During the week of June 25, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted its annual executive retreat in San Francisco, California. The annual event consisted of a closed pre-retreat session for CIPL members, a CIPL Panel at the APPA Forum Open session followed by a CIPL reception and dinner and a special all day workshop with data protection commissioner members of the Asia Pacific Privacy Authorities (“APPA”) on Accountable AI. Continue Reading CIPL Hosts Special Executive Retreat with APPA Privacy Commissioners on Accountable AI
On May 30, 2018, the European Data Protection Board (“EDPB”), replacing the Article 29 Working Party, published the final version of Guidelines 2/2018 on derogations in the context of international data transfers and draft Guidelines 1/2018 on certification under the EU General Data Protection Regulation (“GDPR”). Continue Reading EDPB Published Guidelines on Certification and Derogations under the GDPR
On March 29, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its draft guidelines on the accreditation of certification bodies under the GDPR (the “Guidelines”). The Guidelines were adopted by the Working Party on February 6, 2018, for public consultation. Continue Reading CIPL Submits Comments to Article 29 Working Party’s Draft Guidelines on the Accreditation of Certification Bodies under the GDPR
On January 24, 2018, the European Commission issued a communication to the European Parliament and the Council (the “Communication”) on the direct application of the EU General Data Protection Regulation (“GDPR”). The Communication (1) recounts novel elements of the GDPR that create stronger protections for individuals and new opportunities for organizations, (2) reviews preparatory work undertaken to date for GDPR implementation, (3) outlines remaining steps for successful preparation and (4) outlines measures the European Commission intends to take up until May 25, 2018. Continue Reading EU Commission Releases Communication on Remaining Issues for GDPR Preparation
On September 20, 2017, the French Data Protection Authority (CNIL) announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation (“GDPR”).
On September 25, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a discussion paper on Regulating for Results: Strategies and Priorities for Leadership and Engagement (the “Discussion Paper”). The Discussion Paper aims to stimulate dialogue about strategies and priorities for data protection authorities (“DPAs”) by putting forward a number of key questions. For example: Continue Reading CIPL Issues Discussion Paper on Regulating for Results: Strategies and Priorities for Leadership and Engagement
As companies in the EU and the U.S. prepare for the application of the EU General Data Protection Regulation (“GDPR”) in May 2018, Hunton & Williams’ Global Privacy and Cybersecurity partner Aaron Simpson discusses with Forcepoint the key, significant changes from the EU Directive that companies must comply with before next year. Accountability, expanded data subject rights, breach notification, sanctions and data transfer mechanisms are a few requirements that Simpson explores in detail. He reminds companies that, in the coming year, it will be very important to “monitor…and stay aware of the guidance being produced by regulators,” but also that the guidance is not a substitute for the specific preparations that each business will need to perform in order to comply with the GDPR.
On April 12, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms (the “Discussion Paper”). The Discussion Paper sets forth recommendations concerning the implementation of the EU General Data Protection Regulation’s (“GDPR’s”) provisions on the development and use of certification mechanisms. The GDPR will become effective on May 25, 2018. The EU Commission, the Article 29 Working Party, individual EU data protection authorities (“DPAs”) and other stakeholders have begun to consider the role of GDPR certifications and how to develop and implement them. CIPL’s Discussion Paper is meant as formal input to that process. Continue Reading CIPL Issues Discussion Paper on GDPR Certifications
As previously published on the Data Privacy Laws blog, Pablo A. Palazzi, partner at Buenos Aires law firm Allende & Brea, provides the following report.
Earlier this month, the Argentine Data Protection Agency (“DPA”) posted the first draft of a new data protection bill (the “Draft Bill”) on its website. Argentina’s current data protection bill was enacted in December 2000. Argentina was the first Latin American country to be recognized as an adequate country by the European Union. Continue Reading DPA of Argentina Issues Draft Data Protection Bill