DOCSLIB.ORG

Cybersecurity 2019 2Nd Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cybersecurity 2019 2Nd Edition ICLG The International Comparative Legal Guide to: Cybersecurity 2019 2nd Edition A practical cross-border insight into cybersecurity work Published by Global Legal Group, with contributions from: Advokatfirmaet Thommessen AS Lee, Tsai & Partners Attorneys-at-Law Allen & Overy LLP LT42 – The Legal Tech Company Angara Abello Concepcion Regala & Cruz Law Offices Maples and Calder Bagus Enrico & Partners Mori Hamada & Matsumoto Boga & Associates Niederer Kraft Frey Ltd. BTG Legal Nyman Gibson Miralis Christopher & Lee Ong Pearl Cohen Zedek Latzer Baratz Cliffe Dekker Hofmeyr Inc R&T Asia (Thailand) Limited Creel, García-Cuéllar, Aiza y Enríquez, S.C. Rajah & Tann Singapore LLP Eversheds Sutherland Simmons & Simmons LLP Ferchiou & Associés Siqueira Castro Advogados Gikera & Vadgama Advocates Stehlin & Associes Gouveia Pereira, Costa Freitas & Associados, S.P. R.L. Synch JIPYONG LLC King & Wood Mallesons Templars Latham & Watkins LLP USCOV | Attorneys at Law The International Comparative Legal Guide to: Cybersecurity 2019 General Chapters: 1 The Regulators Have Spoken – Nine Lessons To Help Protect Your Business – Nigel Parker & Alexandra Rendell, Allen & Overy LLP 1 2 Cybersecurity and Digital Health: Diabolus ex Machina? – Paolo Caldato & David Fitzpatrick, Simmons & Simmons LLP 5 3 Ten Questions to Ask Before Launching a Bug Bounty Program – Contributing Editors Serrin Turner & Alexander E. Reicher, Latham & Watkins LLP 12 Nigel Parker & Alexandra Rendell, Allen & Overy LLP Country Question and Answer Chapters: Sales Director 4 Albania Boga & Associates: Genc Boga & Eno Muja 17 Florjan Osmani 5 Australia Nyman Gibson Miralis: Phillip Gibson & Dennis Miralis 22 Account Director Oliver Smith 6 Brazil Siqueira Castro – Advogados: Daniel Pitanga Bastos De Souza 28 Sales Support Manager 7 China King & Wood Mallesons: Susan Ning & Han Wu 33 Toni Hayward 8 Denmark Synch: Niels Dahl-Nielsen & Daniel Kiil 40 Editor Sam Friend 9 England & Wales Allen & Overy LLP: Nigel Parker & Alexandra Rendell 46 Senior Editors 10 France Stehlin & Associes: Frederic Lecomte & Victoire Redreau-Metadier 54 Suzie Levy Caroline Collingwood 11 Germany Eversheds Sutherland: Dr. Alexander Niethammer & Steffen Morawietz 61 Chief Operating Officer 12 India BTG Legal: Prashant Mara & Devina Deshpande 67 Dror Levy 13 Indonesia Bagus Enrico & Partners: Enrico Iskandar & Bimo Harimahesa 75 Group Consulting Editor Alan Falach 14 Ireland Maples and Calder: Kevin Harnett & Victor Timon 82 Publisher 15 Israel Pearl Cohen Zedek Latzer Baratz: Haim Ravia & Dotan Hammer 90 Rory Smith 16 Italy LT42 – The Legal Tech Company: Published by Giuseppe Vaciago & Marco Tullio Giordano 97 Global Legal Group Ltd. 59 Tanner Street 17 Japan Mori Hamada & Matsumoto: Hiromi Hayashi 104 London SE1 3PL, UK Tel: +44 20 7367 0720 18 Kenya Gikera & Vadgama Advocates: Hazel Okoth & Stella Ojango 112 Fax: +44 20 7407 5255 19 Korea JIPYONG LLC: Seung Soo Choi & Seungmin Jasmine Jung 118 Email: [email protected] URL: www.glgroup.co.uk 20 Kosovo Boga & Associates: Genc Boga & Delvina Nallbani 124 GLG Cover Design 21 Malaysia Christopher & Lee Ong: Deepak Pillai & Yong Shih Han 130 F&F Studio Design 22 Mexico Creel, García-Cuéllar, Aiza y Enríquez, S.C.: Begoña Cancino 139 GLG Cover Image Source iStockphoto 23 Nigeria Templars: Ijeoma Uju & Ijeamaka Nzekwe 145 Printed by 24 Norway Advokatfirmaet Thommessen AS: Christopher Sparre-Enger Clausen Ashford Colour Press Ltd. October 2018 & Uros Tosinovic 151 25 Philippines Angara Abello Concepcion Regala & Cruz Law Offices: Copyright © 2018 Global Legal Group Ltd. Leland R. Villadolid Jr. & Arianne T. Ferrer 158 All rights reserved 26 Portugal Gouveia Pereira, Costa Freitas & Associados, S.P. R.L.: No photocopying Miguel Duarte Santos & Sofia Gouveia Pereira 166 ISBN 978-1-912509-38-6 27 Romania USCOV | Attorneys at Law: Silvia Uscov & Tudor Pasat 172 ISSN 2515-4206 28 Singapore Rajah & Tann Singapore LLP: Rajesh Sreenivasan & Michael Chen 178 Strategic Partners 29 South Africa Cliffe Dekker Hofmeyr Inc: Fatima Ameer-Mia & Christoff Pienaar 185 30 Sweden Synch: Anders Hellström & Erik Myrberg 192 31 Switzerland Niederer Kraft Frey Ltd.: Dr. András Gurovits & Clara-Ann Gordon 199 32 Taiwan Lee, Tsai & Partners Attorneys-at-Law: Sean Yu-Shao Liu & Sophia Ming-Chia Tsai 206 33 