Tag Archives: Data Processor

ICO Welcomes European Commission’s Proposed Data Protection Regulation Reforms

Posted on January 31, 2012 by Hunton & Williams LLP

On January 25, 2012, the European Commission released a data protection law reform package, including its proposed General Data Protection Regulation (the “Proposed Regulation”). The UK Information Commissioner’s Office (“ICO”) has reacted positively to the Proposed Regulation, in particular commending efforts to strengthen the rights of individuals, the recognition of important privacy concepts such as privacy by design and privacy impact assessments, and new accountability requirements to ensure organizations properly demonstrate and document their data protection safeguards and procedures.

Tags: Accountability, Christopher Graham, Data Processor, Data Protection Act, Data Transfer, EU Data Protection Directive, European Commission, Information Commissioners Office, Privacy By Design, United Kingdom

European Commission Drafts to Reform the EU Data Protection Framework Enter Interservice Consultation

Posted on December 6, 2011 by Hunton & Williams LLP

In early December 2011, drafts of two legal instruments prepared by DG Justice of the European Commission to reform the EU data protection framework entered interservice consultation. This process will give other Directorates-General of the Commission the opportunity to comment on the drafts before they are formally released as legislative proposals; accordingly, changes to the drafts are likely. Following this comment period, the drafts will enter the EU legislative process, which is likely to take at least two to three years before they become law. It is believed that Justice Commissioner and Commission Vice-President Viviane Reding will formally announce final versions of the drafts at an appearance at the World Economic Forum in late January 2012.

Tags: Article 29 Working Party, Binding Corporate Rules, Data Controller, Data Processor, Data Protection Authority, EU Data Protection Directive, European Commission, European Data Protection Supervisor, European Parliament, Opt-In Consent, Viviane Reding

French Data Protection Authority Launches Public Consultation on Cloud Computing

Posted on October 17, 2011 by Hunton & Williams LLP

On October 17, 2011, the French Data Protection Authority (the “CNIL”) launched a public consultation on cloud computing (the “Consultation”). The Consultation seeks to gather opinions from stakeholders (clients, providers, consultants) regarding cloud computing services for businesses, to identify legal and technical solutions that address data protection concerns while taking into account the economic interests involved.

Tags: Cloud Computing, CNIL, Data Processor, Data Protection Authority, Data Transfer, EU Member States, France

Singapore Information Ministry Solicits Comments on Proposed Data Privacy Framework

Posted on October 11, 2011 by Hunton & Williams LLP

On September 13, 2011, the Singapore Ministry of Information, Communications and the Arts (the “Ministry”) published a Proposed Consumer Data Protection Regime for Singapore, outlining possible ideas for a data privacy framework and soliciting comments from the public. A few of the suggestions from the Ministry’s proposal that appear most likely to be reflected in a final data privacy law are outlined below.

Tags: APEC, Cross-Border Data Flow, Data Processor, Singapore

Colombian Data Protection Law Approved by Constitutional Court

Posted on October 10, 2011 by Hunton & Williams LLP

On October 7, 2011, the Constitutional Court of Colombia approved a landmark omnibus data protection law. According to its press release, the Court approved almost all provisions in the legislation, known as Ley estatutaria No. 184/ 10 Senado, 046/10 Cámara, but it took issue with Article 27 (which addresses the government’s processing of certain data), Article 29 (which addresses the expunging of certain criminal records) and Articles 30 and 31 (which both address intelligence and counterintelligence databases). Many of the remaining provisions reflect a strong European influence. Some highlights include:

With certain exceptions, the law prohibits the processing of personal data without the data subject’s prior consent. When the personal data are sensitive data (e.g., health data), the consent must take the form of an explicit authorization.
The law permits cross-border transfers of personal data to countries that lack adequate data protection laws only in specified circumstances, such as (1) when the data subject has given express and unequivocal consent for the transfer (2) the transfer is necessary for the performance of a contract between the data subject and the data controller, or (3) with the approval of the Superintendence of Industry and Commerce.
The processing of children’s personal data is generally prohibited.
Data subjects have access rights.

