Just before the festive break, the Article 29 Working Party
"), the group representing national data protection regulators in the EU, issued new guidance
on several key aspects of the new General Data Protection Regulation ("GDPR
"). This is the first guidance of its kind issued by the WP29, and as such represents the first time the data protection authorities have revealed their thoughts on the interpretation of the GDPR.
The guidance consists of three separate sets of guidelines and FAQs:
- an explanation of the role of the now mandatory Data Protection Officer ("DPO");
- a guide to the new right to data portability; and
- guidance regarding the "one stop shop" mechanism for establishing the lead data protection authority in cases of cross-border data processing.
Although the guidance has been formally "adopted", the WP29 is welcoming comments from stakeholders until the end of January 2017, so it is possible that elements may be … Continue Reading ››
‘If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself'.
James Madison, 1788 (highlighted in the AG's opinion)
Enabling a government to control the governed, whilst obliging it to control itself, is the dilemma with which the European Court of Justice (ECJ) has been faced in its preliminary ruling
on the appeal decisions of Tele2
. In today's ruling against the UK Government, the ECJ has clarified that national governments need to respect EU standards on data retention in their domestic legislation. The ruling is a potentially embarrassing setback for Theresa May, as … Continue Reading ››
Yesterday (13 December) in time-honoured tradition, a draft proposal of the European Commission's (EC) new ePrivacy Regulation was leaked
. The official draft of the proposal is not expected to be published by the EC until January 2017, and it is possible some of the detail will change before then. Datonomy will be providing fuller analysis of the real thing in the near future, but an initial look at the leaked draft – which (typos aside) gives a good indication of what to expect - reveals the following:
- It's a Regulation rather than a Directive (as predicted by Datonomy here)
As with the GDPR, this is intended to provide additional harmonisation and simplification. However, there are a number of areas where Member States can nuance provisions.
- A fining regime similar to GDPR
Offenders can expect turnover based fines. For example, fines of up to 2% of turnover, or up to 10,000,000 … Continue Reading ››
Recently Datonomy attended the second of two conferences
Draft ePrivacy Regulation on the horizon
Perhaps the headline news from the day was the strong support for the review of the ePrivacy Directive to result in the implementation of a new ePrivacy Regulation (therefore directly effective). It was argued the Regulation should extend the scope of the current ePrivacy Directive to cover new tech including, for example, OTT Providers, publically used private networks and the Internet of Things.
According to the European Commission
the draft proposal … Continue Reading ››
Last week, as part of Olswang's GDPR readiness and Talking Retail webinar series', lawyers from the firm's data protection and retail sector teams hosted a webinar looking at the implications of the GDPR on the use of data by the retail industry during an online transaction. In this session our speakers looked at the following:
- Targeted and non-targeted advertising
- Privacy policies
- Processing customer payment details
- Post purchase analysis
- Data breaches
- GDPR implementation
The webinar was hosted by Katie Nagy de Nagybaczon
, a partner in the Corporate Team, who focuses on the retail, eCommerce and technology sectors. The two speakers were:
- Sven Schonhofen, an associate in the Commercial Team of the Munich office. He specializes in advising clients in all areas of IT law, in particular on data protection law.
- Emily Dorotheou, an associate in the Commercial Team who has experience of working on procurement, technology and logistics contracts for a variety of retail and technology clients.
Please follow this … Continue Reading ››
After more than 12 months of debate, the Investigatory Powers Bill (dubbed by the media, like all interception legislation, as the 'Snooper's Charter') passed through its final stages in the House of Lords on 16 November, granting the government surveillance powers described
by US whistle-blower Edward Snowden as "the most extreme … in the history of western democracy.”
The Bill is designed to future proof law enforcement powers in the face of ever-evolving forms of digital communication. It covers the following:
- General privacy protections
- Lawful interception of communications
- Authorisations for obtaining communications data
- Retention of communications data
- Equipment interference
- Bulk warrants
- Bulk personal dataset warrants
- Oversight arrangements
Upon receiving Royal Assent, the date of which is still unclear, the Bill will mark a major overhaul of the UK's regimes on communications data retention and law enforcement access rules. As Datonomy readers will be familiar, the new legislation has been under discussion for many years under successive governments … Continue Reading ››
The Information Commissioner's Office (ICO), the UK's data protection regulator, is cracking down on the online gambling sector's use of personal data to promote online gambling. It has contacted around 400 companies to threaten them with fines of up to £500,000 if they are found to be collecting and using personal data for marketing in a manner which does not comply with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR).
In its press release
, the ICO said it is writing to over 400 companies, all believed to be egaming marketing affiliates, demanding they set out how they use people’s personal details and send marketing texts, including where they got people’s personal information from and how many texts they sent.
What is the ICO worried about?
The ICO has expressed concern that the prolific use of affiliate marketing is resulting in a lack of accountability, … Continue Reading ››