Thailand R&T Asia (Thailand) Limited: Saroj Jongsaritwang & Sui Lin Teoh 213 34 Tunisia Ferchiou & Associés: Amina Larbi & Rym Ferchiou 219 35 USA Allen & Overy LLP: Keren Livneh & Jacob Reed 225 Further copies of this book and others in the series can be ordered from the publisher. Please call +44 20 7367 0720 Disclaimer This publication is for general information purposes only. It does not purport to provide comprehensive full legal or other advice. Global Legal Group Ltd. and the contributors accept no responsibility for losses that may arise from reliance upon information contained in this publication. This publication is intended to give an indication of legal issues upon which you may need advice. Full legal advice should be taken from a qualified professional when dealing with specific situations. WWW.ICLG.COM EDITORIAL Welcome to the second edition of The International Comparative Legal Guide to: Cybersecurity. This guide provides corporate counsel and international practitioners with a comprehensive worldwide legal analysis of the laws and regulations of cybersecurity. It is divided into two main sections: Three general chapters. These chapters are designed to provide readers with an overview of key issues affecting cybersecurity, particularly from the perspective of a multi-jurisdictional transaction. Country question and answer chapters. These provide a broad overview of common issues in cybersecurity laws and regulations in 32 jurisdictions. All chapters are written by leading cybersecurity lawyers and industry specialists and we are extremely grateful for their excellent contributions. Special thanks are reserved for the contributing editors Nigel Parker and Alexandra Rendell of Allen & Overy LLP for their invaluable assistance. Global Legal Group hopes that you find this guide practical and interesting. The International Comparative Legal Guide series is also available online at www.iclg.com. Alan Falach LL.M. Group Consulting Editor Global Legal Group [email protected] Chapter 1 The Regulators Have Spoken – Nine Lessons To Help Protect Nigel Parker Your Business Allen & Overy LLP Alexandra Rendell 1. Keep software up to date. In January 2018, Carphone Introduction Warehouse was fined £400,000 by the ICO in relation to a 2015 data breach affecting a database containing information of According to a 2018 survey by the UK Government’s Department over three million individuals. One of the factors contributing for Digital, Culture, Media and Sport1 approximately four in 10 to the seriousness of the breach was that Carphone Warehouse businesses reported a cyber breach or attack in the preceding 12 was using software that was six years old at the time of the months. Almost 40 per cent of such incidents have resulted in attack. Carphone Warehouse continued to use a WordPress financial or data loss. installation dated from 2009, although more current versions were available. The ICO took the view that the age of the Regulators are rightly placing an increasing focus on cybersecurity. software made an attack more likely and easier to execute.6 For example, in 2017, in the US the New York State Department Similarly, when TalkTalk received its then-record £400,000 of Financial Services adopted a final regulation on cybersecurity fine from the ICO in October 20167 in relation to a cyber 2 requirements for financial services companies. In the first half attack that exploited vulnerabilities in historic webpages that of 2018, the US Securities and Exchange Commission approved a allowed access to a database containing personal data of over statement and interpretive guidance on public companies’ disclosure 150,000 customers, one of the contributing factors highlighted obligations regarding cybersecurity risks and incidents. in the ICO’s monetary penalty notice was that the TalkTalk In the UK, in a recent speech at the National Cyber Security group was operating with outdated database software. In that instance, the ICO highlighted the use of an outdated version Centre’s CYBERUK 2018 event, the UK Information Commissioner of the MySQL database management software. Companies commented that the UK Information Commissioner’s Office (ICO) should ensure that software used, particularly in core operating now views cybersecurity as “the spine running through all [their] systems and databases, is up-to-date and supported. work”.3 The ICO has also updated its Information Rights Strategic 4 2. Promptly apply all required security patches. In much Plan for 2017–2021 to add cyber incidents as a sixth strategic goal, the same way that software should be kept up to date, if a 5 and has published its first Technology Strategy for 2018–2021. vulnerability is identified and a patch issued by the software The Technology Strategy notes that the ICO will appoint a panel of supplier, ensure that the patch is applied in a timely manner. forensic investigators to assist with regulatory work, and will publish This was a particularly egregious failing in the case of an annual report on “lessons learned” from cyber breaches reported TalkTalk’s October 2016 data breach, where TalkTalk’s already to the ICO and technology issues emerging from data protection outdated MySQL software was affected by
Load more

Recommended publications
  • Cyberstalking to in Your Area and the People You Care About from Posts How to Stay Safe and Protect and Pictures
    How can I prevent someone from stalking me online? • Be careful what personal information you share online including in email, on social networking sites like Facebook and Twitter and chat rooms. It is very easy to glean information about where you live, the places you love to go Cyberstalking to in your area and the people you care about from posts How to stay safe and protect and pictures. • Create a different email account for registering in social yourself online networking sites and other online spaces. It will help avoid spam and your personal email won´t be revealed if the online service doesn't have a good privacy practice. What is cyberstalking? • Do not feel obligated to fill out all fields when registering Cyberstalking includes (repeatedly) sending threats or online or provide identifying information such as birthdates false accusations via email or mobile phone, making and place in required fields. threatening or false posts on websites, stealing a person's • In your online user profile, use a photo that doesn't identity or data or spying and monitoring a person's identify you or your location, so you can't be recognised. computer and internet use. Sometimes the threats can escalate into physical spaces. • Consider using a name that is not your real name or a nickname as your email name, screen name or user ID. And There are just as many predators on the internet as there try not to use common dates such as your birthday as the are in real life. Anyone can be stalked online but the digits in your email name or password.
    [Show full text]
  • Human Rights Implications of Crime Control in the Digital
    International Journal of Cyber Criminology Vol 2 Issue 1 January 2008 Copyright © 2008 International Journal of Cyber Criminology (IJCC) ISSN: 0974 – 2891 January-June 2008, Vol 2 (1): 271–285 This is an Open Access article distributed under the terms of the Creative Commons Attribution-Non-Commercial-Share Alike License, which permits unrestricted non- commercial use, distribution, and reproduction in any medium, provided the original work is properly cited. This license does not permit commercial exploitation or the creation of derivative works without specific permission. Jurisdictional and definitional concerns with computer-mediated interpersonal crimes: An Analysis on Cyber Stalking Lynne Roberts1 Curtin University of Technology, Australia Abstract Cyber-stalking is a crime that transcends national and jurisdictional boundaries. Victims and perpetrators of cyber-stalking may be geographically separated by physical borders (for example, residing in different countries) when the offences occur. This is problematic for investigating the crime, in determining the jurisdiction in which alleged offences have taken place and in which charges may be filed. Legal definitions of stalking (and cyber-stalking) and applicable sentences vary across jurisdictions, if indeed they exist, further muddying the water. This paper provides an overview of the current state of knowledge on cyber-stalking and ends with an examination of the difficulties in investigating and prosecuting cyber-stalkers. Keywords: Stalking; Cyber Stalking; Victims; Perpetrators; Introduction Cyber-crime is emerging as a major international criminological issue. Networked computers provide the media for new types (or variations on old types) of criminal activity to emerge. Cyber-stalking is one such crime enabled by the Internet.
