On July 10, 2017, the Cyberspace Administration of China published a new draft of its Regulations on Protecting the Security of Key Information Infrastructure, and invited comment from the general public. The Draft Regulations will remain open for comment through August 10, 2017.… Continue Reading
On June 14, 2017, the Belgian Privacy Commission released a Recommendation on the requirement to maintain internal records of data processing activities pursuant to Article 30 of the GDPR. This blog entry provides highlights on the Recommendation.… Continue Reading
As reported in BNA Privacy Law Watch, on July 1, 2017, a new law took effect in Russia allowing for administrative enforcement actions and higher fines for violations of Russia’s data protection law.… Continue Reading
The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party's previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.… Continue Reading
As companies in the EU and the U.S. prepare for the application of the EU General Data Protection Regulation in May 2018, Hunton & Williams’ Global Privacy and Cybersecurity partner Aaron Simpson discusses the key, significant changes from the EU Directive that companies must comply with before next year. This blog entry contains a link to the full 30-minute webinar. … Continue Reading
Hunton & Williams LLP will host a webinar on Japan’s amendments to its Act on the Protection of Personal Information on June 29, 2017. This blog entry provides additional information on the event and a link to register for the complimentary program.… Continue Reading
On June 20, 2017, the UK Information Commissioner’s Office published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests. The revisions more closely align the ICO’s position with the court’s judgments.… Continue Reading
On June 20, 2017, the German Federal Ministry of Transport and Digital Infrastructure issued a report on the ethics of Automated and Connected Cars. The Report was developed by a multidisciplinary Ethics Commission established in September 2016 for the purpose of developing essential ethical guidelines for the use of automated and connected cars. … Continue Reading
On June 21, 2017, in the Queen’s Speech to Parliament, the UK government confirmed its intention to press ahead with the implementation of the EU General Data Protection Regulation into national law.… Continue Reading
Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”).… Continue Reading
On Monday, June 12, 2017, South Korea's Ministry of the Interior and the Korea Communications Commission announced that South Korea has secured approval to participate in the APEC Cross-Border Privacy Rules system.… Continue Reading
Recently, the National Information Security Standardization Technical Committee of China published draft guidelines on cross-border transfers pursuant to the new Cybersecurity Law, entitled Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment. Once finalized, the Guidelines are intended to establish norms regarding security assessments conducted in the context of cross-border data transfers. … Continue Reading
Recently, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper. The White Paper sets forth guidance and recommendations on the key concepts of transparency, consent and legitimate interest under the EU General Data Protection Regulation.… Continue Reading
The Centre for Information Policy Leadership at Hunton & Williams LLP recently submitted formal comments to the Article 29 Working Party’s Guidelines on Data Protection Impact Assessment and determining whether processing is "likely to result in a high risk" that were adopted on April 4, 2017.… Continue Reading
On June 1, 2017, the new Cybersecurity Law went into effect in China. This post takes stock of (1) which measures have been passed so far, (2) which ones go into effect on June 1 and (3) which ones are in progress but have yet to be promulgated.… Continue Reading
With just under one year to go before the EU General Data Protection Regulation becomes law across the European Union, the UK Information Commissioner’s Office has continued its efforts to help businesses prepare for the new law, including by issuing updated guidance and its Information Rights Strategic Plan 2017-2021. The ICO also has taken steps to address its own role post-Brexit.… Continue Reading
On May 26, 2017, the Belgian Privacy Commission published its Annual Activity Report for 2016 highlighting its main accomplishments from the past year.… Continue Reading
On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield, to take place in September 2017, is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating.… Continue Reading
On May 24, 2017, the Bavarian Data Protection Authority published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation.… Continue Reading
On May 19, 2017, the Cyberspace Administration of China issued a revised draft of its Measures for the Security Assessment of Outbound Transmission of Personal Information and Critical Data. This blog entry provides highlights on the revised draft.… Continue Reading
On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading
On May 5, 2017, the U.S. District Court for the Southern District of New York entered a default judgment in favor of the SEC against three Chinese defendants accused of hacking into the nonpublic networks of two New York-headquartered law firms and stealing confidential information regarding several publicly traded companies engaged in mergers and acquisitions.… Continue Reading
On May 2, 2017, the Cyberspace Administration of China published the final version of the Measures for the Security Review of Network Products and Services (for trial implementation), after having published a draft for public comment in February. The Measures provide detailed information about how security reviews will be implemented pursuant to the Cybersecurity Law of China.… Continue Reading
On April 27, 2017, the German Federal Parliament adopted the new German Federal Data Protection Act to replace the existing Federal Data Protection Act of 2003. The new BDSG is intended to adapt the current German data protection law to the EU General Data Protection Regulation which will become effective on May 25, 2018. … Continue Reading
