Parliament Hears First Reading of Unsolicited Marketing Communications (Company Directors) Bill 2016-17
On 13 September 2016 the House of Commons held a first reading for the Unsolicited Marketing Communications (Company Directors) Bill 2016-17, the purpose of which is to enable the ICO to hold directors of companies to account for breaches of the Privacy and Electronic Communications (EC Directive) Regulations 2003. This is a Private Members Bill sponsored by Patricia Gibson, the MP for North Ayrshire and Arran, which is scheduled for a second reading debate on Friday 18 November 2016.
Worldwide Data Breaches Increase in 2016
So far in 2016, there has been a 15% increase in reported worldwide data breaches from the previous year with 974 being recorded. A significant majority of the breaches were in North America (79%), but the UK government sector alone accounted for a significant 23%.
Advocate General of the Court of Justice of the European Union Finds That "RTBF Not Absolute"
On 8 September, the AG issued his opinion in Camera di Commercio, Industria, Artigianato e Agricultura di Lecce v. Salvatore Manni (C-398/15). The case concerned the manner in which Articles 2 (1) (d)(j) and 3 of the Company Law Directive (68/151/EEC) could be effectively coordinated with the Data Protection Directive (95/46/ EC). The question amounted to whether or not the right to erase information posted online about an individual extends to information on the Company Register. In this case the potential interests of third parties and the obvious commercial and practical necessity of having a complete register had to be considered alongside the right to be forgotten.
Guernsey Plans to Keep in Line With the GDPR
Eager to remain a hub for businesses that work across the EU Single Market, Guernsey has indicated that it will bring its data protection legislation in line with the GDPR. The President of the Committee for Home Affairs said that there is no immediate action required from businesses and that "as long as firms are complying with existing data protection legislation, they will be well-positioned to fulfil their obligations under the new laws."
Advocate General: Draft Agreement Between Canada and the EU on PNR Data Partly Illicit
The draft agreement between the EU and Canada on the transfer and processing of passenger name record data ("PNR data") could constitute, in its present form, a breach of European fundamental rights, according to an opinion of the ECJ Advocate General Paolo Mengozzi delivered on 8 September 2016 on request of the European Parliament.
The draft mainly provides that PNR data can be transferred to Canadian competent authorities and then processed and used by them in order to prevent and detect terrorist offences and other serious transnational crimes.
Mengozzi holds that the draft is incompatible with Articles 7, 8 and 52(1) of the Charter of Fundamental Rights of the European Union in so far as, among others, it allows PNR data to be transferred to a third country without control by an independent authority. "In that context," his opinion reads, "there are serious doubts as to whether the measures to be taken by the Canadian authorities satisfy the essential requirements of those articles."
The "Deutsche Juristentag" Votes on Digital Reforms of Civil and Labour Law
The "Deutsche Juristentag" is an influential association of German lawyers from all occupational fields. Its congress has taken place every two years since 1860.
Last week, at the 71st congress of the "Deutsche Juristentag", more than two thousand German lawyers discussed and voted on, amongst other things, questions concerning the digitalisation of civil and labour law.
In the civil law department, the majority saw no need to establish new, distinct types of contracts relating to digital content. Also the vote on whether the digital disclosure of personal data constitutes a payment was considered a question relevant for dealing with "cost-free" social media and resulted in an unequivocal "no". The votes in the department of labour law, however, were not as clear cut. They leaned towards worker-friendly reforms, as participants called for better protection of "crowd sourcers".
New York State Proposes Cybersecurity Regulation for Financial Institutions
The State of New York has proposed a new regulation, which would come into effect next year, that mandates that banks, insurance companies and other financial institutions subject to regulation by the state's Department of Financial Services must establish and maintain a cybersecurity plan. If it goes into effect, it would be the first such state-wide mandate. The proposed regulation would set forth fairly minimum standards, including creating a written cybersecurity policy and appointing a chief information security officer to oversee the policy. It is subject to a 45-day notice and comment period before final issuance and then there would be a 180-day period before it came into compliance.
Developments Regarding International Communications Privacy Act
US government watchdog and taxpayer organizations urged the US Congressional Judiciary Committees to approve the International Communications Privacy Act (S. 2986/H.R. 5323) (ICPA). The proposed legislation would require US law enforcement agencies to obtain a warrant for the content of electronic communications stored with electronic communications service providers and remote computing service providers. The bills also allow law enforcement to obtain electronic communications relating to foreign nationals in certain circumstances. The supporters urged that "the [ICPA] would provide much needed clarity for US law enforcement to obtain electronic communications stored abroad" and "contains provisions that would protect the privacy of American citizens, promote the cross border data flow, provide adequate tools for law enforcement, and enhance the nation's global trade agenda." The legislation remains pending in the Senate and House Judiciary Committees.