Tag

Data Processing

Browsing

*Article originally posted on IAPP.org* Privacy professionals around the world are feverishly working on configuring and implementing the European Union’s new Standard Contractual Clauses (“SCCs”). On September 27, 2021, companies in the European Economic Area (EEA) must not enter into new cross-border data transfer arrangements with companies in the United States and most other countries, unless the recipient outside the EEA agrees to the new SCCs (Elisabeth Dehareng, Francesca Gaudino and Brian Hengesbaugh, The road ahead…

A webinar for providers of information technology services and products, and their customers In this webinar, our global experts addressed the challenges and options for companies in the TMT sector concerning the creation of instructions to processors and sub-processors for standardized telecommunications and software-enabled services, adequacy assessments for multiple jurisdictions, alignment of SCCs with commercial agreements and responses to government surveillance and data access requests. Our specialist panel discussed: When and how to use the…

In this blog post we further analyse the impacts of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case. We will focus, more specifically, on what it means for data exporters and what consequences there may be for them, if the decision of Court of Justice of the European Union (CJEU) on the case is consistent with the a.g’s opinion. Data importers will be the focus of another post,…

Click here to download. Data is an asset. Many of today’s successful companies are based on data-driven business models. Big tech businesses are naturally leading the way, but across all sectors businesses are under pressure to leverage or monetize data. Monetizing data can be done in various ways, such as personalizing products or services, making manufacturing or logistic processes more efficient, automating tasks and operations, engaging in targeted advertising and improving internal systems, just to…

On 4 May 2019, further amendments to the rules on processing personal data will come into force. They concern over 150 legal statutes and refer to both the private and public sector. Below we present the most important changes in the legal statutes that will be significant for the majority of companies:Labour CodeThe Act on Electronic Provision of Services (AEPS),Telecommunications LawPersonal Data Protection ActAmong other significant changed laws there are the Banking Law (e.g. with…

In the first of this two part article we look at the facts and outcome of the recent Equifax data breach. In the second part we set out some lessons which can be learned from the ICO’s approach and findings. Background FactsOn 19 September the UK DPA the Information Commissioner’s Office (ICO) issued Equifax Ltd (Equifax) with a £500,000 fine, the highest issued to date, for failing to protect the personal information of up to 15…

In the global digital economy, companies increasingly face conflicts between legal demands to produce data and local laws that restrict production of data. Congress recently enacted the CLOUD Act to address these conflicts in the context of the Stored Communications Act, 18 U.S.C. §§ 2701-2712 (“SCA”). Under the SCA, companies have struggled with how to respond to United States Government (“USG”) demands for data held in foreign jurisdictions where such disclosure may violate local laws…

After decades of delay, on February 18, Turkey ratified the Council of Europe’s 1981 Strasbourg Convention for the Protection of Individuals with regard to Automatic Processing of Data.BackgroundThe start of 2016 has been marked by a flurry of legislative activity with respect to the protection of personal data in Turkey. While the Turkish Parliament is in the final stages of debating the draft Law on the Protection of Personal Data (“Draft Law”) which is expected…