    [Show full text]
  • The Federal Cyberstalking Statute, Content Discrimination and the First Amendment
    The Federal Cyberstalking Statute, Content Discrimination and the First Amendment James Weinstein* TABLE OF CONTENTS INTRODUCTION ................................................................................. 2555 I. THE CONTESTED SCOPE OF THE RULE AGAINST CONTENT DISCRIMINATION .................................................................... 2559 A. The All-Inclusive Approach v. The Democratic Self- Governance Model ........................................................... 2560 B. Criticism of the All-Inclusive Approach............................ 2566 II. THE FEDERAL CYBERSTALKING STATUTE AND THE ALL- INCLUSIVE APPROACH ............................................................. 2569 III. THE FEDERAL CYBERSTALKING STATUTE AND THE DEMOCRATIC SELF-GOVERNANCE MODEL .............................. 2577 A. An Elaboration and Defense of the Democratic Self- Governance Model ........................................................... 2577 B. The Democratic Self-Governance Model and § 2261A(2)(B) ................................................................ 2580 C. Section 2261A(2)(B) Caselaw ......................................... 2584 * Copyright © 2021 James Weinstein. Dan Cracchiolo Chair in Constitutional Law, Sandra Day O’Connor College of Law, Arizona State University. I am grateful to Arthur Hellman, Robert Post, and the participants in the online symposium on “Cheap Speech Twenty-Five Years Later: Democracy & Public Discourse in the Digital Age” for their helpful comments and suggestions, and to law students Emiley Pagrabs
    [Show full text]
  • I Facebook and Panopticism: Healthy Curiosity Or Stalking?
    Facebook and Panopticism: Healthy Curiosity or Stalking? A thesis presented to the faculty of the Scripps College of Communication of Ohio University In partial fulfillment of the requirements for the degree Master of Arts Mary Catherine Kennedy November 2009 © 2009. Mary Catherine Kennedy. All Rights Reserved. i This thesis titled Facebook and Panopticism: Healthy Curiosity or Stalking? by MARY CATHERINE KENNEDY has been approved for the School of Media Arts and Studies and the Scripps College of Communication by Karen E. Riggs Professor of Media Arts and Studies Gregory J. Shepherd Dean, Scripps College of Communication ii ABSTRACT KENNEDY, MARY C., M.A., November 2009, Telecommunications Facebook and Panopticism: Healthy Curiosity or Stalking? (108 pp.) Director of Thesis: Karen E. Riggs This study deepens existing knowledge concerning social networking sites, with specific interest in the social networking site Facebook and the phenomenon, “Facebook stalking”. By providing insights into lesser-known studies concerning user curiosity and surveillance online, the present research reveals that the terms ‘monitoring’ and ‘keeping up with’ or ‘keeping in touch with’ are most commonly used when referring to social searches within social networks; only when asked to think about surveillance in terms of stalking did interview participants refer to it as such. The present study aims to discover Facebook users’ perception of their friends’ disclosure while delving into the idea of “Facebook stalking”, specifically with regard to how users define it. Facebook’s evolution and prominence in the public sphere is dependent upon user satisfaction with and general understanding of the functionality of social networking websites. A discussion of these issues is beneficial to understanding how Facebook is used as a modern-day panopticon.
