Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

The Data Protection Commissioner (DPC) has published updated guidance on the use of CCTV, and new guidance on the use of Body Worn Cameras and Drones. While guidance issued by the DPC is not legally binding, it is regarded as best practice, and organisations should take steps to comply with same.Continue Reading DPC issues guidance on CCTV, Body Worn Cameras and Drones

In Barbulescu v Romania, a case concerning employees’ right to privacy, the European Court of Human Rights (ECHR) held that an employer could monitor and access personal messages sent by an employee during work hours from his Yahoo Messenger account. The decision, however, is not a precedent for unrestricted monitoring by employers of personal messages sent by employees during office hours.Continue Reading ECHR rules employer can monitor personal messages sent by employee

The draft of the General Data Protection Regulation (GDPR) took a significant step towards finally becoming European-wide law last week. The European Parliament’s Civil Liberties, Justice & Home Affairs Committee (LIBE) approved the final draft agreed by the European Council and Parliament as part of the trilogue negotiations. The text is available on the website of the European Parliament – under item 3 of the Committee Meeting agenda. The GDPR, which was first published in 2012, has gone through a number of iterations and extensive amendment on its journey to ratification. The final draft, which is expected to be ratified by the European Parliament and Council in Spring 2016, contains a number of compromise positions agreed by the EU institutions in an effort to get the GDPR across the line. Once ratified, there will be a two year period before the GDPR becomes directly applicable in all European Member States.Continue Reading A New Dawn -The draft General Data Protection Regulation takes a step closer to ratification

On 7 December 2015, the EU Council reached an informal agreement with the EU Parliament on the draft Network and Information Security (NIS) Directive.The draft Directive sets out cybersecurity obligations for operators of essential services in the healthcare, banking, energy and transport sectors, and also digital service providers (including e-commerce platforms, search engines, social networks, internet payment gateways, and cloud services). These operators will be required to take measures to manage cyber risks and report major security incidents.Continue Reading Agreement reached on first EU-wide cybersecurity legislation

On 6 July 2015, the Commission of Legislation Affaires of the Standing Committee of the National People’s Congress issued a draft of the People’s Republic of China Cyber Security Law (CSL) for public comment. The deadline for submitting is 5 August 2015.

Once adopted, this will be the first Chinese law that focuses exclusively on cyber security. The draft signals that the Chinese government is preparing to tighten its grip on domestic networks and data security, which is in line with the National Security Law.

In this article, I will provide some lawyers’ opinions, which I agree, discussing the impacts the draft may have in both business and social life in China.Continue Reading Influences and Features of China’s New Cyber Security Law Draft

In its ongoing effort to raise awareness of individuals’ privacy rights, the Office of the Data Protection Commissioner (ODPC) has published a press release on their website on the "Electoral Register and ‘Opting Out’ of the Edited Register".

Every year, the Department of the Environment, Community and Local Government encourages individuals to register to vote or to check that their details are up to date on the Electoral Register in advance of the 25 November deadline. In line with publicising such rights, the ODPC wishes to draw attention to the Edited Electoral Register and how it relates to direct marketing. Continue Reading ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register

As promised, the European Commission has issued guidance on the alternative tools available for EU-US data transfers following the Schrems’ ruling. The Commission highlighted that it has intensified talks with the US government on a new arrangement for transatlantic data transfers to ensure it complies with the standard set by the CJEU in Schrems.Continue Reading European Commission issues guidance on EU-US data transfers

The Supreme Court, in Nowak v The Data Protection Commissioner [2015] IESCDET 49, has granted Mr Nowak leave to appeal an ex tempore decision of the Court of Appeal delivered on 24 April 2015

The Court of Appeal upheld a decision of High Court, which in turn confirmed a decision of the Circuit Court, that there is no jurisdiction to appeal a determination by the Data Protection Commissioner (DPC) not to investigate a complaint. The DPC had determined that the appellant’s exam script was not personal data and his complaint was frivolous or vexatious.Continue Reading Supreme Court grants leave to appeal in Nowak case

The Court of Justice of the European Union (CJEU) recently held that personal data cannot be transferred between two public bodies, and subject to further processing, without the data subjects concerned having been informed in advance (Smaranda Bara and Others v Președintele Casei Naționale de Asigurări de Sănătate, Casa Naţională de Asigurări de Sănătate, Agenţia Naţională de Administrare Fiscală (ANAF), Case C‑201/14).
Continue Reading Prior notice of personal data sharing between public authorities

At a recent conference in Amsterdam, the US Federal Trade Commissioner (FTC), Julie Brill, stated that the Schrems decision “cystallizes what has been clear, or should have been clear, for a long time about privacy in Europe: it is a fundamental right that Europeans and their Court take very seriously”.
Continue Reading FTC warns of loss of transparency in EU-US data flows by invalidation of Safe Harbour