Updates from across the world - DAC Beachcroft

All Collections

Sort By

Related Articles

Updates from across the world's Tags

Tags related to this article

Updates from across the world

Published On: 1 September 2016

June saw the launch by the French data protection authority, the CNIL, of a public consultation on the EU General Data Protection Regulation ("GDPR"), with the CNIL focussing on four key areas; data protection officers, the right to portability, privacy impact assessments and certification. The CNIL's consultation is just one of the many likely to take place over the next two years as we head ever closer to May 2018 and the implementation of the GDPR. Also in France we saw an agreement reached on the Digital Bill, which pre-empts many of the new measures introduced by the GDPR, such as increased fining power.

There were also further developments in the ever evolving debate over EU-US transfers. In our last edition we reported on the new case being brought before the Irish courts, challenging the validity of the EU Model Clauses as a mechanism for transferring data from Europe to the US, and in this edition we look at the announcement that the Irish court was to hear applications from various parties seeking to be joined in the proceedings as amicus curiae, among them the US government.

We also saw action taken by various European data protection authorities in respect of 'unsolicited communications'. This is a common enforcement topic for the ICO in the UK, and these stories demonstrate that it is a common theme across Europe. We saw in Spain a fine imposed for unsolicited communication sent through a 'tell-a-friend' system used by a company to market it's products. The fine was imposed on the company, despite it being the decision of the referring customer that the communication was to be sent, on the basis that it was the company that determined the form and content of the communication and indeed, how it was to be sent. We also take a look back at recent sanctions imposed by the Romanian data protection authority, where we see a focus on obtaining appropriate consents, for both marketing communications and the use of cookies.

On the topic of consent, there is also an analysis of its role from Serbia, where we look at what the appropriate legal basis is for the processing of personal data by insurance companies. Although this article looks at insurers in Serbia specifically, it serves as a useful reminder for all organisations in any country to look at the legal basis on which they are purporting to process the personal data they hold.

Another article from Serbia also looks into how the Serbian data protection authority approaches proportionality, something that the Spanish data protection authority looked at in July in relation to public employee data.

And here are some of the other recent international developments: