On September 18, 2017, the European Commission and U.S. Department of Commerce kicked off their first annual joint review of the EU-U.S. Privacy Shield. To aid in the review, the Department invited a few industry leaders, including Hunton & Williams' partner Lisa Sotto to speak about their experiences during the first year of the Privacy Shield.… Continue Reading
On September 8, 2017, the Council of the European Union published its proposed revisions to the draft E-Privacy Regulation, which have been made based on written comments and discussions involving the Working Party for Telecommunications and Information Society and serve as a discussion for further meetings of the group in late September 2017. … Continue Reading
On September 14, 2017, the UK Government introduced a new Data Protection Bill to Parliament, which is intended to replace the UK's existing Data Protection Act 1998 and enshrine the GDPR into UK law once the UK has left the European Union.… Continue Reading
On September 13, 2017, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy published a Joint Communication to the European Parliament and the Council of the European Union on improving the EU’s cybersecurity. This blog entry provides highlights on the Joint Communication’s key recommendations. … Continue Reading
On September 11, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper on the Proposal for an ePrivacy Regulation, which comments on the European Commission's proposal to replace and modernize the privacy framework for electronic communications contained in the current ePrivacy Directive and to align it with the GDPR.… Continue Reading
On September 8, 2017, the FTC announced that it had settled charges against three companies for misleading consumers about their participation in the Privacy Shield framework. This marks the first enforcement action brought by the FTC pursuant to the Privacy Shield.… Continue Reading
On August 24, 2017, APEC issued a statement on the renewed talks between APEC and the EU on creating interoperability between the APEC Cross-Border Privacy Rules and the EU data transfer mechanisms.… Continue Reading
Hunton & Williams' Global Privacy and Cybersecurity lawyers prepared several chapters in the recently released The International Comparative Legal Guide to: Data Protection 2017, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation." This blog entry provides a link to access the relevant chapters.… Continue Reading
On August 7, 2017, the UK Government’s Department for Culture, Media and Sport published a Statement of Intent setting out the planned reforms to be included in the forthcoming Data Protection Bill, which we previously reported is expected to be laid before the UK Parliament in early September.… Continue Reading
Media sources have reported that the UK Department for Culture, Media and Sport has confirmed its plans to present its Data Protection Bill to Parliament when MPs return to Parliament in early September. The Bill will effectively copy the EU General Data Protection Regulation into the UK statute book.… Continue Reading
Recently, the European Union Committee of the UK’s House of Lords published its paper, Brexit: the EU data protection package. The Paper urges the UK government to make good on its stated aim of maintaining unhindered and uninterrupted data flows between the UK and EU after Brexit, and examines the options available to ensure that this occurs. … Continue Reading
On July 26, 2017, the Court of Justice of the European Union declared that the envisaged EU-Canada agreement on the transfer of passenger name records interferes with the fundamental right to respect for private life and the right to the protection of personal data and is therefore incompatible with EU law in its current form.… Continue Reading
On June 14, 2017, the Belgian Privacy Commission released a Recommendation on the requirement to maintain internal records of data processing activities pursuant to Article 30 of the GDPR. This blog entry provides highlights on the Recommendation.… Continue Reading
The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party's previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.… Continue Reading
On June 21, 2017, in the Queen’s Speech to Parliament, the UK government confirmed its intention to press ahead with the implementation of the EU General Data Protection Regulation into national law.… Continue Reading
Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”).… Continue Reading
On June 7, 2017, the European Commission published a paper signalling the EU’s intention to increase its role in directing cybersecurity policy and responses across its member states. … Continue Reading
Recently, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper. The White Paper sets forth guidance and recommendations on the key concepts of transparency, consent and legitimate interest under the EU General Data Protection Regulation.… Continue Reading
On June 2, 2017, in preparation for the first annual review of the EU-U.S. Privacy Shield framework, the European Commission has sent questionnaires to trade associations and other groups to seek information from their Privacy Shield-certified members on the experiences of such organizations during the first year of the Privacy Shield.… Continue Reading
The Centre for Information Policy Leadership at Hunton & Williams LLP recently submitted formal comments to the Article 29 Working Party’s Guidelines on Data Protection Impact Assessment and determining whether processing is "likely to result in a high risk" that were adopted on April 4, 2017.… Continue Reading
With just under one year to go before the EU General Data Protection Regulation becomes law across the European Union, the UK Information Commissioner’s Office has continued its efforts to help businesses prepare for the new law, including by issuing updated guidance and its Information Rights Strategic Plan 2017-2021. The ICO also has taken steps to address its own role post-Brexit.… Continue Reading
On May 26, 2017, the Belgian Privacy Commission published its Annual Activity Report for 2016 highlighting its main accomplishments from the past year.… Continue Reading
On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield, to take place in September 2017, is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating.… Continue Reading
On May 24, 2017, the Bavarian Data Protection Authority published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation.… Continue Reading
