European Union

Technical Standards Open New Avenue to EU Data Protection Compliance

By Sára Hoffman on September 15, 2015

Historically, businesses have called for greater connection between the legal requirements of European data protection law and the requirements of information technology standards. The new International Organization for Standardization (ISO) standard for securely processing personal information in cloud computing environments, ISO 27018, could be a significant and major first step toward creating technical standards that take privacy legal requirements into account.¹ While its effects on compliance under the forthcoming EU General Data Protection Regulation (GDPR) remain to be seen, ISO 27018 offers a promising look at what a more harmonized data protection regime might look like.
Continue Reading Technical Standards Open New Avenue to EU Data Protection Compliance

Personal Data, Anonymization, and Pseudonymization in the EU

By Cédric Burton & Sára Hoffman on September 15, 2015

Posted in European Union, Privacy

De-identification techniques are often at the forefront of companies’ concerns when it comes to the processing of big data. In addition, anonymization and pseudonymization techniques have been a heavily debated topic in the ongoing reform of EU data protection law. This makes last year’s Article 29 Working Party (WP29) Opinion on Anonymization Techniques¹ even more important, as it examines the effectiveness and limits of anonymization techniques and places them in the context of data protection law. This article details the WP29 Opinion on Anonymization Techniques and considers the opinion in relation to the upcoming EU General Data Protection Regulation.
Continue Reading Personal Data, Anonymization, and Pseudonymization in the EU

New EU Trends: Cybersecurity and Breach Notification

By Sarah Cadiot on July 15, 2015

Posted in Cybersecurity, European Union

On June 29, 2015, the Council of the European Union (comprised of representatives of the 28 EU Member States) reached a political agreement with the European Parliament on the main principles of the draft Directive on Network and Information Security (NIS Directive) governing cybersecurity issues.¹ The draft NIS Directive is an advanced piece of draft legislation in the EU that, once adopted, will likely concern a significant number of companies doing business in Europe.² The final text is expected to be adopted sometime in late 2015, however the ultimate timing will depend on the political developments.
Continue Reading New EU Trends: Cybersecurity and Breach Notification

Status Update on the EU Data Protection Regulation

By Christopher Kuner, Cédric Burton & Laura De Boel on July 15, 2015

Posted in European Union, Regulatory

On June 15, 2015, the Ministers of Justice of all 28 European Union member states, sitting as the Council of the EU (Council), reached a crucial agreement for the future EU data protection legal framework. Much work still needs to be completed, but this is a major step forward in the adoption of the EU General Data Protection Regulation (Regulation).

The Regulation introduces important changes to EU data protection law that will have a significant impact on companies doing business in the EU. While the timing of final approval is still unknown, the fact that the Council has reached a general approach significantly increases the chances that the final text of the Regulation will be adopted in the foreseeable future. To learn more about the practical implications for businesses and how to prepare for the new legal framework, please join our webcast on July 15.
Continue Reading Status Update on the EU Data Protection Regulation

EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

By Cédric Burton & Laura De Boel on February 15, 2015

Posted in European Union, Privacy

ThinkstockPhotos-149480786-web The European data protection regulators, the Article 29 Working Party (WP29), recently issued two guidance papers which clarify the data protection legal framework applicable to the Internet of Things (IoT) and to the use of device fingerprinting. Both opinions underline WP29’s current focus on data-driven innovations. This article highlights the key takeaways from these two opinions.
Continue Reading EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

EU Data Protection Regulators Issue Several Opinions on Key EU Data Protection Issues

By Christopher Kuner & Cédric Burton on July 15, 2014

Posted in European Union, Regulatory

The body of European data protection regulators known as the Article 29 Working Party (WP29) has been exceptionally prolific lately. In April 2014, WP29 adopted no less than five opinions and issued a number of other statements and letters on various topics. While not directly binding, WP29’s publications offer insight into the regulators’ views, which are generally a good indication of how the regulators will seek to apply the law.

In this article, we provide an overview of the most important documents issued. We discuss Opinion 5/2014 on anonymization,¹ Opinion 6/2014 on legitimate interests as a basis for processing,² the letter to Commissioner Viviane Reding on data transfers from the EU to the U.S.,³ and the letter to the Council of the EU on the one-stop-shop mechanism.⁴
Continue Reading EU Data Protection Regulators Issue Several Opinions on Key EU Data Protection Issues

The Data Advisor