Category Archives: EU Legislation

The General Data Protection Regulation ("GDPR") comes into force on 25 May 2018. It is binding for all member states and provides for a harmonisation of the data protection regime throughout the EU. However, various opening clauses provide member states with discretion to introduce additional national provisions to further specify the application of the GDPR. The German legislator has been among the first to draft such provisions supplementing the GDPR. What areas does the General Federal Data Protection Act cover? Recently a draft of the German Federal Ministry of the Interior for a General Federal Data Protection Act (Allgemeines Bundesdatenschutzgesetz, "GFDPA") has been leaked. This is meant to replace the current Federal Data Protection Act (Bundesdatenschutzgesetz, "FDPA"). The draft includes new provisions in areas that are subject to the opening clauses of the GDPR. For example:
In the past year, we have seen Safe Harbor declared invalid and the EU-US Privacy Shield put in place, as well as the start of the countdown to GDPR compliance. Datonomy contributors Elle Todd and Rob Bratby join Jamie Davies from Telecom to discuss all things data and reflect on the changes to EU data protection regulation over the past twelve months. Find the article here.
Datonomy's correspondents in Spain report on an important decision in the continuing saga of RTBF actions against Google. What's new? On 14 March 2016, the Spanish Supreme Court (Tribunal Supremo) issued an important ruling in favor of Google Spain on the right to be forgotten. The judgment held that claims concerning the right to be forgotten should be submitted directly to Google Inc in the United States. The Spanish Supreme Court's decision The Supreme Court considered that only Google Inc (headquartered in US) should be considered as a data controller, determining the purposes and means of the processing of personal data for Google Search. The Court considers that Google Spain is not involved in the processing of personal data necessary for the operation of the search engine (for instance, indexing or storing data from third-party websites), and therefore, it should not take over the claims brought by users seeking to exercise the right to … Continue Reading ››
Olswang has just published the latest edition of the Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team.  There is a great deal to report since our last update in October 2014.  In February, the Olswang team visited our friends in the US, co-hosting a cyber workshop in Silicon Valley and presenting to the Los Angeles chapter of the IAPP on the latest status of the General Data Protection Regulation.  You can read our December 2014 status update on the draft Regulation, which includes an analysis of data breach notification here. In this edition:
UK standards and benchmarks
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • The UK government and Marsh (a UK insurance broker and risk advisor), have announced a new joint initiative to promote cyber insurance by publishing a report titled, “UK cyber security: the role of insurance in managing and mitigating the risk”.  The report details how the UK can become the world centre for cybersecurity insurance by working with the Cyber Essentials scheme.  The insurance industry has a major opportunity to expand offerings given that fewer than 10% of UK companies currently have cyber insurance protection.  Read the full report here.
  • The UK Minister for the Cabinet Office, Francis Maude, has announced that the UK is planning to collaborate with Israel on the issue of cyber research by agreeing three joint academic ventures.  By pledging … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  UK policy and regulatory developments
  • Given that passwords are often a weak-point in user security, CERT UK have focused on Windows 10 and Yahoo’s new approach to the topic.  Windows 10 is developing a series of biometric tools (such as fingerprint, facial and iris recognition), whereas Yahoo is developing a system to provide one-time passwords every time a user tries to log in.  See CERT UK’s weekly update for 19 March 2015 here.
  • CERT’s latest weekly update also contains a plug for its recently published 12 page guidance “Cyber Security risks in the supply chain”.  This illustrates recent examples of supply chain compromise, including those arising from third party software providers, website builders, third party data stores and watering hole attacks.
  • The Department for Business, Innovation & Skills has updated … Continue Reading ››