You searched for:
gdpr in keywords.
Can't find what you are looking for? Try again with a
new or advanced search
71 articles matched. Most recent shown first. Showing first 10 results.
The WHOIS system, which serves to store and make available certain data to be provided by domain name registrants whenever a domain is registered, has recently faced challenges by the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). Following intensive discussions and preparatory work, the Internet Corporation for Assigned Names and Numbers’ (‘ICANN’), responsible for the coordination and operation of the WHOIS system, adopted a temporary solution shortly before the GDPR became applicable on 25 May 2018. While this temporary solution has changed the way personal data is made accessible to third parties, the policy for the collection and recording of such data by registrars and registry operators has remained untouched. Whether this is in line with the GDPR is now being tested in German courts in the course of preliminary proceedings. In this article, Dr Lutz Riede and Dr Gernot Fritz of Freshfields Bruckhaus Deringer LLP, explain that, even though these proceedings are still pending, it looks like the German courts do not share ICANN’s position: according to the courts in Bonn and Cologne, ICANN cannot force registrars to collect personal data on administrative and technical contacts, as such collection would be in excess of what is lawful under the GDPR. If this holds true, ICANN will likely have to adopt further changes to its WHOIS ecosystem. /
read more
Using the legislative margin permitted by the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) to derogate and implement exemptions from certain provisions, and to establish the Portuguese data protection authority’s (‘CNPD’) regulatory regime, the Government, under Article 13(1) of Act Decree 251-A/2015, considered it was responsible for the proposal of a national law to supplement the GDPR. On 17 August 2017, the Government issued an order1, appointing a task force to produce a legislative proposal until the 31 December 2017. The task force delivered its draft act2 on 16 February 2018. José Belo, Of Counsel at Teófilo Araújo dos Santos Advogados, provides an update on the legislative process and examines the current proposals. /
read more
In Japan, there has been a growing interest in the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and its implications for business’ operations.
The European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová issued, on 5 September 2018, a statement on the draft adequacy decision on personal data transfers between the EU and Japan, following the conclusion of talks on reciprocal adequacy, on 17 July 2018. Kensaku Takase, Partner at Baker & McKenzie (Gaikokuho Joint Enterprise), discusses the key issues facing many Japanese businesses following the introduction of the GDPR. /
read more
After the daily deluge of privacy policy update notification emails this past spring and the dramatic, 11th hour passage of GDPR-inspired legislation in California this summer, it has been almost impossible to avoid hearing about the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) in the US. But now that May 25 has come and gone, what are US companies actually doing to comply with the GDPR, and how has the GDPR impacted both their day-to-day operations as well as their overall privacy and security programmes and strategies? Melissa Maalouf and Michelle Anderson, Shareholder and Attorney respectively at ZwillGen PLLC, provide their perspective on what US companies are doing, the challenges they’re facing, and the ways in which the GDPR has affected the US privacy landscape. /
read more
On 28 June 2018, the California Governor, Jerry Brown, signed and enacted into law Assembly Bill 375 (‘AB 375’) as the California Consumer Privacy Act of 2018 (‘CCPA’). Alan L. Friel and Niloufar Massachi, Partner and Associate respectively at Baker Hostetler, provide us with a break-down of the law, discussing key provisions, uncertainties and its implications for businesses’ operations. /
read more
Data Protection Leader spoke with James Leaton Gray, Director of the Privacy Practice and Editorial Board Member, at the IAPP Data Protection Intensive. James discusses how the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) has impacted organisations’ approach to data protection compliance as well as the wider the field of privacy. /
read more
With two separate decisions, the Italian data protection authority (‘Garante’) issued two fines for overall €960,000 against Telecom Italia S.p.A. (‘TIM’), a large Italian telecommunication provider, over violations of its customers’ privacy, which included breaches of the principles of data quality and fair processing, the processing of large quantity of personal data without a legal basis and the unlawful communication of the same to third parties. Massimiliano Pappalardo, Partner at Studio Legale D&P, analyses the reasoning behind the decisions. /
read more
Judging by the number of calls and the intensity of the discussions about how to comply with the cookie consent requirement in a post-GDPR world, this issue has become a top worry for organisations and data protection officers. Partly due to the visibility of the mechanisms used to collect this consent, and partly due to the potential implications of operating a website without cookies, the dilemma around what solution to deploy has become a serious business decision. Different business stakeholders are often at odds with each other and matters are getting escalated to decision makers who had never been involved in the technically complex and largely misunderstood world of cookies. The tension is rising and yet, no approach has emerged as the preferred one among all involved. So everyone is getting anxious to find a way to do what they have always done and comply with the law. Is this panic justified? /
read more
The French Constitutional Council (‘the Constitutional Council’) ruled, on 12 June 2018, on the constitutionality of the provisions laid out in the draft Law on the Protection of Personal Data (‘the Draft Law’) implementing the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680). In particular, the Constitutional Council found that the majority of the provisions of the Draft Law were in accordance with the Constitution, except for the wording ‘under the control of the public authority’ included in Article 13. Following the ruling, the Draft Law was published in the Official Gazette, on 21 June 2018, as Law No. 2018-493 of 20 June 2018 on the Protection of Personal Data, and is now fully in effect. /
read more
Guernsey and Jersey have recently reformed their respective national data protection laws in view of the entry into effect of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). Huw Thomas and Alexandra Gill, Counsel and Associate at Carey Olsen in the Channel Islands respectively, highlight the key areas of the reform. /
read more
