Newsletter July 2020 31

PrivacyRules Newsletter July 2020

1. PrivacyRules newsletters in Japanese 2. PrivacyRules appoints the Chair of the PrivacyRules Spanish Speaking Committee 3. Schrems II case - Opinions from PrivacyRules experts:

Webinar: the worldwide effects of the EU-US Privacy Shield invalidation Webcast: the past, the present and the future of the EU-US Privacy Shield: an expert perspective Privacy Alert: Schrems reloaded, CJEU strikes again

4. PrivacyRules live events in July 5. SPECIAL EVENT: PrivacyRules - Zhong Lun e-conference on data breach management dedicated to Chinese multinationals 6. Webinar on Public safety v. privacy: the covid-19 tracing apps conundrum 7. Special guests we worked with this month 8. PrivacyRules members updates 9. Member updates: Overview of the revised personal information protection act of Japan 10. Member Updates: Draft Bill to Amend the Israeli Privacy Law 11. Member updates: Macpherson Kelley launched a Chinese version of its website 12. Member updates: Frost Brown Todd's data privacy detective podcast series 13. PrivacyRules worldwide news

PrivacyRules Newsletters in Japanese

PrivacyRules ニュースレター 2020年6月号

PrivacyRulesの加盟ファームである岩田合同法律事務所のご協力により、今月号より、PrivacyRulesニュースレターは日本語でも発行されることになりました。同事務所に感謝するとともに、日本語読者の皆様の一助になれば幸いに存じます。

Special thanks to our member Iwata Godo from Japan, for their support with the translation of the PrivacyRules Newsletters in Japanese.

Find the one from June 2020 here, and follow the next ones on our newsletters dedicated page.

PrivacyRules appoints the Chair of the PrivacyRules Spanish Speaking Committee.

PrivacyRules says “muchisimas gracias” to Stella Vanegas Morales who accepted to be the Chair of the PrivacyRules Spanish Speaking Committee.

Stella is a Colombian lawyer with strong international experience. In 2013 she founded her firm VMC, which is specialized in privacy, IT and finance law. The firm advises national, regional and international companies in different sectors including banking, financial, insurance, health, and retail. Thanks to her broad experience, Stella is a leader in developing and implementing privacy compliance programs in Colombia.

Stella is a proactive member of the LatAm and global privacy community, regularly teaches at the graduate program in Commercial Law at Universidad Javeriana in Bogota (Colombia), and is an active participant in many PrivacyRules events contributing to conferences, webinars and podcasts. She is also a member of the PrivacyRules Data Breach Committee.

The PrivacyRules Spanish Speaking Committee will bring various opportunities to a much wider audience who will be more comfortable when the information about privacy issues reaches them in their own language. The Committee creates a specialised network of privacy professionals in Latin America, closely connected with colleagues in Spain and North-America. The Committee will enhance skills of privacy professionals and inter-connect our experts to rapidly assist companies with legal and technical support or advice to develop data related business, including on international transfers of personal data.

The Committee met for the first time on 27 July 2020, and established a work plan which includes the dissemination of accurate information and e-events on (en español for immediate appreciation of our Spanish speaking audience): a) Impacto en los Programas de Gestión de Datos de las empresas a raíz del Covid 19 b) Elementos básicos en privacidad a ser tenidos en cuenta por las Startups. ¿Cómo emprender sin incurrir en incumplimientos legales? c) Impacto del fallo de Schrems del TJUE en la circulación transfronteriza de datos en los países de la región.

PrivacyRules will continue publishing its newsletters in Spanish language, to regularly inform its Spanish speaking audience on the specialised data privacy advise we can provide in their own language and in their regions.

Atentos saludos

Schrems II case - Opinions from PrivacyRules experts

The worldwide effects of the EU-US Privacy Shield invalidation

EU and non-EU PrivacyRules experts debated on the ground-breaking decision of the Tribunal of the Court of Justice of the European Union (CJEU). EU PrivacyRules data privacy experts Volker Wodianka from SKW Schwarz in Germany and Jean-Christophe Chevallier from Ydès Avocats in France, analyzed the decision and compared their interpretation and perspectives with our data privacy experts Michael E. Nitardy from Frost Brown Todd in the US and Gabriel Avigdor from datalex llc in Switzerland.

