Tag Archives: EU Data Protection Directive

Article 29 Working Party Clarifies Scope of Health Data Processed by Lifestyle and Wellbeing Apps

On February 5, 2015, the Article 29 Working Party published a letter that responds to a request of the European Commission to clarify the scope of health data processed by lifestyle and wellbeing apps. In the letter, the Working Party identifies the criteria to determine when personal data qualifies as "health data," and provides recommendations on the treatment of health data in the proposed EU Regulation.… Continue Reading

Centre Discusses the Risk-Based Approach to Privacy and APEC-EU Interoperability at IAPP Brussels

At the IAPP's recent Europe Data Protection Congress in Brussels, the Centre for Information Policy Leadership at Hunton & Williams led two panels on the risk-based approach to privacy as a tool for implementing existing privacy principles more effectively and on codes of conduct as a means for creating interoperability between different privacy regimes.… Continue Reading

Centre’s Risk Workshop II in Brussels Emphasizes that Risk-Based Approach to Privacy Does Not Change Legal Obligations but Helps Calibrate Their Effective Implementation

On November 18, 2014, the Centre for Information Policy Leadership at Hunton & Williams held the second workshop in its ongoing work on the risk-based approach to privacy and a Privacy Risk Framework. Approximately 70 Centre members, privacy regulators and other privacy experts met in Brussels to discuss the benefits and challenges of the risk-based approach, operationalizing risk assessments within organizations, and employing risk analysis in enforcement. … Continue Reading

Article 29 Working Party Issues Guidance on the “Legitimate Interests” Ground in the EU Data Protection Directive

On April 9, 2014, the Article 29 Working Party issued an Opinion on the "legitimate interests" ground for lawful processing of personal data. The Opinion provides detailed information on how data controllers should conduct the balancing test necessary to determine whether processing is justified on the basis of the controller’s legitimate interests.… Continue Reading

Greek Presidency Issues Notes on Proposed EU Data Protection Regulation

On January 31, 2014, the Greek Presidency of the Council of the European Union issued four notes regarding the proposed EU Data Protection Regulation. This blog post summarizes the notes which address the one-stop-shop mechanism, data portability, data protection impact assessments and prior checks, and rules applicable to data processors.… Continue Reading

Brazil Moves Forward with Internet and Data Protection Bills

Brazilian lawmakers held several consensus-building meetings with party leaders over the past two weeks to reach a voting agreement on a draft bill to establish the country's first set of Internet regulations. Disputes over what should be included in the legislation have delayed a vote on the measure, but the bill continues to be a priority for Congress and a vote is expected in the coming weeks. … Continue Reading

APEC and Chinese E-Commerce Center Co-Sponsor Data Privacy Workshop in Beijing

On July 22-23, 2013, the APEC E-Commerce Business Alliance and the China International Electronic Commerce Center hosted a Workshop in Beijing to discuss personal information protection issues in the APEC region. In addition to delegates from Mainland China, representatives from Hong Kong, Malaysia, South Korea, Taiwan, the United Kingdom, the United States and Vietnam were in attendance.… Continue Reading

EU Court of Justice Advocate-General Issues Opinion in Google Search Case

On June 25, 2013, the Advocate-General of the EU Court of Justice delivered his Opinion in a case against Google that questioned whether individuals have a right to have search result links about them erased. This blog entry provides further details on the case and the Advocate-General's Opinion that individuals have no such right under existing law.… Continue Reading