All posts by Claire Walker

For all those avidly (and patiently) watching the progress of the General Data Protection Directive, just a quick update from Datonomy to let you know that the final text has today been published in the Official Journal. You can find the text (all 88 pages, 173 recitals and 99 articles of it)  - in all official languages - here. Regulation 2016/679 (a number that will soon become imprinted on practitioners' minds) will come into force on 25 May 2018. The official texts of the accompanying law enforcement directive and of the passenger name record directive have also been published today. The Datonomy team have been tracking the marathon journey  of the proposal from the leak of the draft proposal at the end of 2011 to today's final procedural milestone. The countdown  now begins in earnest, and Datonomy will be bringing you practical commentary on how to prioritise and gear up … Continue Reading ››
Datonomy summarises the latest developments in the ongoing saga of US data transfers. What's new? On 13 April, the Article 29 Working Party announced their eagerly awaited – but as it turned out,  somewhat inconclusive - conclusions on the proposed new EU-US Privacy Shield data transfer mechanism. A lunchtime press conference led by Article 29 Working Party Chairman Isabelle Falque-Pierrotin was followed by the publication in the late afternoon of two new documents: The documents analyse the Privacy Shield from two angles:
  • the commercial aspects
  • derogations for national security purposes.
See below ("What are the regulators' concerns") for a bit more detail on the content of these documents and the key concerns raised. As Datonomy readers … Continue Reading ››
It is just over four years since Datonomy reported on the leak of the Commission's original DP reform proposals and, as most readers will have heard by now, last night the EU institutions reached political agreement on the General Data Protection Regulation. Agreement was also reached on the other part of the reform package, the less-reported-on Data Protection Directive for the police and criminal justice sector.  We do not have  final texts, although  key Council analysis documents of the compromise texts for both the GDPR and the Directive  have been leaked on  the Statewatch website, and this, combined with reports from sources in Brussels, gives us an indication of where the key aspects of the Regulation have ended up. Datonomy will of course be analysing the finalised  texts once these become available. What's next? When will the new rules be in force? The compromise texts will now  go back to the Council and the … Continue Reading ››
Late yesterday (7 December) the EU institutions reached a deal on the Network and Information Security Directive. The Directive will introduce new cyber security requirements for providers of key infrastructure, and oblige them to report details of cyber attacks to the authorities.  The deadline for bringing the new rules into force will be in Q3 2017. Businesses which fall within the Directive’s definition of “digital service providers” – including online market places, cloud computing and search engines – will also be subject to security and breach notification requirements. The final text of the Directive is still awaited. Datonomy will provide further analysis once the text becomes available. What’s new? On 7 December, after many months of trilogue negotiations, the EU institutions reached a compromise on the text of the NISD. The European Commission issued this press release and the Council of the European Union followed suit swiftly with this … Continue Reading ››
The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia. With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
  • EU policy and regulation including latest news from Brussels on the GDPR and NISD
  • News from the UK
  • News from Germany
  • News from Spain
  • News from Asia
  • GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
Before Datonomy readers   head off for their well-earned summer holidays, here’s a quick round up of “end of term" UK and EU regulatory activity. The weekly cyber update will also be taking a break during the rest of August, but will return - with batteries re-charged  - in the Autumn to continue monitoring regulatory developments in the fields of data and cyber security. EU POLICY AND REGULATION
  • Network and Information Security Directive: Another glimmer of progress in the long-running saga of the NISD, and in particular the still unresolved question of the extent to which online platforms will be caught by the new breach reporting requirements. Following the recent sighting of a Council document on the scope of “essential services” (reported last week), on 31 July another potentially very significant new document was listed on the Consilium website. Entitled “Proposed approach to digital service platforms”, this promising-sounding document is, at the time … Continue Reading ››
  The latest round up of legal, regulatory and other news from the Datonomy blogging team at Olswang LLP. With thanks to: Christian Leuthner in Munich, Aisling O’Dwyer and Matt Hunter in Singapore, and Callum Monro-Morrison in London for their contributions to this week’s alert. EU POLICY AND REGULATION
  • Datonomy’s correspondent in Munich, Christian Leuthner has tweeted, that Germany’s IT Security Act came into force on 25 July. See his more detailed coverage of the new Act here
  • Network and Information Security Directive: A glimmer of progress on the EU’s draft NISD in the past week, with the mention on the Council’s Consilium website of a Council document “Drafting suggestions on operators providing essential services”. As Datonomy readers will be aware, one of the sticking points on the Directive has been the extent to which online services should be caught by the new rules. At the end of … Continue Reading ››