On September 29, 2017 the French Data Protection Authority published a guide for data processors to implement the new obligations set by the EU General Data Protection Regulation.… Continue Reading
On September 18, 2017, the European Commission and U.S. Department of Commerce kicked off their first annual joint review of the EU-U.S. Privacy Shield. To aid in the review, the Department invited a few industry leaders, including Hunton & Williams' partner Lisa Sotto to speak about their experiences during the first year of the Privacy Shield.… Continue Reading
On August 22, 2017, the Russian privacy regulator announced that it had issued an order, effective immediately, revising notice protocols for companies that process personal data in Russia. … Continue Reading
On August 9, 2017, the Russian privacy regulator expanded its list of nations that provide sufficient privacy protections to allow transfers of personal data from Russia.… Continue Reading
On August 14, 2017, the Colombian Superintendence of Industry and Commerce announced that it was adding the United States to its list of nations that provide an adequate level of protection for the transfer of personal information. This development should help facilitate the transfer of personal information from Colombia to the United States.… Continue Reading
On August 7, 2017, the UK Government’s Department for Culture, Media and Sport published a Statement of Intent setting out the planned reforms to be included in the forthcoming Data Protection Bill, which we previously reported is expected to be laid before the UK Parliament in early September.… Continue Reading
Recently, the European Union Committee of the UK’s House of Lords published its paper, Brexit: the EU data protection package. The Paper urges the UK government to make good on its stated aim of maintaining unhindered and uninterrupted data flows between the UK and EU after Brexit, and examines the options available to ensure that this occurs. … Continue Reading
On July 27, 2017, Singapore submitted its notice of intent to join the APEC Cross-Border Privacy Rules system and the APEC Privacy Recognition for Processors System. Singapore would be the sixth member of the CBPR system, joining Canada, Japan, Mexico, the United States and the newest member, South Korea. … Continue Reading
On July 26, 2017, the Court of Justice of the European Union declared that the envisaged EU-Canada agreement on the transfer of passenger name records interferes with the fundamental right to respect for private life and the right to the protection of personal data and is therefore incompatible with EU law in its current form.… Continue Reading
On July 10, 2017, the Cyberspace Administration of China published a new draft of its Regulations on Protecting the Security of Key Information Infrastructure, and invited comment from the general public. The Draft Regulations will remain open for comment through August 10, 2017.… Continue Reading
The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party's previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.… Continue Reading
As companies in the EU and the U.S. prepare for the application of the EU General Data Protection Regulation in May 2018, Hunton & Williams’ Global Privacy and Cybersecurity partner Aaron Simpson discusses the key, significant changes from the EU Directive that companies must comply with before next year. This blog entry contains a link to the full 30-minute webinar. … Continue Reading
On June 21, 2017, in the Queen’s Speech to Parliament, the UK government confirmed its intention to press ahead with the implementation of the EU General Data Protection Regulation into national law.… Continue Reading
On Monday, June 12, 2017, South Korea's Ministry of the Interior and the Korea Communications Commission announced that South Korea has secured approval to participate in the APEC Cross-Border Privacy Rules system.… Continue Reading
Recently, the National Information Security Standardization Technical Committee of China published draft guidelines on cross-border transfers pursuant to the new Cybersecurity Law, entitled Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment. Once finalized, the Guidelines are intended to establish norms regarding security assessments conducted in the context of cross-border data transfers. … Continue Reading
On June 1, 2017, the new Cybersecurity Law went into effect in China. This post takes stock of (1) which measures have been passed so far, (2) which ones go into effect on June 1 and (3) which ones are in progress but have yet to be promulgated.… Continue Reading
On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield, to take place in September 2017, is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating.… Continue Reading
On May 19, 2017, the Cyberspace Administration of China issued a revised draft of its Measures for the Security Assessment of Outbound Transmission of Personal Information and Critical Data. This blog entry provides highlights on the revised draft.… Continue Reading
On April 12, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms which sets forth recommendations concerning the implementation of the EU GDPR’s provisions on the development and use of certification mechanisms.… Continue Reading
On April 11, 2017, the Cyberspace Administration of China published a draft of its proposed Measures for the Security Assessment of Outbound Transmission of Personal Information and Critical Data. The Draft provides further guidance on how security assessments might be carried out.… Continue Reading
Haim Ravia and Dotan Hammer of Pearl Cohen Zedek Latzer Baratz recently published an article outlining Israel’s new Protection of Privacy Regulations, passed by the Knesset on March 21, 2017. The Regulations will impose mandatory comprehensive data security and breach notification requirements on anyone who owns, manages or maintains a database containing personal data in Israel.… Continue Reading
On March 7, 2017, Hunton & Williams LLP hosted a webinar with Beijing partner Bing Maisog on China’s new Cybersecurity Law. China’s new Cybersecurity Law will impose new restrictions on information flows from operators of key information infrastructure, and will become effective in June 2017.… Continue Reading
Recently, the UK Information Commissioner’s Office published draft guidance regarding the consent requirements of the EU General Data Protection Regulation that sets forth how the ICO interprets the GDPR’s consent requirements, and its recommended approach to compliance and good practice. … Continue Reading
Hunton & Williams LLP, in coordination with the U.S. Chamber of Commerce, recently issued a report that provides a series of recommendations to enhance the effectiveness of data privacy regulators. … Continue Reading
