PrivacyRules Newsletter July 2020
1. PrivacyRules newsletters in Japanese 2. PrivacyRules appoints the Chair of the PrivacyRules Spanish Speaking Committee 3. Schrems II case - Opinions from PrivacyRules experts:
Webinar: the worldwide effects of the EU-US Privacy Shield invalidation Webcast: the past, the present and the future of the EU-US Privacy Shield: an expert perspective Privacy Alert: Schrems reloaded, CJEU strikes again
4. PrivacyRules live events in July 5. SPECIAL EVENT: PrivacyRules - Zhong Lun e-conference on data breach management dedicated to Chinese multinationals 6. Webinar on Public safety v. privacy: the covid-19 tracing apps conundrum 7. Special guests we worked with this month 8. PrivacyRules members updates 9. Member updates: Overview of the revised personal information protection act of Japan 10. Member Updates: Draft Bill to Amend the Israeli Privacy Law 11. Member updates: Macpherson Kelley launched a Chinese version of its website 12. Member updates: Frost Brown Todd's data privacy detective podcast series 13. PrivacyRules worldwide news
PrivacyRules Newsletters in Japanese
PrivacyRules ニュースレター 2020年6月号
PrivacyRulesの加盟ファームである岩田合同法律事務所のご協力により、今月号よ り、PrivacyRulesニュースレターは日本語でも発行されることになりました。同事 務所に感謝するとともに、日本語読者の皆様の一助になれば幸いに存じます。
Special thanks to our member Iwata Godo from Japan, for their support with the translation of the PrivacyRules Newsletters in Japanese.
Find the one from June 2020 here, and follow the next ones on our newsletters dedicated page.
PrivacyRules appoints the Chair of the PrivacyRules Spanish Speaking Committee.
PrivacyRules says “muchisimas gracias” to Stella Vanegas Morales who accepted to be the Chair of the PrivacyRules Spanish Speaking Committee.
Stella is a Colombian lawyer with strong international experience. In 2013 she founded her firm VMC, which is specialized in privacy, IT and finance law. The firm advises national, regional and international companies in different sectors including banking, financial, insurance, health, and retail. Thanks to her broad experience, Stella is a leader in developing and implementing privacy compliance programs in Colombia.
Stella is a proactive member of the LatAm and global privacy community, regularly teaches at the graduate program in Commercial Law at Universidad Javeriana in Bogota (Colombia), and is an active participant in many PrivacyRules events contributing to conferences, webinars and podcasts. She is also a member of the PrivacyRules Data Breach Committee.
The PrivacyRules Spanish Speaking Committee will bring various opportunities to a much wider audience who will be more comfortable when the information about privacy issues reaches them in their own language. The Committee creates a specialised network of privacy professionals in Latin America, closely connected with colleagues in Spain and North-America. The Committee will enhance skills of privacy professionals and inter-connect our experts to rapidly assist companies with legal and technical support or advice to develop data related business, including on international transfers of personal data.
The Committee met for the first time on 27 July 2020, and established a work plan which includes the dissemination of accurate information and e-events on (en español for immediate appreciation of our Spanish speaking audience): a) Impacto en los Programas de Gestión de Datos de las empresas a raíz del Covid 19 b) Elementos básicos en privacidad a ser tenidos en cuenta por las Startups. ¿Cómo emprender sin incurrir en incumplimientos legales? c) Impacto del fallo de Schrems del TJUE en la circulación transfronteriza de datos en los países de la región.
PrivacyRules will continue publishing its newsletters in Spanish language, to regularly inform its Spanish speaking audience on the specialised data privacy advise we can provide in their own language and in their regions.
Atentos saludos
Schrems II case - Opinions from PrivacyRules experts
The worldwide effects of the EU-US Privacy Shield invalidation
EU and non-EU PrivacyRules experts debated on the ground-breaking decision of the Tribunal of the Court of Justice of the European Union (CJEU). EU PrivacyRules data privacy experts Volker Wodianka from SKW Schwarz in Germany and Jean-Christophe Chevallier from Ydès Avocats in France, analyzed the decision and compared their interpretation and perspectives with our data privacy experts Michael E. Nitardy from Frost Brown Todd in the US and Gabriel Avigdor from datalex llc in Switzerland.