Find the recording of this LIVE webinar here

The past, the present and the future of the EU-US Privacy Shield: an expert perspective

Our Swiss expert Gabriel Avigdor from datalex llc explains in just 5 minutes what has brought the Court of Justice of the EU to invalidate the EU-US Privacy Shield.

What happened? What are the consequences for cross-border personal data transfer? Are Standard Contractual Clauses still valid? Can this decision involve also third countries such as Switzerland?

Watch this flash video to learn more about this case and its effects!

Schrems reloaded, CJEU strikes again

Our Romanian expert Ciprian Timofte from Tuca Zbarcea Asociatii provides an overview on the recent CJEU decision invalidating the EU - US Privacy Shield. Here is a brief summary about its alert:

/ The Good: SCCs are GDPR compliant. However, EU controllers should do more to be able to (still) rely on SCCs. / The Bad: EU-US Privacy Shield is invalid. Alternatives should be considered for data transfers to the US. / The Ugly: The DPAs are requested to grant particular attention to data transfers outside the EEA and to order the suspension/ceasing of those data transfers that rely on invalid data transfer mechanisms.

To see what to expect and what to do next, take a glance at Ciprian's privacy alert on the CJEU's Schrems II decision.

PrivacyRules live events in July

PrivacyRules - Zhong Lun e-conference on data breach management dedicated to Chinese multinationals

PrivacyRules and Zhong Lun (China) held an e-conference on data breach management for multinational companies on 8 July 2020. Legal and cybersecurity experts from three continents debated the topic, during which PrivacyRules also introduced its upcoming global data breach prevention and response mechanism.

In the first session the PrivacyRules Chinese founding member from Zhong Lun, Jihong Chen, outlined Chinese legal requirements for privacy compliance and data breach response. The e-conference offered specific insights on an interesting case study related to a suspect data breach against a Chinese multinational company that applies AI to its industrial processes. The first session of the e-conference saw also the analysis of top legal advisors Michael Nitardy from Frost Brown Todd in the USA, Volker Wodianka from SKW Schwarz in Germany, Yingyu Wang from Taylor Vinters Via in Singapore and Akira Matsuda from Iwata Godo in Japan.

The second session was focused on cybersecurity solutions to protect data, with the participation of PrivacyRules founding tech expert Ken Morris from KnectIQ, as well as Mark Whittley from Blackpanda and Kevin Lee from Horangi as special guest speakers.

Nearly 200 participants, including representatives of the largest multinational companies operating from and in China, attended the event.

Find more information on the event here

Webinar on Public safety v. privacy: the covid-19 tracing apps conundrum

The PrivacyRules live webinar on "Public safety v. privacy: the covid-19 tracing apps conundrum" was moderated by our Australian expert Kelly Dickson from Macpherson Kelley and saw Susanne Lie, senior legal adviser at the Norwegian Data Protection Authority (Datatilsynet) as a special guest. Three other PrivacyRules experts were in the panel: Ruth Ng from Taylor Vinters Via LLC in Singapore, Haim Ravia from Pearl Cohen in Israel and Geert Somers from Timelex in Belgium.

The recording of the webinar is now available here

Special guests we worked with this month

PrivacyRules members updates

Overview of the revised Japanese Personal Information Protection Act

On June 5, 2020 the House of Councillors of Japan passed the bill to amend the Act on the Protection of Personal Information (“APPI”). This revision come as a result of the triennial statutory review process provided for under the APPI to give the legislator the opportunity to keep up with the rapid pace of innovation and technical change. The revision is also aimed at dealing with the effects of the continuous expansion of the digital world and the ever-increasing volume of data handled by business operators.

Read the overview from our Japanese expert Akira Matsuda

Draft Bill to Amend the Israeli Privacy Law

Article written by Haim Ravia, Dotan Hammer and Adi Shoval from PrivacyRules exclusive Israeli member Pearl Cohen.

