must notify the data protection authority of data security breaches, and, when the breach is likely to have an adverse effect on the privacy of affected individuals, the data controller also may be required to notify those individuals.

Tags: , ,

French Data Protection Authority Unveils 2010 Annual Activity Report

Posted on November 22, 2011 by Hunton & Williams LLP

On November 16, 2011, the French Data Protection Authority (the “CNIL”) published its Annual Activity Report for 2010 (the “Report”) highlighting its main 2010 accomplishments and outlining some of its priorities for the upcoming year. This year’s Report covers events that occurred since last year’s publication of the Annual Activity Report for 2009.

Continue reading…

Tags: , , , , , , , , , , , , , , , , ,

Mexico’s Ministry of Economy Releases Updated Data Protection Regulations

Posted on October 21, 2011 by Hunton & Williams LLP

On October 20, 2011, Mexico’s Ministry of Economy made public an update to its proposed Regulations to the Federal Law for the Protection of Personal Data Held by Private Parties. The new draft regulations, which contain changes made in light of public comments on the prior version, will take effect if they receive final executive approval, which may happen later this year. The updates to the draft regulations include:

  • Rules specific to cloud computing
  • Clarification of notice requirements
  • Clarification of consent requirements
  • Exemptions for certain business contact information
  • Revisions to data transfer restrictions
  • Updated security and breach notification provisions
  • Revised requirements for self-regulatory schemes
  • Revisions to provisions governing the exercise of data subjects’ rights
Tags: , , , ,

UK Information Tribunal Rules Properly Anonymized Personal Data Can Be Disclosed Under FOIA

Posted on October 14, 2011 by Hunton & Williams LLP

On September 7, 2011, the United Kingdom Information Tribunal published a decision that appears to resolve the long-running uncertainty regarding the extent to which anonymized personal information may be disclosed under the UK’s Freedom of Information legislation. The UK’s FOIA was introduced and applicable to most of the UK in 2000, with equivalent law following for Scotland in 2002.

Continue reading…

Tags: , , ,

Colombian Data Protection Law Approved by Constitutional Court

Posted on October 10, 2011 by Hunton & Williams LLP

On October 7, 2011, the Constitutional Court of Colombia approved a landmark omnibus data protection law.  According to its press release, the Court approved almost all provisions in the legislation, known as Ley estatutaria No. 184/ 10 Senado, 046/10 Cámara, but it took issue with Article 27 (which addresses the government’s processing of certain data), Article 29 (which addresses the expunging of certain criminal records) and Articles 30 and 31 (which both address intelligence and counterintelligence databases).  Many of the remaining provisions reflect a strong European influence.  Some highlights include:

  • With certain exceptions, the law prohibits the processing of personal data without the data subject’s prior consent.  When the personal data are sensitive data (e.g., health data), the consent must take the form of an explicit authorization.
  • The law permits cross-border transfers of personal data to countries that lack adequate data protection laws only in specified circumstances, such as (1) when the data subject has given express and unequivocal consent for the transfer (2) the transfer is necessary for the performance of a contract between the data subject and the data controller, or (3) with the approval of the Superintendence of Industry and Commerce.
  • The processing of children’s personal data is generally prohibited.
  • Data subjects have access rights.

Continue reading…

Tags: , , , , ,

German DPAs Issue Resolution and Guidance Paper on Cloud Computing and Compliance with Data Protection Law

Posted on October 5, 2011 by Hunton & Williams LLP

On September 29, 2011, the German federal and state data protection authorities (“DPAs”) issued a resolution on cloud computing and compliance with data protection law. The publication was released in conjunction with the DPAs’ 82nd annual conference.

Continue reading…

Tags: , , ,

Angola Passes Personal Data Protection Law

Posted on September 19, 2011 by Hunton & Williams LLP

On June 17, 2011, the National Assembly of the Republic of Angola passed Law 22/11 on Personal Data Protection.  The omnibus privacy legislation applies to the automated and non-automated processing of personal data by controllers based or operating in Angola, or subject to, or using equipment governed by, Angola’s laws.  Some highlights of the law are listed below.
Continue reading…

Tags: , , , , , ,

Use of Google Analytics Now Lawful in Germany, Subject to Certain Guidelines

Posted on September 16, 2011 by Hunton & Williams LLP

On September 15, 2011, the data protection authority of the German federal state of Hamburg (the “DPA”) published a press release confirming that Google has significantly improved compliance with respect to the implementation of Google Analytics in Germany.  This finding is the result of two years of fruitful dialog between Google and the DPA, which was acting on behalf of the conference of German data protection authorities responsible for the private sector (the “Düsseldorfer Kreis”).

Continue reading…

Tags: , , , , , ,