Category Archives: European Data Protection Supervisor

Yesterday (13 December) in time-honoured tradition, a draft proposal of the European Commission's (EC) new ePrivacy Regulation was leaked. The official draft of the proposal is not expected to be published by the EC until January 2017, and it is possible some of the detail will change before then. Datonomy will be providing fuller analysis of the real thing in the near future, but an initial look at the leaked draft – which (typos aside) gives a good indication of what to expect - reveals the following:
  1. It's a Regulation rather than a Directive (as predicted by Datonomy here)
As with the GDPR, this is intended to provide additional harmonisation and simplification. However, there are a number of areas where Member States can nuance provisions.
  1. A fining regime similar to GDPR
Offenders can expect turnover based fines. For example, fines of up to 2% of turnover, or up to 10,000,000 … Continue Reading ››
Recently Datonomy attended the second of two conferences held by Exeter University addressing the UK's place in the Digital Single Market. The day, hosted at Portcullis House, focused on data protection and privacy policy with viewpoints provided by both practitioners and stakeholders. Of particular relevance to Datonomy readers were the panels' opinions on the ePrivacy Directive review, the GDPR, and the new Investigatory Powers Act (recently explored by Datonomy here). Draft ePrivacy Regulation on the horizon Perhaps the headline news from the day was the strong support for the review of the ePrivacy Directive to result in the implementation of a new ePrivacy Regulation (therefore directly effective). It was argued the Regulation should extend the scope of the current ePrivacy Directive to cover new tech including, for example, OTT Providers, publically used private networks and the Internet of Things. According to the European Commission the draft proposal … Continue Reading ››
Last week, as part of Olswang's GDPR readiness and Talking Retail webinar series', lawyers from the firm's data protection and retail sector teams hosted a webinar looking at the implications of the GDPR on the use of data by the retail industry during an online transaction.  In this session our speakers looked at the following:
  • Targeted and non-targeted advertising
  • Privacy policies
  • Processing customer payment details
  • Post purchase analysis
  • Data breaches
  • GDPR implementation
The webinar was hosted by Katie Nagy de Nagybaczon, a partner in the Corporate Team, who focuses on the retail, eCommerce and technology sectors. The two speakers were:
  • Sven Schonhofen, an associate in the Commercial Team of the Munich office. He specializes in advising clients in all areas of IT law, in particular on data protection law.
  • Emily Dorotheou, an associate in the Commercial Team who has experience of working on procurement, technology and logistics contracts for a variety of retail and technology clients.
Please follow this … Continue Reading ››
Today, 12 July 2016, the Privacy Shield was adopted by the EU Commission. Who would have thought that the Privacy Shield would be adopted so fast after the harsh criticism by the Art. 29 WP? The new Privacy Shield Privacy Shield registration shall be available to US companies starting August 1, 2016.  The US Department of Commerce has already provided a HOW TO JOIN GUIDE. Compared to v1 of the Privacy Shield, it got some cosmetics and fine tuning around certain passages, e.g. purpose limitation and terminology. It is, however, not certain whether all points raised by the Art. 29 Working Party or other official bodies that oversee the framework have been cured. See some rather sceptical comments:  https://www.janalbrecht.eu/themen/datenschutz-digitalisierung-netzpolitik/eu-us-privacy-shield-2.html  or http://www.irishtimes.com/opinion/privacy-shield-the-new-eu-rules-on-transatlantic-data-sharing-will-not-protect-you-1.2719018. Disqualification is threatened According to unofficial statements, the likelihood of Privacy Shield coming before the ECJ is somewhere between 60 to 70%. This is very (too !) … Continue Reading ››
Late on Friday 16 October, Europe’s data protection regulators issued an opinion enabling ongoing transfers of personal information from the EU to the US, at least for the time being. This followed on from the CJEU’s 6 October decision in the Schrems case that the so-called “safe harbor” regime used by more than 4000 US companies to legitimize the import of EU personal information was invalid. Following that decision a number of German data protection authorities ruled that “model clauses”, another mechanism used by thousands of other organisations to legitimize EU to US transfers, were also invalid. There was growing concern that the Article 29 Working Party, an influential body representing Europe’s data protection authorities, would follow the German approach creating more uncertainty and removing one of the few remaining limbs to support transfer. Businesses on both sides of the Atlantic can breathe a sigh of relief.  The opinion, although far from categorically … Continue Reading ››
  The latest round up of legal, regulatory and other news from the Datonomy blogging team at Olswang LLP. With thanks to: Christian Leuthner in Munich, Aisling O’Dwyer and Matt Hunter in Singapore, and Callum Monro-Morrison in London for their contributions to this week’s alert. EU POLICY AND REGULATION
  • Datonomy’s correspondent in Munich, Christian Leuthner has tweeted, that Germany’s IT Security Act came into force on 25 July. See his more detailed coverage of the new Act here
  • Network and Information Security Directive: A glimmer of progress on the EU’s draft NISD in the past week, with the mention on the Council’s Consilium website of a Council document “Drafting suggestions on operators providing essential services”. As Datonomy readers will be aware, one of the sticking points on the Directive has been the extent to which online services should be caught by the new rules. At the end of … Continue Reading ››
The EU’s ambitious plans for a radicalisation of data protection laws have suffered a serious set-back. EU justice commissioner Viviane Reding finally conceded in a speech at a meeting of EU justice and home affairs ministers in Athens last week that the draft General Data Protection Regulation will not be agreed during the current term of the EU Parliament. The most recent delay has been caused by the EU Council of Ministers failing to reach agreement before starting negotiations with the EU Parliament and the Commission, with several Member States demanding significant changes to the proposals. New timetables have been proposed and optimistic statements made that there will still be a new data law by the end of this year.  However, the reality is that any prediction about the substance or process to agree the draft Regulation post this May’s parliamentary election season is guesswork at best.   Fundamental differences remain among Member … Continue Reading ››