On September 27, 2016, the French Data Protection Authority announced the adoption of two new decisions that will now cover all biometric access control systems in the workplace. These two new decisions repeal and replace the previous biometric decisions adopted by the CNIL.… Continue Reading
On September 26, 2016, the French Data Protection Authority published the results of the Internet sweep on connected devices. The sweep was conducted in May 2016 to assess the quality of the information provided to users of connected devices, the level of security of the data flows and the degree of user empowerment.… Continue Reading
On September 16, 2016, the Belgian Data Protection Authority published a 13-step guidance document to help organizations prepare for the EU General Data Protection Regulation.… Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
On September 8, 2016, Advocate General Paolo Mengozzi of the Court of Justice of the European Union issued his Opinion on the compatibility of the draft agreement between Canada and the EU on the transfer of passenger name record data with the Charter of Fundamental Rights of the European Union. … Continue Reading
Last month, the People’s Republic of China’s administrative departments jointly published the Interim Measures for the Administration of Operation and Services of E-hailing Taxis. E-hailing is an increasingly popular emerging business in China that the Measures seek to regulate. The Measures will come into effect on November 1, 2016.… Continue Reading
Recently, the People’s Republic of China’s Ministry of Public Security, the National Development and Reform Commission and six other administrative departments jointly published the Announcement on Regulating the Administration of the Use of Resident Identity Cards. The Announcement came into effect on July 15, 2016, the date of its issuance.… Continue Reading
The State Administration for Industry and Commerce of the People's Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers for public comment. The draft is open for comment until September 5, 2016.… Continue Reading
On July 25, 2016, the Article 29 Working Party and the European Data Protection Supervisor released their respective Opinions regarding the evaluation and review of Directive 2002/58/EC on privacy and electronic communications. Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation. … Continue Reading
On July 26, 2016, the U.S. Department of Commerce announced that it had launched a new website that provides individuals and companies with additional information regarding the EU-U.S. Privacy Shield Framework.… Continue Reading
On July 26, 2016, Isabelle Falque-Pierrotin, the Chairwoman of the Article 29 Working Party of data protection regulators announced that EU data protection regulators will not challenge the adequacy of the EU-U.S. Privacy Shield for at least one year. … Continue Reading
Hunton partner Lisa Sotto and associate Chris Hydak recently published an article in Law360 entitled “The EU-U.S. Privacy Shield: A How-To Guide,” detailing the Privacy Shield principles, the benefits of certification, how the Shield will be enforced, and the challenges and risks associated with the future of the Privacy Shield. This blog post contains a link to the full article. … Continue Reading
On July 20, 2016, the French Data Protection Authority announced that it issued a formal notice to Microsoft Corporation ordering the company to address several alleged violations of the French Data Protection Act concerning the Windows 10 operating system.… Continue Reading
On July 19, 2016, Advocate General Saugmandsgaard Oe published his Opinion on two cases that sought to establish whether a general obligation to retain data is compatible with the fundamental rights to privacy and data protection under EU law.… Continue Reading
On July 14, 2016, the Federal Trade Commission issued warning letters to 28 companies relating to apparent false claims of participation in the APEC Cross-Border Privacy Rules. … Continue Reading
On July 12, 2016, the EU Commissioner for Justice, Consumers and Gender Equality Vera Jourova and U.S. Secretary of Commerce Penny Pritzker announced the formal adoption of the EU-U.S. Privacy Shield framework, which is composed of an Adequacy Decision and accompanying Annexes. … Continue Reading
On July 6, 2016, the Bavarian Data Protection Authority issued a short paper on video surveillance under the EU General Data Protection Regulation. The paper is part of a series of papers that the Bavarian DPA will issue periodically on specific processing activities under GDPR. … Continue Reading
On July 6, 2016, the UK government decided to close its controversial care.data scheme after concerns were raised about the safeguards in place to protect individuals’ health care data and issues with patient transparency.… Continue Reading
On July 8, 2016, EU representatives on the Article 31 Committee approved the final version of the EU-U.S. Privacy Shield to permit transatlantic transfers of personal data from the EU to the U.S.… Continue Reading
On July 5, 2016, China’s Standing Committee of the National People’s Congress published the full second draft of the Cybersecurity Law. The public may file comments on the second draft of the Cybersecurity Law until August 4, 2016.… Continue Reading
On July 6, 2016, the European Parliament adopted the Directive on Security of Network and Information Systems, which will come into force in August 2016. The NIS Directive is part of the European Commission’s cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
On July 5, 2016, the European Commission announced the launch of a new public-private partnership on cybersecurity, as part of its Digital Single Market and EU Cybersecurity strategies.… Continue Reading
On June 28, 2016, the UK Information Commissioner's Office released its Annual Report for 2015 - 2016. This blog post provides a summary of the report.… Continue Reading
On June 30, 2016, a joint committee composed of representatives from both chambers of the French Parliament reached a common position on the French ‘Digital Republic’ Bill that rejects the data localization amendment previously approved by the French Senate, but significantly amends other aspects of the French Data Protection Act. … Continue Reading
