On May 26, 2017, the Belgian Privacy Commission (the “Belgian DPA”) published its Annual Activity Report for 2016 (the “Annual Report”) highlighting its main accomplishments from the past year. Continue Reading Belgian Privacy Commission Releases 2016 Annual Activity Report
As previously published on the Data Privacy Laws blog, Pablo A. Palazzi, partner at Buenos Aires law firm Allende & Brea, provides the following report.
Earlier this month, the Argentine Data Protection Agency (“DPA”) posted the first draft of a new data protection bill (the “Draft Bill”) on its website. Argentina’s current data protection bill was enacted in December 2000. Argentina was the first Latin American country to be recognized as an adequate country by the European Union. Continue Reading DPA of Argentina Issues Draft Data Protection Bill
Recently, the Ministry of Industry and Information Technology of the People’s Republic of China published a draft of the new Notice on Regulating Business Behaviors in the Cloud Service Market (Draft for Public Comments) (the “Draft”) for public comment. The Draft is open for comment until December 24, 2016. Continue Reading China Publishes Regulations Regarding Cloud Services for Public Comment
Earlier this month, the Department of Health and Human Services’ Office for Civil Rights issued guidance (the “Guidance”) for HIPAA-covered entities that use cloud computing services involving electronic protected health information (“ePHI”). Continue Reading HHS Releases Guidance on HIPAA and Cloud Computing
On September 27, 2016, Cloud Infrastructure Services Providers in Europe (“CISPE”) published its Data Protection Code of Conduct (the “Code”). CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws. Continue Reading CISPE Unveils Cloud Providers Code of Conduct
On July 6, 2016, the European Parliament adopted the Directive on Security of Network and Information Systems (the “NIS Directive”), which will come into force in August 2016. EU Member States will have 21 months to transpose the NIS Directive into their national laws. The NIS Directive is part of the European Commission’s cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues. Continue Reading European Parliament Adopts Directive on Security of Network and Information Systems
On June 22, 2016, the Bavarian Data Protection Authority (“DPA”) issued a short paper on certifications under Article 42 of the General Data Protection Regulation (“GDPR”). The GDPR will become effective on May 25, 2018.
This paper is part of a series of papers that the Bavarian DPA will be issuing periodically on specific topics of the GDPR to inform the public about what topics are being discussed within the DPA. The DPA emphasizes that these papers are non-binding. Continue Reading The Bavarian DPA Issues Paper on Certifications Under the GDPR
On May 17, 2016, the European Council adopted its position at first reading of the Network and Information Security Directive (the “NIS Directive”). The NIS Directive was proposed by the European Commission on February 7, 2013, as part of its cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.
The NIS Directive will impose security obligations on “operators of essential services” in critical sectors and “digital service providers.” These operators will be required to take measures to manage cyber risks and report major security incidents. Continue Reading EU Council Adopts the Network and Information Security Directive
On December 30, 2015, the Department of Defense (“DoD”) issued a second interim rule (80 F. R. 81472) that extends the deadline by which federal contractors must implement the new cybersecurity requirements previously issued by the agency. This extension pushes back the compliance deadline to December 31, 2017.
On October 26, 2015, the German federal and state data protection authorities (the “German DPAs”) published a joint position paper on Safe Harbor and potential alternatives for transfers of data to the U.S. (the “Position Paper”).