5 9 September 2008

News:

The Pakistan Software Export Board (PSEB) has issued Recommendatory Guidelines on the use of model clauses and Binding Corporate Rules (BCRs) by Pakistan-based IT companies, which will act as an interim measure before the adoption of a data protection law in five to 10 years.

The US President is set to sign into law the Identity Theft Enforcement and Restitution Act, passed as part of the Former Vice President Act (HR 5938) by the House of Representatives on 15 September.

DataGuidance, the global data protection and privacy compliance platform, launched DataGuidance US on Monday 22 September at the IAPP (International Association of Privacy Professionals) Academy 2008 in Orlando.

Features:

It is probably fair to say that of all adequacy findings given by the European Commission, the US Safe Harbor program has received more airtime than any other. The forthcoming workshop being organised by the Commission jointly with the US Department of Commerce, taking place in Brussels in October, is yet another reminder of the ongoing attention dedicated to this issue on both sides of the Atlantic. According to the Department of Commerce's Safe Harbor website, the workshop seeks to expand upon existing dialogue and to share information on how the two systems - the US Safe Harbor approach and the EU data protection framework - may work together on achieving common goals. A very respectable goal indeed.

The Ministry of Justice (MoJ) has launched a consultation on proposed new inspection powers and funding arrangements for the Information Commissioner, following a Data Sharing Review which concluded that his office (ICO) requires stronger powers and sanctions to carry out its duties. James Castro-Edwards, a Solicitor with Speechly Bircham LLP's IP, Technology & Commercial Group, examines the recommendations in the review which the MoJ has recommended require immediate attention, as well as the three broad aims of its proposals: promoting good practice, enforcing compliance and overhauling the ICO's funding structure.

When data protection regulations were initially drawn up, regulators attempted to mitigate concerns about the sweeping nature of the new legal responsibilities by identifying data 'controllers' and 'processors' who would be responsible for compliance. In the first instalment of a two-part article, Francis Aldhouse, a Consultant with Bird & Bird, explains how these concerns were transposed into the provisions of the Data Protection Directive and considers if these definitions need amending, given the complexities of identifying a 'controller' or 'processor' in today's information society.

The Lithuanian Parliament failed to override a presidential veto of amendments to the Law on Electronic Communications, which was designed to implement the Data Retention Directive. Sergejs Trofimovs, Associate with Sorainen Law Firm, details the main provisions of the Law and the reasons why it was rejected, explaining that the legislative process to implement the Data Retention Directive must now start again from the beginning.

The European Data Protection Supervisor (EDPS) has adopted an Opinion that attempts to balance the need to protect children from harmful content on the internet with data protection principles. Rafi Azim-Khan and Alessandro Liotta, of Pillsbury Winthorp Shaw Pittman LLP, examine the EDPS' view that internet service providers should be doing more to protect children online.

Max Mosley, President of the Fédération Internationale de l'Automobile, was recently awarded damages for a newspaper's publication of video footage of him engaged in sado-masochistic practices. Victoria Hordern, a Solicitor with Field Fisher Waterhouse LLP, examines the Court's reasoning in awarding Mosley damages, but stopping short of the exemplary damages sought by Mosley. She also examines the implications that this will have for privacy cases brought in the UK.