Category Archives: Technology update

On 14 July 2016, the US Court of Appeals for the Second Circuit ruled that Microsoft cannot be forced by US law enforcement to hand over customer emails stored in its Ireland data centre. At stake were fundamental questions about privacy in the cloud. The decision has been hailed by the technology sector and privacy campaigners around the world as a global milestone for the advancement of laws balancing the legitimate interests of law enforcement and individuals' right to privacy. But what does a US Court decision about data on a server in Ireland mean for cloud in Asia? In this post, we look at the Court's decision and why it is good news for the whole cloud ecosystem in Asia. What was the case about? The case centred on a warrant issued by US law enforcement in a narcotics case. The warrant required Microsoft to hand over emails that were stored … Continue Reading ››
In what's turned out to be a great week for US privacy developments, hot on the heels of the Privacy Shield announcement,  yesterday, 14 July,  the 2nd US Circuit Court of Appeals gave its anxiously awaited judgment in the Microsoft search warrant saga. The case centred on a warrant in a US narcotics case requiring Microsoft to hand over emails that were stored on a Microsoft server in Dublin. After Microsoft  refused, a District Court in Manhattan held in 2014 that Microsoft was compelled to hand the emails over. Microsoft appealed. At stake of course was not just some emails, but fundamental questions concerning the extent to which one country can extend its long arm of the law into another jurisdiction and the individual's rights to privacy and protection under their own domestic laws. No wonder then that this case quickly became a cause celebre  not only for privacy … Continue Reading ››
Retailers are increasingly using facial recognition technologies to track customers in-store.  This technical innovation has positive connotations for both, retailers and customers, by targeting loyal clients and higher spenders, and improving users’ store-buying experience. However, a special emphasis should be placed on privacy issues, so as not to compromise data subjects’ fundamental right to data protection.  The Spanish Data Protection Agency (AEPD) issued some guidance on this hot topic (0328/2012 and 0392/2011).  In this post, we look at the issues retailers need to factor in order to stay on the right side of data protection law. Facial recognition systems may be considered highly invasive, since images can be captured and processed from a range of viewpoints without the knowledge of the data subject. As pointed out by the Article 29 Working Party, even when a data subject is aware that a camera is operating, there may be no … Continue Reading ››
On 15th October 2015 the Spanish Supreme Court handed down its first ruling[1] on the so-called digital “right to be forgotten" in which it states that harmful information affecting individuals without public relevance should not be accessible to Internet search engines when the news has lost relevance over time. The background of the case The decision of the Court is based on the following facts: in the 1980s two people were involved in drug-trafficking and consumption. After being arrested, they were finally convicted for drug smuggling and imprisoned. A few years ago, after having served their sentence imposed for these facts and having remade their personal, family and professional life, they found out that by typing their names in the major Internet search engines (particularly, Google and Yahoo!), the news that once was published in a newspaper (El País) now appeared among the first search results, because such newspaper had … Continue Reading ››
The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia. With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
  • EU policy and regulation including latest news from Brussels on the GDPR and NISD
  • News from the UK
  • News from Germany
  • News from Spain
  • News from Asia
EU POLICY AND REGULATION
  • GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics  The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
  • $6.5m is the average total cost of data breach
  • 11% increase in total cost compared to last year
  • $217 is the average cost per lost or stolen record (up 8%)
  • Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Olswang will provide further coverage of the latest Ponemon findings in its Q2 Cyber Quarterly . UK policy and regulatory developments
  • CERT-UK: CERT’s latest weekly update is available here and highlights the risk from phishing attacks launched by means other than email (e.g. text and instant messaging apps) along with … Continue Reading ››
Following a short Easter break, the Datonomy blogging team at Olswang LLP is back with the latest round up of legal and regulatory developments and other news on cybersecurity. UK policy and regulatory developments
  • With a pre-election freeze on government policy announcements, let’s look instead at what the major parties are saying about cybersecurity. On 11 April the Lib Dems announced they would introduce a Digital Rights Bill if elected, and launched an online consultation seeking voters’ views on what this should include. The proposed Bill would enshrine individuals’ digital rights in one comprehensive piece of legislation. The eleven “big ideas” are set out in this document and include privacy, data protection, control of user content, consumer rights, freedom of speech, open data and surveillance. Cybersecurity features as part of Big Idea Number 9: Encryption. The manifesto calls for individuals, businesses and public bodies to have the right to use strong encryption, … Continue Reading ››