Archives: International Privacy Law

Subscribe to International Privacy Law RSS Feed

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading

Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available

Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European Union (EU) supervisory authorities within 72 hours of becoming aware of the breach if it is likely to result in a … Continue Reading

Advocate General Opinion Supports Limiting the “Right to be Forgotten” to the EU

On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU.  The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issues presented … Continue Reading

Brazil Enacts Measure Creating a Data Supervisory Authority; Delays Implementation of the LGPD

While the inauguration of a polarizing new president dominated the news of Brazil around the beginning of the new year, outgoing President Michel Temer, before leaving office, issued an executive order that has important ramifications for Brazil’s recently enacted General Data Protection Regulation (Lei Geral de Proteção de Dados or LGPD). Provisional Measure No. 869/2018 … Continue Reading

Privacy Shield Update: Commission Report, Ombudsperson Deadline, Brexit Guidance

The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework.  This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading

Controversial Australian Encryption Act Denounced by Privacy and Cryptography Advocates

Last week, Australia’s parliament passed a controversial act that will enable law enforcement and intelligence agencies to compel access to encrypted communications. In an explanatory memorandum, the Australian Parliament stated that the new act, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, is intended to combat “the challenges posed by ubiquitous encryption.” … Continue Reading

EU-U.S. Privacy Shield Framework Joint Annual Review 2.0

As we previously reported here, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the EU-U.S. Privacy Shield Framework is underway, and the FTC has announced several new enforcement actions, which … Continue Reading

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

European Court Provides Further Clarity on Employee Monitoring

The September 5, 2017, decision of the Grand Chamber of the European Court of Human Rights (ECHR) in Bărbulescu v Romania (Bărbulescu) has interrupted a recent trend toward limiting privacy in the European workplace. The Bărbulescu decision held that a Romanian employee’s legally protected right to privacy was violated when his employer monitored personal messages … Continue Reading

Privacy Shield Update: Ahead of First Joint Review, Europeans Remain Skeptical as FTC Announces Enforcement Actions

On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S. Privacy Shield Framework. The move follows several months of uncertainty surrounding the Framework’s future as EU officials and privacy advocates have questioned its efficacy and validity in the run-up to the … Continue Reading

When is a Chair not a Chair? Big Data Algorithms, Disparate Impact, and Considerations of Modular Programming

The DESI VII Workshop titled “Using Advanced Data Analysis in eDiscovery & Related Disciplines to Identify and Protect Sensitive Information in Large Collections” was held on the Strand Campus of King’s College in London on June 12, 2017. DESI VII was particularly focused on privacy, and presented numerous papers that examined emerging protocols and novel … Continue Reading

Deeper Dive: Security Incident Notification Under the New EU General Data Protection Regulation (GDPR)

As noted in the 2017 BakerHostetler Data Security Incident Response Report, the enactment of the EU General Data Protection Regulation (GDPR) represents the most significant change in European data protection law in more than 20 years. Coming into effect on May 25, 2018, the GDPR focuses on a number of core data protection principles and … Continue Reading

Australia’s New Breach Notification Law Set to Take Effect February 2018

On February 13, 2017, the Australian Senate passed a bill establishing a mandatory requirement to notify the Privacy Commissioner and affected individuals of “eligible” data breaches. The Privacy Amendment (Notifiable Data Breaches) Act 2016, which was passed by the House of Representatives the previous week, amends Australia’s Privacy Act 1988 and is slated to take … Continue Reading

Will the proposed “Countering Russian Hostilities Act” stop Russian cyberattacks?

On Jan. 10, 2017, a bipartisan group of five Republican and five Democratic senators announced their support for the Countering Russian Hostilities Act of 2017. Lindsey Graham, one of the senators who announced the proposed legislation, told The Wall Street Journal that he is confident the bill will get overwhelming support.[1] One reporter agreed, stating … Continue Reading

Swiss-U.S. Privacy Shield Framework to Launch April 12

On January 11, 2017, the U.S. Department of Commerce, the Swiss Federal Council and the Swiss Federal Data Protection and Information Commissioner (FDPIC) issued press releases announcing that an agreement has been reached on a new cross-border data transfer mechanism, the Swiss-U.S. Privacy Shield Framework (the Swiss Privacy Shield). The Swiss Privacy Shield replaces its … Continue Reading

Privacy Rights Group Files First Legal Challenge to EU-U.S. Privacy Shield

Digital Rights Ireland, an Irish privacy advocacy group, has filed the first legal challenge to the EU-U.S. Privacy Shield, the Trans-Atlantic agreement reached earlier this year to permit the lawful transfer of personal data from the European Union to the United States. The Privacy Shield was formally adopted on July 12, 2016, by the European … Continue Reading

Privacy Shield Developments and UK Data Transfers Post-Brexit

With the UK’s Brexit referendum dominating the news out of Europe over the past week, it may have been easy to miss a key development in the continuing Privacy Shield negotiations. On Friday, June 24, news outlets reported that U.S. regulators and the European Commission had agreed on a finalized version from the Privacy Shield, a proposed … Continue Reading

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers

The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision.  On June 6, the Hamburg DPA announced that it had fined three companies for unlawful transfers of personal data from the EU to the United States.  According … Continue Reading

Companies Face Uncertainty as Privacy Shield Encounters New Hurdles

The Privacy Shield, proposed this past February and greeted with cautious optimism by European and U.S. regulators alike as a more robust “replacement” for the invalidated Safe Harbor framework, appears to be suffering death by a thousand paper cuts. Today’s European Parliament resolution (the “Resolution”) delivered the latest blow. The Resolution recommends that the European … Continue Reading

Privacy Shield Update: A Recap of Recent Developments

On April 13, 2016, the Article 29 Working Party (WP29), an influential group of European data protection authorities, issued a non-binding opinion that criticized certain elements of the fledgling Privacy Shield framework. Although the Privacy Shield remains in limbo at this time, a flurry of speculation and Shield-adjacent legal maneuvers have colored the landscape and … Continue Reading

U.S. Companies May Risk Liability Under Canadian Anti-Spam Law

U.S. companies may soon risk litigation for failing to comply with the provisions of Canada’s anti-spam law (CASL) in their electronic communications to Canadian consumers. While this anti-spam law has been in force since 2014, its provisions permitting a private right of action become effective on July 1, 2017. Even companies with no operations in … Continue Reading

Safe Harbor Part Deux: The Privacy Shield

This week began like many. An arbitrary deadline came and went – this one, January 31, 2016, was set by the Article 29 Working Party for European and United States regulators to address the void created by the invalidation of the Safe Harbor Framework for EU-U.S. data transfers in the Schrems decision back in October. … Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading
LexBlog