Tags: Colombia, Cross-Border Data Flow, Data Controller, Data Processor, Latin America, Legislation

Angola Passes Personal Data Protection Law

Posted on September 19, 2011 by Hunton & Williams LLP

On June 17, 2011, the National Assembly of the Republic of Angola passed Law 22/11 on Personal Data Protection. The omnibus privacy legislation applies to the automated and non-automated processing of personal data by controllers based or operating in Angola, or subject to, or using equipment governed by, Angola’s laws. Some highlights of the law are listed below.
Continue reading…

Tags: Adequacy, Angola, Data Controller, Data Processor, Data Transfer, Legislation, Video Surveillance

Use of Google Analytics Now Lawful in Germany, Subject to Certain Guidelines

Posted on September 16, 2011 by Hunton & Williams LLP

On September 15, 2011, the data protection authority of the German federal state of Hamburg (the “DPA”) published a press release confirming that Google has significantly improved compliance with respect to the implementation of Google Analytics in Germany. This finding is the result of two years of fruitful dialog between Google and the DPA, which was acting on behalf of the conference of German data protection authorities responsible for the private sector (the “Düsseldorfer Kreis”).

Tags: Anonymization, Data Controller, Data Processor, Data Protection Authority, Germany, Google, Privacy Policy

ICC Reappoints Christopher Kuner as Chair of Data Protection Task Force

Posted on July 22, 2011 by Hunton & Williams LLP

Christopher Kuner, partner in the Brussels office of Hunton & Williams, recently was reappointed to a fourth term as Chair of the International Chamber of Commerce (“ICC”) Task Force on Privacy and the Protection of Personal Data. Based in Paris and founded in 1919, ICC represents businesses around the world and has thousands of member companies and national committees in over 130 countries. Mr. Kuner has been Chair of the Task Force since 2003, and also is a Vice-Chair of ICC’s Commission on E-Business, IT and Telecoms (“EBITT”). He was reappointed to a further three-year term as Chair by ICC Secretary General Jean-Guy Carrier, who stated that Mr. Kuner’s “expertise and experience have been greatly appreciated and of high value to ICC’s work and the membership of the Commission.”

Under Mr. Kuner’s chairmanship, the ICC Task Force’s accomplishments have included drafting the standard application form for Binding Corporate Rules that was approved by the Article 29 Working Party in 2007, negotiating the standard contractual clauses for data processors that were approved by the European Commission in 2010, and participating in every meeting of APEC’s Electronic Commerce Steering Group addressing cross-border data flows since the Steering Group began working on that topic.

Tags: APEC, Article 29 Working Party, Binding Corporate Rules, Christopher Kuner, Cross-Border Data Flow, Data Processor, Data Transfer, European Commission, International Chamber of Commerce

Mexico Issues Privacy Regulations for Public Comment – Full Text

Posted on July 7, 2011 by Hunton & Williams LLP

On July 6, 2011, Mexico’s Secretary of Economy, in conjunction with the Federal Institute for Access to Information and Data Protection (“IFAI”), released wide-ranging privacy regulations for public comment. The regulations establish rules and guidelines for the implementation of Mexico’s Federal Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares), which became effective one year ago. Among the topics covered are jurisdictional issues, details regarding notice and consent, the relationship between data controllers and data processors, data transfers, data security, self regulation, data subjects’ rights, automated processing and enforcement.

Access the text of the new regulations in Spanish. View IFAI’s video press release.

Access the U.S. Department of Commerce’s English translation of the regulations.

Tags: Data Controller, Data Processor, Data Transfer, Mexico

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: Data Processor

ICO Welcomes European Commission’s Proposed Data Protection Regulation Reforms

Singapore Information Ministry Solicits Comments on Proposed Data Privacy Framework

Colombian Data Protection Law Approved by Constitutional Court

Angola Passes Personal Data Protection Law

Use of Google Analytics Now Lawful in Germany, Subject to Certain Guidelines

ICC Reappoints Christopher Kuner as Chair of Data Protection Task Force

Mexico Issues Privacy Regulations for Public Comment – Full Text

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News