On October 15, 2019, Hunton Andrews Kurth will host a luncheon seminar in our Brussels office on Addressing GDPR Challenges: An Interactive Session on Handling Data Breaches. In this roundtable discussion, our speakers will lead a dialogue to share experiences on handling data breaches under the EU General Data Protection Regulation (“GDPR”). Continue Reading Addressing GDPR Challenges: An Interactive Session on Handling Data Breaches

On September 17, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) imposed a fine of EUR 10,000 on a shop for the disproportionate use of customers’ electronic identity cards (the “eIDs ”) – a national identification card.

Continue Reading Belgian DPA Announces Fine for Disproportionate Use of Customers’ eID Card

On September 24, 2019, the Court of Justice of the European Union (the “CJEU”) released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, referred to in the judgement as the “right to de-referencing,” and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data. The Court’s analysis considered both the EU Data Protection Directive and the EU General Data Protection Regulation (“GDPR”).

Continue Reading CJEU Rules “Right to be Forgotten” on Google Limited to the EU in Landmark Case

On September 23, 2019, the Office of the Privacy Commissioner of Canada (“OPC”) announced that it completed its consultation on transfers for processing and that the OPC’s current guidelines for processing personal data across borders remain unchanged. Under these guidelines, consent for transfers to data processors generally is not required.

Continue Reading Canada’s Privacy Commissioner Ends Effort to Require Consent for Transborder Data Transfer

On September 24, 2019, Alastair Mactaggart, drafter of the 2018 California ballot initiative that served as the basis for the California Consumer Privacy Act of 2018 (“CCPA”), announced that he is filing a new initiative for California’s November 2020 ballot, the California Privacy Enforcement Act (“CPEA”).

Continue Reading Drafter of CCPA Ballot Initiative Filing New Privacy Proposal for the 2020 Ballot

On September 20, 2019, the Philippines National Privacy Commission (“NPC”) announced it has filed its notice of intent to join the APEC Cross-Border Privacy Rules (“CBPR”) system. The Philippines would be the ninth member of the CBPR system, joining the U.S., Mexico, Canada, Japan, South Korea, Singapore, Australia and Chinese Taipei.

Continue Reading Philippines Submits Notice of Intent to Join the APEC CBPR

On September 20, 2019, Bloomberg Law reported that California Attorney General Xavier Becerra anticipates that draft regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”) will be published this October. According to Bloomberg’s reporting, the Attorney General aims to issue final regulations by January 1, 2020, the CCPA’s compliance deadline. Under the CCPA, the Attorney General may begin enforcement of the law six months after the publication of final regulations or July 1, 2020, whichever is sooner.

On September 18, 2019, the Presidency of the European Council published its proposed amendments to the Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications (the “Draft ePrivacy Regulation”). The Draft ePrivacy Regulation will replace the ePrivacy Directive and will complete the EU’s framework for data protection and confidentiality of electronic communications.

Continue Reading EU Council Presidency Published Amended Proposal for Draft ePrivacy Regulation

On September 9, 2019, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) published a report on the privacy complaints it received between January 2019 and June 2019 (the “Report”).

Continue Reading Dutch DPA Releases Complaints Report for First Half of 2019

Ecuador is seeking to pass a data protection bill in the wake of a massive data breach that resulted in the personal data of up to 20 million people being made available online. According to reports, the bill draws on the EU General Data Protection Regulation (“GDPR”) in certain ways—for example, as relates to international data transfers—but diverges in other respects. The data protection bill headed to Ecuador’s national assembly today.