In this bumper edition we look back over the summer at some of the key data protection developments from across the world.
June saw the launch by the French data protection authority, the CNIL, of a public consultation on the EU General Data Protection Regulation ("GDPR"), with the CNIL focussing on four key areas; data protection officers, the right to portability, privacy impact assessments and certification. The CNIL's consultation is just one of the many likely to take place over the next two years as we head ever closer to May 2018 and the implementation of the GDPR. Also in France we saw an agreement reached on the Digital Bill, which pre-empts many of the new measures introduced by the GDPR, such as increased fining power.
There were also further developments in the ever evolving debate over EU-US transfers. In our last edition we reported on the new case being brought before the Irish courts, challenging the validity of the EU Model Clauses as a mechanism for transferring data from Europe to the US, and in this edition we look at the announcement that the Irish court was to hear applications from various parties seeking to be joined in the proceedings as amicus curiae, among them the US government.
On the topic of consent, there is also an analysis of its role from Serbia, where we look at what the appropriate legal basis is for the processing of personal data by insurance companies. Although this article looks at insurers in Serbia specifically, it serves as a useful reminder for all organisations in any country to look at the legal basis on which they are purporting to process the personal data they hold.
Another article from Serbia also looks into how the Serbian data protection authority approaches proportionality, something that the the Spanish data protection authority looked at in July in relation to public employee data.
And here are some of the other recent international developments:
- Italy - DPA orders Facebook to 'hand over’ user data
- Hungary - Guidance issued on voice recordings and call centre operations
- Turkey - Monitoring of employee email held not to be breach of privacy rights
- Netherlands - New Cybersecurity Bill announced in anticipation of NIS Directive coming into force
- Germany - Dashcam recordings admissible as evidence for serious traffic offences
- France - New 'Do Not Call' list introduced
- Germany - Fines for unlawful EU-US transfer issued by German DPA following invalidation of Safe Harbor
- Mexico - New Data Protection Law approved by Mexican Senate
- Australia - Cyber Security Strategy released by Australian Government
- Hong Kong - Direct Liability of data processors for marketing activities
- Argentina - Proposed amendment to Argentinian Data Protection Act announced
- Singapore - Guide to handling data access requests issued
- Philippines - Consultation on new implementation rules and regulations for 2012 Privacy Act
- China - New provisions released regulating the use of apps
- Romania – Report on 2015 activity published by the Romanian Data Protection Authority
- Belgium – Belgian Privacy Secretary sets out data protection priorities
- Spain – The new GDPR and the challenges it presents are the focus of the 8th annual meeting of the Spanish Data Protection Agency
- Bermuda – New Personal Information Protection Bill tabled
- USA/Republic of Ireland – Decision prevents US from accessing emails stored in Ireland
- Italy – Commercial Information Code of Conduct soon to enter into force