This morning, EU Ministers from the 28 EU countries debated and reached agreement on the proposed "one-stop shop" mechanism at a meeting of the Council of Ministers in Brussels.
The draft Regulation originally proposed that, a business operating across the EU, would only have to deal with the data protection regulatory authority of the member country where it has its headquarters.Continue Reading EU Ministers agree on “one-stop shop” mechanism
On 25 February 2015, the Department for Culture, Media and Sport announced that it is changing the laws with regard to nuisance calls.
The Information Commissioner’s Office (ICO) currently has the power to impose heavy fines of up to £500,000 on companies that make marketing calls or messages if the ICO can prove that these unwanted calls or messages caused, or had the potential to cause, ‘substantial damage or distress’. However, from 6 April 2015, this requirement will be removed, allowing the ICO to intervene in more cases and penalise those companies that are breaching the Privacy and Electronic Communications Regulations but fall below the current legal threshold. Continue Reading UK Government announces changes in law in a bid to crack down on nuisance callers
The political machinations continue at EU level and predictions for publication of a final form Data Protection Regulation increasingly refer to 2016 as the likely date. But to read behind the headlines continues to be a useful exercise for corporates who need to give real consideration now to what their regulatory landscape might look like in the not too distant future.
A key issue will be determining the place of “main establishment” which in turn will determine the appropriate lead authority.
If that isn’t clear, or there is disagreement, it is being proposed that an EU Data Protection Board (EDPB) would have power to make a binding determination.Continue Reading Data Protection Reform – One Stop Shop Complexity
On 3 February 2015, the Securities and Exchange Commission (the "SEC") and the Financial Industry Regulatory Authority ("FINRA") both issued cybersecurity reports to the US securities industry. The SEC is the US Federal Government’s securities regulatory agency, while FINRA is a private company that acts as a self-regulatory organisation for US securities firms. The publications highlight the increased US regulatory focus in this area.
SEC: Risk Alert – Cybersecurity Examination Sweep Summary
The Risk Alert summarises the SEC’s findings following its examination of 57 broker-dealers’ and 49 investment advisers’ controls regarding cybersecurity preparedness. Notable statistics from the firms examined include:
– 88% of broker-dealers and 74% of investment advisers have experienced cyberattacks either directly or through one of their vendors. The majority of the cyberattacks involved the use of malware and fraudulent emails but no single loss exceeded $75,000;
– 93% of broker-dealers and 83% of investment advisers have written information security policies in place, of those, 89% of broker-dealers and 57% of investment advisers periodically audit policy compliance;
– 58% of broker-dealers and 21% of investment advisers maintain cybersecurity insurance, however, only one broker-dealer and one investment adviser reported that they had filed claims; and
– Only 15% of broker-dealers and 9% of investment advisers offer security guarantees to protect their clients against cyber related loss.Continue Reading Two US regulatory bodies simultaneously publish cybersecurity reports
Last month, the Court of Appeal of England and Wales handed down its judgment in the highly publicised legal battle between pop star Rihanna, and fashion giant Topshop and its parent company Arcadia Group Brand Ltd (Topshop). The Court of Appeal upheld the High Court’s July 2013 decision that Topshop’s sale of t-shirts showing a photograph of Rihanna – without her consent – constituted passing off.Continue Reading Rihanna v Topshop – UK Court of Appeal upholds decision in landmark passing off judgment
This decision confirms that it is sufficient that the allegedly infringing content is accessible online from a certain Member State, for the courts situated in that territory to have jurisdiction.
In Pez Hejduk v EnergieAgentur, NRW GmbH, Case C-441/13 (22 January 2015) the CJEU considered the question as to where a copyright owner can bring proceedings for infringement when a third party makes work available online for viewing and downloading without consent.Continue Reading Online copyright infringement – where can you sue?
The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.Continue Reading Data Protection Commissioner reviews 2014 and sets out plans for 2015
The Department of Education and Skills is currently creating an individualised database of primary school students; the Primary Online Database (POD). The POD will gather personal data and sensitive personal data about pupils, such as information about ethnic and cultural background, religion, medical conditions, students with special needs and students’ Personal Public Service Numbers (PPSN). The POD will be shared with other state bodies, including the Central Statistics Office, the Department of Social Protection, the Department of Public Expenditure and Reform and the Revenue Commissioners. Continue Reading A permanent record (or at least until you turn 30)
The Circuit Court has dismissed Mr Shatter’s appeal against the Data Protection Commissioner’s (the DPC) decision that he breached the Data Protection Acts 1988 and 2003 (the DPAs), by disclosing Mr Wallace’s personal information on RTE’s Prime Time.
The Court found that Mr Shatter, in his personal capacity, did not have standing to bring the appeal, and furthermore that it had not been shown that the DPC’s decision was vitiated by any serious or significant error or series of errors.Continue Reading Circuit Court dismisses Shatter’s appeal against Data Protection Commissioner
In December 2014 the European Commission published its 5th Report on the monitoring of patent settlement agreements in the EEA in respect of the period January to December 2013. The focus of the report was to gather some insight into the types of agreements being entered into between originator and generic companies and to identify the types of agreements that were resulting in a delay to generic entry to the market. While these types of agreements can potentially give rise to competition law issues the Report does clarify that there is no presumption of any legislative breach and that each case would require analysis of the merits and specific circumstances.Continue Reading Commission Report on the Monitoring of Patent Settlement Agreements
