The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted comments in response to the Ministry of Public Security of Vietnam’s Draft Decree on Personal Data Protection.
Continue Reading CIPL Submits Comments on Vietnam’s Draft Decree on Personal Data Protection
International
European Union and South Korea Complete Adequacy Talks
On March 30, 2021, the European Commission announced the successful conclusion of the adequacy talks with the Republic of Korea.…
Continue Reading European Union and South Korea Complete Adequacy Talks
China Issues the Measures for the Supervision and Administration of Online Transactions
China’s State Administration for Market Regulation has recently issued Measures for the Supervision and Administration of Online Transactions. The Measures implement rules for the E-commerce Law of China and provide the specific rules for addressing registration of an online operation entity, supervision of new business models (such as social e-commerce and livestreaming), platform operators’ responsibilities, protection of consumers’ rights and protection of personal information.…
Continue Reading China Issues the Measures for the Supervision and Administration of Online Transactions
Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures
On March 15, 2021, the state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine in Bavaria impermissible due to lack of compliance with Schrems II mitigation steps for the transfer of e-mail addresses to the U.S.…
Continue Reading Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures
China Issues Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications”
The Cyberspace Administration of China has released Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications.” The Provisions generally are consistent with the draft version previously issued for public comments on December 1, 2020 and include additional details, as well as new provisions relating to ticketing applications (e.g., those for purchasing seats at performances).…
Continue Reading China Issues Provisions on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications”
UK Government and ICO Agree on Procedure for Future Adequacy Decisions
The Secretary of State for Digital, Culture, Media & Sport has signed a Memorandum of Understanding with the UK Information Commissioner’s Office in relation to new UK adequacy assessments following the UK’s departure from the European Union. The Memorandum of Understanding sets out how DCMS and third countries will negotiate adequacy decisions, referred to under the Memorandum of Understanding as “adequacy regulations”. …
Continue Reading UK Government and ICO Agree on Procedure for Future Adequacy Decisions
EDPB Releases Guidelines on Virtual Voice Assistants
On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.…
Continue Reading EDPB Releases Guidelines on Virtual Voice Assistants
CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification
The Centre for Information Policy Leadership at Hunton Andrews Kurth has submitted its response to the European Data Protection Board consultation on draft guidelines on examples regarding data breach notification. CIPL welcomes the Guidelines which come at a time at which cyber attacks are surging as a result of the move to remote working triggered by the COVID-19 crisis, and should help organizations avoid over-reporting.…
Continue Reading CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification
CIPL Submits Response to New Brazilian Data Protection Authority’s First Public Consultation on SMEs
On March 1, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted a response to the new Brazilian data protection authority’s call for preliminary inputs on the impact of the Brazilian data protection law on small and medium-sized enterprises. …
Continue Reading CIPL Submits Response to New Brazilian Data Protection Authority’s First Public Consultation on SMEs
Regulatory Sandboxes are Gaining Traction with European Data Protection Authorities
The concept of regulatory sandboxes has gained traction in the data protection community. Since the UK Information Commissioner’s Office completed its pilot program of regulatory sandboxes in September 2020, two European Data Protection Authorities have created their own sandbox initiatives following the ICO’s framework.…
Continue Reading Regulatory Sandboxes are Gaining Traction with European Data Protection Authorities