    [Show full text]
  • Facebook: Where Privacy Concerns and Social Needs Collide
    Edith Cowan University Research Online Theses: Doctorates and Masters Theses 2020 Facebook: Where privacy concerns and social needs collide Sonya Scherini Edith Cowan University Follow this and additional works at: https://ro.ecu.edu.au/theses Part of the Communication Technology and New Media Commons, Mass Communication Commons, and the Social Media Commons Recommended Citation Scherini, S. (2020). Facebook: Where privacy concerns and social needs collide. https://ro.ecu.edu.au/ theses/2331 This Thesis is posted at Research Online. https://ro.ecu.edu.au/theses/2331 Edith Cowan University Copyright Warning You may print or download ONE copy of this document for the purpose of your own research or study. The University does not authorize you to copy, communicate or otherwise make available electronically to any other person any copyright material contained on this site. You are reminded of the following: Copyright owners are entitled to take legal action against persons who infringe their copyright. A reproduction of material that is protected by copyright may be a copyright infringement. Where the reproduction of such material is done without attribution of authorship, with false attribution of authorship or the authorship is treated in a derogatory manner, this may be a breach of the author’s moral rights contained in Part IX of the Copyright Act 1968 (Cth). Courts have the power to impose a wide range of civil and criminal sanctions for infringement of copyright, infringement of moral rights and other offences under the Copyright Act 1968 (Cth). Higher penalties may apply, and higher damages may be awarded, for offences and infringements involving the conversion of material into digital or electronic form.
    [Show full text]
  • A/74/130 General Assembly
    United Nations A/74/130 General Assembly Distr.: General 30 July 2019 Original: English Seventy-fourth session Item 109 of the provisional agenda* Countering the use of information and communications technologies for criminal purposes Countering the use of information and communications technologies for criminal purposes Report of the Secretary-General Summary The present report has been prepared pursuant to General Assembly resolution 73/187, entitled “Countering the use of information and communications technologies for criminal purposes”. In that resolution, the General Assembly requested the Secretary-General to seek the views of Member States on the challenges that they faced in countering the use of information and communications technologies for criminal purposes and to present a report based on those views for consideration by the General Assembly at its seventy-fourth session. The report contains information on the views of Member States submitted pursuant to the aforementioned resolution. __________________ * A/74/150. V.19-08182 (E) 190819 200819 *1908182* A/74/130 Contents Page I. Introduction ................................................................... 4 II. Replies received from Governments ............................................... 4 Argentina ..................................................................... 4 Armenia ...................................................................... 6 Australia ..................................................................... 8 Austria ......................................................................
    [Show full text]
  • Surveillance by Intelligence Services: Services: Intelligence by Surveillance
    FREEDOMS FRA Surveillance by intelligence services – Volume II: field perspectives and legal update II: field perspectives – Volume services intelligence by Surveillance Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU Volume II: field perspectives and legal update This report addresses matters related to the respect for private and family life (Article 7), the protection of personal data (Article 8) and the right to an effective remedy and a fair trial (Article 47) falling under Titles II ‘Freedoms’ and VI ‘Justice’ of the Charter of Fundamental Rights of the European Union. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). Photo (cover & inside): © Shutterstock More information on the European Union is available on the internet (http://europa.eu). Luxembourg: Publications Office of the European Union, 2017 FRA – print: ISBN 978-92-9491-766-9 doi:10.2811/15232 TK-04-17-696-EN-C FRA – web: ISBN 978-92-9491-765-2 doi:10.2811/792946 TK-04-17-696-EN-N © European Union Agency for Fundamental Rights, 2017 Reproduction is authorised provided the source is acknowledged. For any use or reproduction of photos or other material that is not under the European Union Agency for Fundamental Rights copyright, permission must be sought directly from the copyright holders. Printed by Imprimerie Centrale in Luxembourg Neither the European Union Agency for Fundamental Rights nor any person acting on behalf of the European Union Agency for Fundamental Rights is responsible for the use that might be made of the following information.
