Stephen Mathias of the law firm Kochhar & Co. reports from India that in a landmark judgment delivered in August 2017, the Supreme Court of India unanimously held that the right to privacy is a fundamental right under the Constitution of India. … Continue Reading
On September 18, 2017, the European Commission and U.S. Department of Commerce kicked off their first annual joint review of the EU-U.S. Privacy Shield. To aid in the review, the Department invited a few industry leaders, including Hunton & Williams' partner Lisa Sotto to speak about their experiences during the first year of the Privacy Shield.… Continue Reading
On September 8, 2017, the Council of the European Union published its proposed revisions to the draft E-Privacy Regulation, which have been made based on written comments and discussions involving the Working Party for Telecommunications and Information Society and serve as a discussion for further meetings of the group in late September 2017. … Continue Reading
On September 14, 2017, the UK Government introduced a new Data Protection Bill to Parliament, which is intended to replace the UK's existing Data Protection Act 1998 and enshrine the GDPR into UK law once the UK has left the European Union.… Continue Reading
On September 13, 2017, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy published a Joint Communication to the European Parliament and the Council of the European Union on improving the EU’s cybersecurity. This blog entry provides highlights on the Joint Communication’s key recommendations. … Continue Reading
On September 11, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper on the Proposal for an ePrivacy Regulation, which comments on the European Commission's proposal to replace and modernize the privacy framework for electronic communications contained in the current ePrivacy Directive and to align it with the GDPR.… Continue Reading
On August 31, 2017, the National Information Security Standardization Technical Committee of China published four draft voluntary guidelines in relation to the Cybersecurity Law of China. The Draft Guidelines are open for comment from the general public until October 13, 2017.… Continue Reading
Recently, the National Information Security Standardization Technical Committee of China published a draft document entitled Information Security Technology – Guidelines for De-Identifying Personal Information. The Draft Guidelines are open for comment from the general public until October 9, 2017.… Continue Reading
On August 22, 2017, the Russian privacy regulator announced that it had issued an order, effective immediately, revising notice protocols for companies that process personal data in Russia. … Continue Reading
On August 24, 2017, APEC issued a statement on the renewed talks between APEC and the EU on creating interoperability between the APEC Cross-Border Privacy Rules and the EU data transfer mechanisms.… Continue Reading
On August 9, 2017, the Russian privacy regulator expanded its list of nations that provide sufficient privacy protections to allow transfers of personal data from Russia.… Continue Reading
Hunton & Williams' Global Privacy and Cybersecurity lawyers prepared several chapters in the recently released The International Comparative Legal Guide to: Data Protection 2017, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation." This blog entry provides a link to access the relevant chapters.… Continue Reading
On August 14, 2017, the Colombian Superintendence of Industry and Commerce announced that it was adding the United States to its list of nations that provide an adequate level of protection for the transfer of personal information. This development should help facilitate the transfer of personal information from Colombia to the United States.… Continue Reading
In the wake of China's Cybersecurity Law coming into effect at the beginning of June, local authorities in Shantou and Chongqing have brought enforcement actions against information technology companies for violations of the Cybersecurity Law. These are, reportedly, the first enforcement actions brought pursuant to the Cybersecurity Law.… Continue Reading
On August 7, 2017, the UK Government’s Department for Culture, Media and Sport published a Statement of Intent setting out the planned reforms to be included in the forthcoming Data Protection Bill, which we previously reported is expected to be laid before the UK Parliament in early September.… Continue Reading
Media sources have reported that the UK Department for Culture, Media and Sport has confirmed its plans to present its Data Protection Bill to Parliament when MPs return to Parliament in early September. The Bill will effectively copy the EU General Data Protection Regulation into the UK statute book.… Continue Reading
With less than one year to go before the EU General Data Protection Regulation comes into force, the Centre for Information Policy Leadership at Hunton & Williams and AvePoint have launched the second annual GDPR Organizational Readiness Survey. This blog post contains a link to the survey. … Continue Reading
Recently, the European Union Committee of the UK’s House of Lords published its paper, Brexit: the EU data protection package. The Paper urges the UK government to make good on its stated aim of maintaining unhindered and uninterrupted data flows between the UK and EU after Brexit, and examines the options available to ensure that this occurs. … Continue Reading
On July 25, 2017, the French Data Protection Authority published their decision on the adoption of several amendments to its Single Authorization AU-004 regarding the processing of personal data in the context of whistleblowing schemes. The amendments reflect changes introduced by French law on December 9, 2016, regarding transparency, the fight against corruption and the modernization of the economy.… Continue Reading
On July 27, 2017, the French Data Protection Authority imposed a fine of 40,000 euros on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data.… Continue Reading
On July 27, 2017, Singapore submitted its notice of intent to join the APEC Cross-Border Privacy Rules system and the APEC Privacy Recognition for Processors System. Singapore would be the sixth member of the CBPR system, joining Canada, Japan, Mexico, the United States and the newest member, South Korea. … Continue Reading
On July 26, 2017, the Court of Justice of the European Union declared that the envisaged EU-Canada agreement on the transfer of passenger name records interferes with the fundamental right to respect for private life and the right to the protection of personal data and is therefore incompatible with EU law in its current form.… Continue Reading
On July 10, 2017, the Cyberspace Administration of China published a new draft of its Regulations on Protecting the Security of Key Information Infrastructure, and invited comment from the general public. The Draft Regulations will remain open for comment through August 10, 2017.… Continue Reading
On June 14, 2017, the Belgian Privacy Commission released a Recommendation on the requirement to maintain internal records of data processing activities pursuant to Article 30 of the GDPR. This blog entry provides highlights on the Recommendation.… Continue Reading
