Data Protection Authority

On September 5, 2018, the Law of 30 July 2018 on the Protection of Natural Persons with regard to the Processing of Personal Data (the “Law”) was published in the Belgian Official Gazette.

This is the second step in adapting the Belgian legal framework to the EU GDPR after the Law of 3 December 2017 Creating the Data Protection Authority, which reformed the Belgian Data Protection Authority.

The Law is available in French and Dutch.

On July 19, 2018, the French Data Protection Authority (“CNIL”) announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit (“SDK”) tools integrated into the code of their partners’ mobile appseven when the apps are not in useand process the data to conduct marketing campaigns on mobile phones. Continue Reading CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting

On July 23, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP issued two new discussion papers on the Central Role of Organizational Accountability in Data Protection. The goal of these discussion papers is to show that organizational accountability is pivotal to effective data protection and essential for the digital transformation of the economy and society, and to emphasize how its many benefits should be actively encouraged and incentivized by data protection authorities (“DPAs”), and law and policy makers around the globe. Continue Reading CIPL Issues Discussion Papers on the Central Role of Accountability in Data Protection

During the week of June 25, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted its annual executive retreat in San Francisco, California. The annual event consisted of a closed pre-retreat session for CIPL members, a CIPL Panel at the APPA Forum Open session followed by a CIPL reception and dinner and a special all day workshop with data protection commissioner members of the Asia Pacific Privacy Authorities (“APPA”) on Accountable AI. Continue Reading CIPL Hosts Special Executive Retreat with APPA Privacy Commissioners on Accountable AI

On May 16, 2018, the Irish Data Protection Bill 2018 (the “Bill”) entered the final committee stage in Dáil Éireann (the lower house and principal chamber of the Irish legislature). The Bill was passed by the Seanad (the upper house of the legislature) at the end of March 2018. In the current stage, final statements on the Bill will be made before it is signed into law by the President. Continue Reading Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch) on Data Protection Impact Assessment (“DPIA”) and the prior consultation requirements under Articles 35 and 36 of the EU General Data Protection Regulation (“GDPR”) (the “Recommendation”). The Recommendation aims to provide guidance on the core elements and requirements of a DPIA, the different actors involved and specific provisions. Continue Reading Belgian Privacy Commission Issues Recommendation on Data Protection Impact Assessment

On March 29, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its draft guidelines on the accreditation of certification bodies under the GDPR (the “Guidelines”). The Guidelines were adopted by the Working Party on February 6, 2018, for public consultation. Continue Reading CIPL Submits Comments to Article 29 Working Party’s Draft Guidelines on the Accreditation of Certification Bodies under the GDPR

Hunton & Williams LLP is pleased to announce that Richard Thomas, Global Strategy Advisor to the Centre for Information Policy Leadership (“CIPL”), has been selected as Chair for the Bailiwick of Guernsey’s new data protection authority. Adding the appointment to his position at CIPL, Thomas will be formally appointed in May and will work with the Data Protection Commissioner and the States of Guernsey to support the island’s regulatory framework in conjunction with the introduction of its new data protection law. Thomas will work on a shadow basis until his formal appointment, and the role is expected to command between 10 and 15 days per year. Continue Reading Richard Thomas Selected as Chair for Guernsey’s New Data Protection Authority

On February 12, 2018, the Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) published on its website (in English and French) a form to be used for the purpose of compliance with data breach notification requirements applicable under the EU General Data Protection Regulation (the “GDPR”). The CNPD also published questions and answers (“Q&As”) regarding the requirements. Continue Reading Luxembourg DPA Publishes Data Breach Reporting Form