The Israeli Ministry of Justice published a draft bill proposing to amend the Israeli Privacy Protection Law (the “IPPL”). The draft bill proposes to adopt some of the GDPR terminologies and to revise the compulsory database registration regime.

Macpherson Kelley launched a Chinese version of its website

The new version of the website is available here or by visiting www.mk.com.au and clicking on the Australian flag in the top right hand corner of the site and then clicking on the Chinese flag.

Macpherson Kelley is at the forefront of advice international clients in Australia. Please contact its privacy and commercial law expert Kelly Dickson for any assistance needed in Australia and from Australia to the rest of the world.

Frost Brown Todd's data privacy detective podcast series

The Frost Brown Todd’s Data Privacy Detective podcast series headed by the PrivacyRules Chairman, Joe Dehner, delves into information security and safeguarding data privacy. PrivacyRules cooperates with the Privacy and Information Security Law practice at Frost Brown Todd for many of these podcasts.

Don't miss the latest podcasts from Joe, follow him here!

PrivacyRules worldwide news

30 July Draft Bill to Amend the Israeli Privacy Law

29 July Japanese Regulator issued the first stop order on the publication of personal information

28 July Turkey passes law on social media, requiring local data centres and representatives

The AEPD, updates, Guide on the use of cookies, to adapt it to the new guidelines of the European Committee for Data Protection

Max Schrems and NOYB plans to challenge Facebookin light of the CJEU's ruling on the EU-U.S. Privacy Shield

Press release of the conference of the independent data protection supervisory authority of the German federal and state governments

The CNIL publishes three benchmarks for the health sector

Director General of Aptika: All Have the Role to Protect Personal Data

27 July Google victory in German top court over right to be forgotten

Lifespan Pays 1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach

Data Protection requirements must go hand in hand with the prevention of money laundering and terrorism financing

Norwegian DPA Q&A on the transfer of personal data to countries outside the EEA after the Schrems II decision

26 July Tech unicorn Dave admits to security breach impacting 7.5 million users

24 July EDPB publishes FAQ on the Schrems II case

CNIL - Code of conduct: publication of the accreditation requirements for monitoring bodies

New Privacy Commissioner for Personal Data appointed in Hong Kong

23 July EDPB: Information note on Binding Corporate Rules with UK SA as Lead Authority

ICO - First reports published from the Regulatory Sandbox

22 July New York Regulator Charges First American Unit Over 2019 Data Breach

New York bans use of facial recognition in schools statewide

Our Australian Member, Macpherson Kelley, launched the simplified Chinese translation version of its website

21 July Downloads of Japan's COVID-19 app reach 7.7 million in slowing pace since debut

20 July NOYB on the next steps for EU companies after the Privacy Shield invalidation

Overview of the revised personal information protection act of Japan

ICO 2019 annual report

Google Promises Privacy With Virus App but Can Still Collect Location Data

Israel approves cellphone tracking of COVID-19 carriers for rest of year

"StopCovid" application: the CNIL publishes the outcomes of its controls

Academic Project Used Marketing Data to Monitor Russian Military Sites

TikTok under scrutiny in Australia over security, data concerns

European Data Protection Board statement on the Schrems II

England's test and trace programme 'breaks GDPR data law'

Coronavirus, United Kingdom, trial, New Zealand, contact tracing app,

Cheap, popular and it works: Ireland's contact-tracing app success

18 July Sisi endorses law on personal data protection

Matt Hancock in new U-turn on coronavirus testing data

17 July Pompeo 'deeply disappointed' in EU court decision to ditch trans-Atlantic data transfer deal

Germans hand police too much data, court rules

Privacy concerns have states taking it slow on contact tracing apps

EDPB Statement on the Court of Justice of the European Union Judgment in Case C- 311/18 - Data Protection Commissioner v Facebook Ireland and Maximillian Schrems

EDPS Statement following the Court of Justice ruling in Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd and Maximilian Schrems (“Schrems II”)

Schrems reloaded, CJEU strikes again - Article by Ciprian Timofte from Tuca Zbarcea Asociatii

