Data export: EU provides more clarity after Schrems II

In documents published last week, the EU provided some welcome clarity on how organisations should address the invalidation of Privacy Shield as a basis for exporting personal data from the EU. On 10 November 2020, the European Data Protection Board (EDPB) adopted recommendations on ‘supplemental measures’, which can be considered to ensure compliance with the …

Read moreData export: EU provides more clarity after Schrems II

EDPB guidance on ‘supplemental measures’ for data export

On 10 November, the European Data Protection Board adopted a recommendation on supplemental measures which might be used to ensure compliance with the EU level of protection of personal data when exported to third countries with an insufficient level of protection. The recommendation both sets out a process to be followed by data exporters and, …

Read moreEDPB guidance on ‘supplemental measures’ for data export

Prospect of increased regulation in UK for digital giants

The Competition and Markets Authority, the UK Competition regulator, has said it will act against Facebook and Google if the government doesn’t set up a digital regulator within a year. According to the Financial Times, Andrea Coscelli, chief executive of the CMA, said: ‘Plan A is to have a regulatory framework. If [within a year] …

Read moreProspect of increased regulation in UK for digital giants

European Data Protection Board releases updated controller / processor guidance for comment

Are you sure you are a data processor? Introduction On 7 September 2020, the European Data Protection Board (EDPB), successor to the ‘article 29 working party’, released updated guidance on the concepts of ‘data controller’ and ‘data processor’ under European Privacy law (i.e. General Data Protection Regulation or GDPR). Whilst this has already been subject …

Read moreEuropean Data Protection Board releases updated controller / processor guidance for comment

UK Intellectual Property Office seeks views on Artificial Intelligence and Intellectual Property

On 7 September 2020, the UK’s Intellectual Property Office (IPO) published a call for views on the impact of Artificial Intelligence (AI) on the UK’s Intellectual Property (IP) laws. Responses are due by 30 November. The consultation takes place against the backdrop of worldwide interest in AI and the law by governments and regulators. The …

Read moreUK Intellectual Property Office seeks views on Artificial Intelligence and Intellectual Property

European Network and Information Security Directive adopted to address cyber-threats

On 6 July 2016, the European Union (which for now includes the UK) adopted the Network and Information Security (or NIS) Directive. This imposes obligations on three sets of stakeholders:

Read moreEuropean Network and Information Security Directive adopted to address cyber-threats

Hong Kong privacy regulator recognises ISO/IEC 27018

This guest post is written by @matthew1hunter and @aisling1odwyer. Regular readers of this blog will know we have been tracking the impact of ISO/IEC 27018:2014 –Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018). We see this as the go-to standard for customers of public …

Read moreHong Kong privacy regulator recognises ISO/IEC 27018

Korea leads the world with cloud law encouraging cloud use

On 3rd March 2015, Korea passed the world’s first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea?   This guest post is written by Daniel Jung and @matthew1hunter. When does the Korean Cloud Act come into force? …

Read moreKorea leads the world with cloud law encouraging cloud use

ISO 27018 – the international standard for protecting PII in the public cloud – Where are we now?

Since its release in August 2014, ISO 27018 is becoming well established as the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services.  Privacy regulators recognise and refer to the new standard.  Cloud customers are using it in their RFP requirements and in their assessments of …

Read moreISO 27018 – the international standard for protecting PII in the public cloud – Where are we now?

Will ISO 27018 help cloud customers to comply with Singapore’s data protection laws?

A key challenge for organisations who want to use cloud services is to do so in a way that is compliant with the organisations’ obligations under data protection laws. This guest post by Matt Hunter (@matthew1hunter) and Daniel Jung explains how ISO 27018 is relevant and why companies considering cloud solutions should look to cloud providers …

Read moreWill ISO 27018 help cloud customers to comply with Singapore’s data protection laws?