Find the recording of this LIVE webinar here
The past, the present and the future of the EU-US Privacy Shield: an expert perspective
Our Swiss expert Gabriel Avigdor from datalex llc explains in just 5 minutes what has brought the Court of Justice of the EU to invalidate the EU-US Privacy Shield.
What happened? What are the consequences for cross-border personal data transfer? Are Standard Contractual Clauses still valid? Can this decision involve also third countries such as Switzerland?
Watch this flash video to learn more about this case and its effects!
Schrems reloaded, CJEU strikes again
Our Romanian expert Ciprian Timofte from Tuca Zbarcea Asociatii provides an overview on the recent CJEU decision invalidating the EU - US Privacy Shield. Here is a brief summary about its alert:
/ The Good: SCCs are GDPR compliant. However, EU controllers should do more to be able to (still) rely on SCCs. / The Bad: EU-US Privacy Shield is invalid. Alternatives should be considered for data transfers to the US. / The Ugly: The DPAs are requested to grant particular attention to data transfers outside the EEA and to order the suspension/ceasing of those data transfers that rely on invalid data transfer mechanisms.
To see what to expect and what to do next, take a glance at Ciprian's privacy alert on the CJEU's Schrems II decision.
PrivacyRules live events in July
PrivacyRules - Zhong Lun e-conference on data breach management dedicated to Chinese multinationals
PrivacyRules and Zhong Lun (China) held an e-conference on data breach management for multinational companies on 8 July 2020. Legal and cybersecurity experts from three continents debated the topic, during which PrivacyRules also introduced its upcoming global data breach prevention and response mechanism.
In the first session the PrivacyRules Chinese founding member from Zhong Lun, Jihong Chen, outlined Chinese legal requirements for privacy compliance and data breach response. The e-conference offered specific insights on an interesting case study related to a suspect data breach against a Chinese multinational company that applies AI to its industrial processes. The first session of the e-conference saw also the analysis of top legal advisors Michael Nitardy from Frost Brown Todd in the USA, Volker Wodianka from SKW Schwarz in Germany, Yingyu Wang from Taylor Vinters Via in Singapore and Akira Matsuda from Iwata Godo in Japan.
The second session was focused on cybersecurity solutions to protect data, with the participation of PrivacyRules founding tech expert Ken Morris from KnectIQ, as well as Mark Whittley from Blackpanda and Kevin Lee from Horangi as special guest speakers.
Nearly 200 participants, including representatives of the largest multinational companies operating from and in China, attended the event.
Contact us or our experts to know more about these solutions!
Find more information on the event here
Webinar on Public safety v. privacy: the covid-19 tracing apps conundrum
The PrivacyRules live webinar on "Public safety v. privacy: the covid-19 tracing apps conundrum" was moderated by our Australian expert Kelly Dickson from Macpherson Kelley and saw Susanne Lie, senior legal adviser at the Norwegian Data Protection Authority (Datatilsynet) as a special guest. Three other PrivacyRules experts were in the panel: Ruth Ng from Taylor Vinters Via LLC in Singapore, Haim Ravia from Pearl Cohen in Israel and Geert Somers from Timelex in Belgium.
The recording of the webinar is now available here
Special guests we worked with this month
PrivacyRules members updates
Overview of the revised Japanese Personal Information Protection Act
On June 5, 2020 the House of Councillors of Japan passed the bill to amend the Act on the Protection of Personal Information (“APPI”). This revision come as a result of the triennial statutory review process provided for under the APPI to give the legislator the opportunity to keep up with the rapid pace of innovation and technical change. The revision is also aimed at dealing with the effects of the continuous expansion of the digital world and the ever-increasing volume of data handled by business operators.
Read the overview from our Japanese expert Akira Matsuda
Draft Bill to Amend the Israeli Privacy Law
Article written by Haim Ravia, Dotan Hammer and Adi Shoval from PrivacyRules exclusive Israeli member Pearl Cohen.
