Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

On 7 December 2015, the EU Council reached an informal agreement with the EU Parliament on the draft Network and Information Security (NIS) Directive.The draft Directive sets out cybersecurity obligations for operators of essential services in the healthcare, banking, energy and transport sectors, and also digital service providers (including e-commerce platforms, search engines, social networks, internet payment gateways, and cloud services). These operators will be required to take measures to manage cyber risks and report major security incidents.Continue Reading Agreement reached on first EU-wide cybersecurity legislation

On 6 July 2015, the Commission of Legislation Affaires of the Standing Committee of the National People’s Congress issued a draft of the People’s Republic of China Cyber Security Law (CSL) for public comment. The deadline for submitting is 5 August 2015.

Once adopted, this will be the first Chinese law that focuses exclusively on cyber security. The draft signals that the Chinese government is preparing to tighten its grip on domestic networks and data security, which is in line with the National Security Law.

In this article, I will provide some lawyers’ opinions, which I agree, discussing the impacts the draft may have in both business and social life in China.Continue Reading Influences and Features of China’s New Cyber Security Law Draft

In its ongoing effort to raise awareness of individuals’ privacy rights, the Office of the Data Protection Commissioner (ODPC) has published a press release on their website on the "Electoral Register and ‘Opting Out’ of the Edited Register".

Every year, the Department of the Environment, Community and Local Government encourages individuals to register to vote or to check that their details are up to date on the Electoral Register in advance of the 25 November deadline. In line with publicising such rights, the ODPC wishes to draw attention to the Edited Electoral Register and how it relates to direct marketing. Continue Reading ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register

As promised, the European Commission has issued guidance on the alternative tools available for EU-US data transfers following the Schrems’ ruling. The Commission highlighted that it has intensified talks with the US government on a new arrangement for transatlantic data transfers to ensure it complies with the standard set by the CJEU in Schrems.Continue Reading European Commission issues guidance on EU-US data transfers

The Supreme Court, in Nowak v The Data Protection Commissioner [2015] IESCDET 49, has granted Mr Nowak leave to appeal an ex tempore decision of the Court of Appeal delivered on 24 April 2015

The Court of Appeal upheld a decision of High Court, which in turn confirmed a decision of the Circuit Court, that there is no jurisdiction to appeal a determination by the Data Protection Commissioner (DPC) not to investigate a complaint. The DPC had determined that the appellant’s exam script was not personal data and his complaint was frivolous or vexatious.Continue Reading Supreme Court grants leave to appeal in Nowak case

The Court of Justice of the European Union (CJEU) recently held that personal data cannot be transferred between two public bodies, and subject to further processing, without the data subjects concerned having been informed in advance (Smaranda Bara and Others v Președintele Casei Naționale de Asigurări de Sănătate, Casa Naţională de Asigurări de Sănătate, Agenţia Naţională de Administrare Fiscală (ANAF), Case C‑201/14).
Continue Reading Prior notice of personal data sharing between public authorities

At a recent conference in Amsterdam, the US Federal Trade Commissioner (FTC), Julie Brill, stated that the Schrems decision “cystallizes what has been clear, or should have been clear, for a long time about privacy in Europe: it is a fundamental right that Europeans and their Court take very seriously”.
Continue Reading FTC warns of loss of transparency in EU-US data flows by invalidation of Safe Harbour

The US House of Representatives have passed the Judicial Redress Bill, which will allow EU citizens to enforce their data privacy rights in US courts. As mentioned in a previous blog, the conclusion of the EU/US Umbrella Agreement (which facilitates EU/US data transfers for law enforcement purposes) is subject to adoption of the Judicial Redress Bill by the US.

Congressman Jim Sensenbrenner, who introduced the Judicial Redress Bill, said: “The sudden termination of the Safe Harbor framework strikes a blow to US businesses by complicating commercial data flows. If we fail to pass the Judicial Redress Act, we risk similar disruption to the sharing of law enforcement information.”Continue Reading Judicial Redress Bill due at Senate

The Data Protection Commissioner has been given the green light to investigate Max Schrems’ complaint against Facebook. The Office of the Data Protection Commissioner (ODPC) had initially refused to investigate the complaint based on a view that Commission Decision 2000/520/EC (the Safe Harbour Decision) was both valid and binding on the ODPC. Continue Reading Data Protection Commissioner to investigate Schrems complaint

On 1 October, the Court of Justice of the European Union (CJEU) handed down its judgement in the Weltimmo case (Case C‑230/14), a decision which could have important ramifications for the data protection obligations of companies operating across multiple EU member states. The CJEU effectively held that where a company has a representative in a country and operates services directed at that country, the company can be held accountable by that country’s data protection authority despite not being formally established in that country.Continue Reading CJEU publish important decision on territorial application of data protection law