EU
General Data Protection Regulation Discussion Broadcast
The Assistant European Data Protection Supervisor and the Rapporteur for the Data Protection Regulation have discussed the General Data Protection Regulation (GDPR). They noted that the timeline that had been set for the end of 2015 was nearing, but there was optimism that there could be political agreement in this time. There are still some core compromises needed: for example, in relation to the requirement for a mandatory data protection officer, the question of consent and other grounds for processing data (in particular legitimate interests for processing), but the position is moving toward a consensus. All parties foresee that the implementation period will be two years once the regulation is finalised.
EU Agency for Fundamental Rights Report on Surveillance
The EU Agency for Fundamental Rights (FRA) has published its report focussing on the legal framework governing surveillance by intelligence powers. The report also considers the measures in place to oversee these powers and the rights of individuals who have had their rights violated. The report was conducted following a request from the European Parliament. The FRA found great differences in approach between Member States; though, notes that it only considered the legal regimes in place, with the day-to-day implementation of these regimes to be the subject of a separate FRA report.
Commissioner’s Speech on US-EU Data Transfers
European Commissioner Věra Jourová has given a speech to the Brookings Institution on the future of US-EU data transfer arrangements. The Commissioner highlighted the successful negotiation of the umbrella agreement on privacy and data protection for law enforcement exchanges. The Commissioner also stated that during her visit to Washington, she would aim to negotiate closer to a finalised framework for EU-US personal data transfers for commercial purposes. The Commissioner noted that the alternative ways of transferring data are a short-term solution and that a comprehensive arrangement for data transfers is the best way to ensure effective protection while maintaining strong transatlantic commercial relations. The Commissioner stated that discussions between EU and US negotiators had already yielded results.
Germany
Federal Supreme Court: Disclosing Data of Account Holder Cannot be Refused in Case of Counterfeiting
The German Federal Supreme Court has ruled that a bank is not allowed to refuse disclosure of the name and address of an account holder based on banking secrecy, if the account was used for payment for a counterfeit product. The Court followed the preliminary ruling of the European Court of Justice in July 2015 on this point. It held that the account holders’ privacy right, as well as the right of the bank to professional freedom, was outweighed by the brand owners’ rights to protection of intellectual property and effective legal remedy.
Jamaica
Draft Data Protection Act in Circulation
The draft Data Protection Act is currently in the process of being circulated to stakeholders for their review and comment. The aim of the legislation is to create a stronger framework for data protection within Jamaica. It is expected that the Act will be tabled in Parliament by the end of 2016-17.
UK Chancellor’s Cyber Protection Plan Announced
The Chancellor has announced that the Government will prioritise cybersecurity during the upcoming Spending Review. The Chancellor stated that he plans to make Britain the best protected country in cyberspace. The planned investment is set to almost double, to £1.9 billion over five years. A National Cyber Centre is also set to be introduced, along with an Institute of Coding for training purposes.
Information Commissioner Gives Evidence to the Burns Commission
The Information Commissioner’s Office (ICO) has submitted evidence to Lord Burns’ Independent Commission on Freedom of Information. This evidence was submitted in response to a call for evidence and draws on the experience of ICO in enforcing compliance with the Freedom of Information Act 2000.
ICO Guidance on the Dangers of Hidden Data
In a blog post, the ICO has stressed the risks of inadvertently disclosing personal data and provides practical advice for those providing data to ensure they don’t get caught disclosing information they should not. Blog post FTSE 350 Urged to Undergo Cyber Health Check Companies in the FTSE 350 are being encouraged to undergo a free Cyber Health Check to improve their cybersecurity. Companies undergoing this screening will be provided with tailored information on boardroom trends, where they stand against their peers and any weak areas. This is the third annual check that has been offered.
ICO Crackdown on Companies Trading Names and Numbers
ICO will be writing to more than 1,000 list broking companies, who are believed to play a role in the trade in contact individual’s names and numbers for direct marketing. The letters will be sent in connection with the ICO’s crackdown on nuisance calls. The letters will request that companies set out for ICO how they comply with the law, what data they distribute, how they obtain consent from individuals and details of the companies they work with.