The Israeli Ministry of Justice published a draft bill proposing to amend the Israeli Privacy Protection Law (the “IPPL”). The draft bill proposes to adopt some of the GDPR terminologies and to revise the compulsory database registration regime.
Macpherson Kelley launched a Chinese version of its website
The new version of the website is available here or by visiting www.mk.com.au and clicking on the Australian flag in the top right hand corner of the site and then clicking on the Chinese flag.
Macpherson Kelley is at the forefront of advice international clients in Australia. Please contact its privacy and commercial law expert Kelly Dickson for any assistance needed in Australia and from Australia to the rest of the world.
Frost Brown Todd's data privacy detective podcast series
The Frost Brown Todd’s Data Privacy Detective podcast series headed by the PrivacyRules Chairman, Joe Dehner, delves into information security and safeguarding data privacy. PrivacyRules cooperates with the Privacy and Information Security Law practice at Frost Brown Todd for many of these podcasts.
Don't miss the latest podcasts from Joe, follow him here!
PrivacyRules worldwide news
30 July Draft Bill to Amend the Israeli Privacy Law
29 July Japanese Regulator issued the first stop order on the publication of personal information
28 July Turkey passes law on social media, requiring local data centres and representatives
The AEPD, updates, Guide on the use of cookies, to adapt it to the new guidelines of the European Committee for Data Protection
Max Schrems and NOYB plans to challenge Facebookin light of the CJEU's ruling on the EU-U.S. Privacy Shield
Press release of the conference of the independent data protection supervisory authority of the German federal and state governments
The CNIL publishes three benchmarks for the health sector
Director General of Aptika: All Have the Role to Protect Personal Data
27 July Google victory in German top court over right to be forgotten
Lifespan Pays 1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach
Data Protection requirements must go hand in hand with the prevention of money laundering and terrorism financing
Norwegian DPA Q&A on the transfer of personal data to countries outside the EEA after the Schrems II decision
26 July Tech unicorn Dave admits to security breach impacting 7.5 million users
24 July EDPB publishes FAQ on the Schrems II case
CNIL - Code of conduct: publication of the accreditation requirements for monitoring bodies
New Privacy Commissioner for Personal Data appointed in Hong Kong
23 July EDPB: Information note on Binding Corporate Rules with UK SA as Lead Authority
ICO - First reports published from the Regulatory Sandbox
22 July New York Regulator Charges First American Unit Over 2019 Data Breach
New York bans use of facial recognition in schools statewide
Our Australian Member, Macpherson Kelley, launched the simplified Chinese translation version of its website
21 July Downloads of Japan's COVID-19 app reach 7.7 million in slowing pace since debut
20 July NOYB on the next steps for EU companies after the Privacy Shield invalidation
Overview of the revised personal information protection act of Japan
ICO 2019 annual report
Google Promises Privacy With Virus App but Can Still Collect Location Data
Israel approves cellphone tracking of COVID-19 carriers for rest of year
"StopCovid" application: the CNIL publishes the outcomes of its controls
Academic Project Used Marketing Data to Monitor Russian Military Sites
TikTok under scrutiny in Australia over security, data concerns
European Data Protection Board statement on the Schrems II
England's test and trace programme 'breaks GDPR data law'
Coronavirus, United Kingdom, trial, New Zealand, contact tracing app,
Cheap, popular and it works: Ireland's contact-tracing app success
18 July Sisi endorses law on personal data protection
Matt Hancock in new U-turn on coronavirus testing data
17 July Pompeo 'deeply disappointed' in EU court decision to ditch trans-Atlantic data transfer deal
Germans hand police too much data, court rules
Privacy concerns have states taking it slow on contact tracing apps
EDPB Statement on the Court of Justice of the European Union Judgment in Case C- 311/18 - Data Protection Commissioner v Facebook Ireland and Maximillian Schrems
EDPS Statement following the Court of Justice ruling in Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd and Maximilian Schrems (“Schrems II”)
Schrems reloaded, CJEU strikes again - Article by Ciprian Timofte from Tuca Zbarcea Asociatii
16 July Hackers took over dozens of high-profile Twitter accounts including those of Barack Obama, Joe Biden, Elon Musk, Kim Kardashian, and Apple and used them to post bitcoin scam links
CJEU invalidates the EU-US privacy shield
Privacy activist Schrems welcomes EU court decision on Facebook
ICO five steps document on contact tracing - protecting customer and visitor details
15 July Italian authorities releases the white paper of digital economy
Mozilla launches VPN service to help protect your privacy
Pakistan Is Using a Terrorism Surveillance System to Monitor the Pandemic
Coronavirus: the EU Commission made new steps towards setting-up an interoperability solution for mobile tracing and warning apps
Orientationsfrom the EDPS. Reactions of EU institutionsas employersto the COVID-19 crisis
