International Privacy Laws

As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers were able to view varying levels of information for different accounts. 
Continue Reading Facebook Acknowledges Breach of Sensitive Data for Nearly 30 Million Users

As many of our readers know, the General Data Protection Regulation (GDPR) imposes significant obligations and responsibilities on entities with regard to data protection and privacy for all individuals within the European Union and the European Economic Area. Violations of GDPR can result in fines up to €20 million, or up to 4 percent of

The United Kingdom data privacy watchdog reports that the number of complaints received since the EU’s General Data Protection Regulation (GDPR) took effect three months ago has almost doubled.  Under GDPR, anyone who believes their personal data has been misused can file a complaint with the Information Commissioner’s Office, or ICO.

Legal Experts say GDPR

Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously

On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the

All privacy professionals, whether in the EU or the U.S., need to have an understanding of the implications of General Data Privacy Regulation (GDPR) compliance, particularly since the fines and penalties that could be imposed for non-compliance are intimidating. GDPR goes into effect on May 25, 2018, and many companies are struggling to become compliant

The General Data Protection Regulation (GDPR) (EU) 2016/679 of 27 April 2016 which comes into force in May 2018, will introduce major changes to the law on the processing of personal data in the European Union. Over the next several months, several European Union law firms we work very closely with will join us in providing you with more information on the GDPR. Different themes will be tackled month by month to help you prepare for the GDPR deadline.

Part 3 of this GDPR Series is brought to you by the German law firm of Graf von Westphalen. Other blog entries in this series will be brought to you by the law firms of Mills & Reeve (UK), FIDAL (France) and VanBenthem & Keulen (Netherlands) as well as Robinson+Cole (United States).

 Consent as a lawful basis for data-processing

Every data processing activity requires a lawful basis. Such lawful basis may be provided directly by law, or by consent granted by the data subject, both according to the statutory requirements set out in the Directive 95/46/EC and, importantly, national data protection laws. This general principle remains unchanged under the GDPR, however, the new Regulation provides for new or additional requirements for such consent to be a lawful basis for processing and transfer of personal data.
Continue Reading General Data Protection Regulation (GDPR) Series, Part #3: GDPR Consent and Fair Processing

In less than 300 days, the European General Data Protection Regulation (GDPR) will go into effect and forever change the privacy landscape. Leading industry organization, Gartner, Inc., predicts that more than 50 percent of companies affected by the GDPR will not be fully compliant. Of course, the affected companies will include both European and non-European companies. Bart Willemsen, research director at Gartner, says “Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.”

How can organizations prepare for the GDPR? Gartner recommends organizations focus on five high-priority areas:
Continue Reading 5 Focus Areas in Preparation for GDPR Compliance

Japan and the European Union announced an agreement in principle on major components of a substantial free trade deal on the eve of the recent G20 summit in Hamburg. This free trade deal rivals NAFTA in scope and impact, as it will impact 40 percent of the world’s trade. Once finalized, this free trade pact

The General Data Protection Regulation (GDPR) (EU) 2016/679 of 27 April 2016 which comes into force in May 2018, will introduce major changes to the law on the processing of personal data in the European Union. Over the next twelve (12) months, several European Union law firms we work very closely with will join us in providing you with more information on the GDPR. Different themes will be tackled month by month to help you prepare for the GDPR deadline.

Part #2 of this GDPR Series is brought to you by Mills & Reeve, a United Kingdom law firm. Other blog entries in this series will be brought to you by the law firms of Graf von Westphalen (Germany), FIDAL, (France) and VanBenthem & Keulen (Netherlands) as well as Robinson+Cole (United States).

In any major project there is an analysis phase – involving a careful examination of your organization’s current set-up and what needs to be done to deliver the project successfully. Preparing for the GDPR is no exception. Depending on the structures and practices of your organization, compliance could require a significant allocation of resources to ensure that you are ready by the implementation date: 25 May 2018.

So what can be done to get started?

Perhaps the best first step is to conduct a self-assessment audit. This will help organizations map the likely impacts of the changes in data protection law on their activities.

A few key points are worth looking at in detail:
Continue Reading General Data Protection Regulation (GDPR) Series Part #2: The Importance of Self-Assessment