16 July Hackers took over dozens of high-profile Twitter accounts including those of Barack Obama, Joe Biden, Elon Musk, Kim Kardashian, and Apple and used them to post bitcoin scam links

CJEU invalidates the EU-US privacy shield

Privacy activist Schrems welcomes EU court decision on Facebook

ICO five steps document on contact tracing - protecting customer and visitor details

15 July Italian authorities releases the white paper of digital economy

Mozilla launches VPN service to help protect your privacy

Pakistan Is Using a Terrorism Surveillance System to Monitor the Pandemic

Coronavirus: the EU Commission made new steps towards setting-up an interoperability solution for mobile tracing and warning apps

Orientationsfrom the EDPS. Reactions of EU institutionsas employersto the COVID-19 crisis

TikTok fined in S. Korea over privacy issue

14 July PrivacyRules - Zhong Lun e-conference on data breach management - Recording now available!

ICO advice to organisations collecting customer and visitor details for contact tracing

Schrems charts US surveillance pushback after ECJ ruling

13 July Covid-19 PrivacyRules response team

This botnet has surged back into action spreading a new ransomware campaign via phishing emails

Telephone operators: control of the Italian DPA continues, sanctioning Wind for 17 million euro and Iliad for 800 thousand euro

10 July India panel proposes new regulator for non-personal data: draft report

EU top court to rule in landmark Facebook, Schrems privacy case

Authorized third parties: the CNIL publishes a practical guide and a collection of procedures

Supreme Court of Canada upholds genetic non-discrimination law

Colombian DPA fines CIFIN $ 702 million for including political sanctions in credit history

Norwegian DPA final decision on fee to Rælingen municipality

Spanish AEPD releases its recommendations on the use of mobile applications in access to public spaces

9 July A new agreement between the MPF and Microsoft brings improvements in the collection of personal data in Windows 10in Brazil

The Office of the Australian Information Commissioner and the UK’s Information Commissioner’s Office open joint investigation into Clearview AI Inc.

Block the Google/Fitbit merger

YouTube not obliged to inform on film pirates, Europe's top court says

European Commission document on "Getting ready for changes the end of the transition period between the European Union and the United Kingdom"

8 July Robots, drones and surveillance apps: The unexpected future of medicine

A revised manual on data protection in working life has been published by the Finnish Office of the Data Protection Ombudsman

Exclusive: U.S. probing allegations TikTok violated children's privacy

Bohol launches contact tracing card for every household

Lawmakers, businesses at loggerheads over regulation of anonymized data

Privacy Watchdog Brings Popular Exercise and Healthcare Apps into Compliance with Digital Advertising Best Practices

7 July Google, Facebook and Twitter Suspend Review of Hong Kong Requests for User Data

Contact tracing: Ireland launches its app following Apple and Google's model

6 July Home router warning: They're riddled with known flaws and run ancient, unpatched Linux

The CoE German Presidency declared its intention to reach a general approach to the Eprivacy Regulation

Statement on the publication of ICO guidance to businesses collecting personal data for contact tracing

EDPS Report: EU Institutions’ use of Data Protection Impact Assessments

FTC Gives Final Approval to Settlement with Digital Game Maker

2 July Statement on the publication of ICO guidance to businesses collecting personal data for contact tracing Online privacy experts sound alarm as US Senate bill sparks surveillance fears

1July UK regulators join forces to ensure online services work well for consumers and businesses

Apple Watch, Fitbit data can spot if you are sick days before symptoms show up

Italian DPA sanctions to a banking institution for a data breach

Commission conducting ‘preparatory work’ should ECJ invalidate privacy shield

Cookies and other tracking devices: the Council of State issues its decision on the CNIL guidelines

Data Center Company Settles FTC Privacy Shield Case

Subscribe to our Newsletter

If you wish to be featured in PrivacyRules Newsletters

please send your content via email to [email protected]

and also to Alessandro Di Mattia at [email protected]

European Headquarters: 36 Via G. Silva 20149 Milan Italy (IT)

Want to change how you receive these emails? You can update your preferences or unsubscribe from this list.

For any problem, please contact us here.