TikTok fined in S. Korea over privacy issue
14 July PrivacyRules - Zhong Lun e-conference on data breach management - Recording now available!
ICO advice to organisations collecting customer and visitor details for contact tracing
Schrems charts US surveillance pushback after ECJ ruling
13 July Covid-19 PrivacyRules response team
This botnet has surged back into action spreading a new ransomware campaign via phishing emails
Telephone operators: control of the Italian DPA continues, sanctioning Wind for 17 million euro and Iliad for 800 thousand euro
10 July India panel proposes new regulator for non-personal data: draft report
EU top court to rule in landmark Facebook, Schrems privacy case
Authorized third parties: the CNIL publishes a practical guide and a collection of procedures
Supreme Court of Canada upholds genetic non-discrimination law
Colombian DPA fines CIFIN $ 702 million for including political sanctions in credit history
Norwegian DPA final decision on fee to Rælingen municipality
Spanish AEPD releases its recommendations on the use of mobile applications in access to public spaces
9 July A new agreement between the MPF and Microsoft brings improvements in the collection of personal data in Windows 10in Brazil
The Office of the Australian Information Commissioner and the UK’s Information Commissioner’s Office open joint investigation into Clearview AI Inc.
Block the Google/Fitbit merger
YouTube not obliged to inform on film pirates, Europe's top court says
European Commission document on "Getting ready for changes the end of the transition period between the European Union and the United Kingdom"
8 July Robots, drones and surveillance apps: The unexpected future of medicine
A revised manual on data protection in working life has been published by the Finnish Office of the Data Protection Ombudsman
Exclusive: U.S. probing allegations TikTok violated children's privacy
Bohol launches contact tracing card for every household
Lawmakers, businesses at loggerheads over regulation of anonymized data
Privacy Watchdog Brings Popular Exercise and Healthcare Apps into Compliance with Digital Advertising Best Practices
7 July Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data
Contact tracing: Ireland launches its app following Apple and Google's model
6 July Home router warning: They're riddled with known flaws and run ancient, unpatched Linux
The CoE German Presidency declared its intention to reach a general approach to the Eprivacy Regulation
Statement on the publication of ICO guidance to businesses collecting personal data for contact tracing
EDPS Report: EU Institutions’ use of Data Protection Impact Assessments
FTC Gives Final Approval to Settlement with Digital Game Maker
2 July Statement on the publication of ICO guidance to businesses collecting personal data for contact tracing Online privacy experts sound alarm as US Senate bill sparks surveillance fears
1July UK regulators join forces to ensure online services work well for consumers and businesses
Apple Watch, Fitbit data can spot if you are sick days before symptoms show up
Italian DPA sanctions to a banking institution for a data breach
Commission conducting ‘preparatory work’ should ECJ invalidate privacy shield
Cookies and other tracking devices: the Council of State issues its decision on the CNIL guidelines
Data Center Company Settles FTC Privacy Shield Case
Subscribe to our Newsletter
If you wish to be featured in PrivacyRules Newsletters
please send your content via email to [email protected]
and also to Alessandro Di Mattia at [email protected]
Copyrights © 2020 All Rights Reserved by PrivacyRules Ltd. American Headquarters: PrivacyRules Ltd. 3491 Forestoak Court Cincinnati, OH 45208 United States of America (USA)
European Headquarters: 36 Via G. Silva 20149 Milan Italy (IT)
Want to change how you receive these emails? You can update your preferences or unsubscribe from this list.
For any problem, please contact us here.