    [Show full text]
  • Some Ethical Reflections on Cyberstalking Frances Grodzinsky Sacred Heart University, [email protected]
    Sacred Heart University DigitalCommons@SHU Computer Science & Information Technology Computer Science & Information Technology Faculty Publications 3-2002 Some Ethical Reflections on Cyberstalking Frances Grodzinsky Sacred Heart University, [email protected] Herman T. Tavani Rivier College Follow this and additional works at: http://digitalcommons.sacredheart.edu/computersci_fac Part of the Business Law, Public Responsibility, and Ethics Commons, Legal Ethics and Professional Responsibility Commons, and the Privacy Law Commons Recommended Citation Grodzinsky, Frances, Tavani, Herman T. "Some Ethical Reflections on Cyberstalking." ACM SIGCAS Computers and Society 32.1 (2002): 22-32. This Article is brought to you for free and open access by the Computer Science & Information Technology at DigitalCommons@SHU. It has been accepted for inclusion in Computer Science & Information Technology Faculty Publications by an authorized administrator of DigitalCommons@SHU. For more information, please contact [email protected]. Some Ethical Reflections on Cyberstalking Frances S. Grodzinsky Sacred Heart University has come to be associated with one individual ("the <grodzinskyf@sacredhearcedu> stalker ~) clandestinely tracking the movement and whereabouts of an another individual or individuals Herman T. Tavani ("the stalkee[s]~). Rivier College <[email protected]> Cyberstalking can be understood as a form of behav- ior in which certain types of stalking-related activi- ties, which in the past have occurred in physical space, Abstract are extended to the online world. On the one hand, The present study examines • range of moral issues asso- we do not wish to claim that cyberstalking is a new ciated with recent cyberstalking cases. Particular atten- kind of crime or that it is a "genuine computer crime" tion is centered on the Amy Boyer/Liam Youens case of (see Tavani, 2000).
    [Show full text]
  • The Case for Legislating Toward a Privacy Right in India
    PRESERVING CONSTITUTIVE VALUES IN THE MODERN PANOPTICON: THE CASE FOR LEGISLATING TOWARD A PRIVACY RIGHT IN INDIA Ujwala Uppaluri & Varsha Shivanagowda* As on date, the only meaningful, if arguably broad, affirmation of a right to privacy has been in the context of the Supreme Court’s treatment of Art. 21 of the Constitution, which embodies the guarantee of a right to life and personal liberty. No substantial legislative measures granting and detailing a broad and general right of privacy presently exist in the Indian context, although some measures are scattered across context-specific legislation. Recent events have brought to light the need to operationalise these judicial observations through a legislative statement of the right fleshing out the field within which the sanctity of the private domain will be recognised and upheld. This paper seeks to explore the contours of the notion of a general right to privacy. It confronts the critiques of such a right and discusses the predominant working models in other major jurisdictions. In the result, it asserts the need for an umbrella legislation addressing the varied areas in which the right of the individual to privacy, against governmental incursion into private spaces as well as against other forms of intrusion by the media and other citizens, must accrue. I. INTRODUCTION Recent concens with privacy and autonomy issues in India have arisen with regard to the State’s role in collecting and aggregating private or personal information in the context of the work of the Unique Identification Authority of India (UIDAI)1 and the National Intelligence Grid (NATGRID).2 * 3rd and 2nd year students respectively, the W.B.
    [Show full text]
  • Data Protection Directive 95/46/EC to the Internet, 25 J. Marshall J
    The John Marshall Journal of Information Technology & Privacy Law Volume 25 Issue 2 Journal of Computer & Information Law Article 2 - Spring 2008 Spring 2008 All or Nothing: This is the Question? The Application of Article 3(2) Data Protection Directive 95/46/EC to the Internet, 25 J. Marshall J. Computer & Info. L. 241 (2008) Rebecca Wong Joseph Savirimuthu Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Rebecca Wong & Joseph Savirimuthu, All or Nothing: This is the Question? The Application of Article 3(2) Data Protection Directive 95/46/EC to the Internet, 25 J. Marshall J. Computer & Info. L. 241 (2008) https://repository.law.uic.edu/jitpl/vol25/iss2/2 This Article is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. ALL OR NOTHING: THIS IS THE QUESTION? THE APPLICATION OF ARTICLE 3(2) DATA PROTECTION DIRECTIVE 95/46/ EC TO THE INTERNET REBECCA WONGt AND JOSEPH SAVIRIMUTHUtt I. INTRODUCTION The exponential growth of social networking Web sites, online per- sonal journals and the use of multimedia by individuals, raises impor- tant questions about the compatibility of Article 3(2) of the Data Protection Derivative 95/46/EC ("DPD") as applied to the internet.
    [Show full text]
  • A Comparative Study of the Brazilian and German Legal Frameworks
    Privacy and Surveillance in the Digital Age: a comparative study of the Brazilian and German legal frameworks An input to the workshop Pia ude ass sueillae: a multi-stakeholde iteatioal hallege to e held i the Internet Governance Forum, in João Pessoa, Brazil Privacy and Surveillance in the Digital Age: a comparative study of the Brazilian and German legal frameworks An input to the workshop Pia ude ass sueillae: a ulti-stakeholder iteatioal hallege to e held i the Iteet Goeae Fou, i João Pessoa, Brazil Center for Technology German Institute for International and Society of the Rio de and Security Affairs (SWP) Janeiro Law School of the Getulio Vargas Foundation (CTS/FGV) Anja Dahlmann Jamila Venturini Marcel Dickow Marilia Maciel November, 2015 2 INDEX ABOUT THE BRIEFING 4 BRAZIL 5 The protection of privacy 5 Law 9.296/1996 and the exceptions to the confidentiality of 7 communications Secrecy of data 10 Remedies for violations of privacy 10 The protection of personal data 11 The Freedom of Information Act and Marco Civil 13 Data retention 15 Intelligence activities 17 GERMANY 20 The Protection of Privacy 20 Restrictions of the Right to Privacy 20 Communications v. Data 21 Remedies for Violations of Privacy 22 The Protection of Personal Data in Germany 22 Data Retention 23 The Exchange of Data 24 Conclusions 25 3 ABOUT THE BRIEFING This iefig is a iput to the disussios that ill take plae i the sessio Privacy under mass surveillance: a multi-stakeholde iteatioal hallege to e held on November 9th in João Pessoa, Bazil, duig the Da )eo of the Iteet Goeae Fou.
    [Show full text]
  • Unzulässigkeit Der Datenübermittlung in Die USA (Cepstudie)
    cepStudie 26. Januar 2021 Unzulässigkeit der Datenübermittlung in die USA Das EuGH-Urteil „Schrems II“ und seine Folgen Anja Hoffmann © iStock Nach dem „Schrems II“-Urteil des EuGH dürfen Transfers personenbezogener Daten in die USA nicht mehr auf den „Pri- vacy-Shield“-Beschluss gestützt werden, weil die USA keinen ausreichenden Datenschutz bieten. Derzeit werden Da- tentransfers daher meist auf Standardvertragsklauseln gestützt, deren Nutzung grundsätzlich zulässig bleibt. Kernthesen Auch auf Standardvertragsklauseln und unternehmensinterne Datenschutzregelungen dürfen Datentransfers in die USA nicht gestützt werden, wenn die dortigen Datenempfänger den US-Überwachungsgesetzen unterliegen und Zugriff auf die Dateninhalte im Klartext haben. In diesen Fällen können auch ergänzende Datenschutzmaßnahmen Zugriffe der US-Behörden nicht wirksam verhin- dern. Insbesondere Transfers an Cloud-Dienste und Transfers innerhalb von Unternehmensgruppen in die USA sind daher in diesen Fällen rechtswidrig. Der Datenexporteur – oder die Aufsichtsbehörde – muss den Datentransfer stoppen. Weder ein reformierter „Privacy Shield“ noch die von der EU-Kommission im November 2020 vorgeschlagenen geän- derten Standardvertragsklauseln ändern etwas hieran, solange die USA ihre Überwachungsgesetze nicht auf das nach EU-Recht zulässige Maß begrenzen und EU-Bürgern keine wirksamen Rechtsbehelfe gewähren. Das Gleiche gilt für Datentransfers in andere Drittländer, soweit deren Überwachungsgesetze mit dem Datenschutz der EU kollidieren. Dies muss in jedem Einzelfall geprüft werden. II cepStudie Unzulässigkeit der Datenübermittlung in die USA Kernpunkte Zum „Schrems II“-Urteil des EuGH Transfers personenbezogener Daten aus der EU in die USA dürfen nicht länger auf den „Privacy- Shield“-Beschluss der EU-Kommission gestützt werden. Der Europäische Gerichtshof (EuGH) hat diesen Beschluss im „Schrems II“-Urteil zu Recht für ungültig erklärt, weil der „Privacy Shield“ kei- nen im Vergleich zur EU gleichwertigen Datenschutz bietet.
    [Show full text]