On 27 October 2022, the Digital Services Act (DSA) was published in the EU Official Journal as Regulation (EU) 2022/2065, with the aim to fully harmonize the rules on the safety of online services and the dissemination of illegal content online. The Digital Services Act will require online intermediaries to amend their terms of service, to better handle complaints, and to increase their transparency, especially with respect to advertising.(more…)
EU Digital Services Act: Fundamental Changes for Online Intermediaries?November 5th, 2022 | Posted by in Competition | eCommerce | Europe | internet | Legislation - (0 Comments)
UK: Government Publishes New Proposed Data Protection LawJuly 27th, 2022 | Posted by in English | Europe | Legislation | Privacy - (0 Comments)
The UK Government has finally published its highly anticipated Data Protection and Digital Information Bill (the Bill), marking the first significant post-Brexit change to the UK’s data protection regime. Following Brexit, the UK continued following the EU General Data Protection Regulation, incorporated into UK law as the UK GDPR, and the UK implementation of the EU ePrivacy Directive, the Privacy and Electronic Communications Regulations 2003 (PECR), also remained in force.
The Bill is only at the start of the legislative process, and it remains to be seen how it will develop if it is amended during its passage through Parliament, but early indications are that it represents more of an evolution than a revolution in the UK regime. That will come as a relief to businesses that transfer personal data from the EU to the UK, because it reduces the risk that the EU might rescind the UK’s adequacy status.
For a start, the Bill actually preserves the UK GDPR, its enabling legislation the Data Protection Act 2018, and the PECR, because it is drafted as an amending act rather than a completely new legislative instrument. This does not contribute to user-friendliness, as interpreting UK data protection requirements will require a great deal of cross-referencing across texts.
The more eye-catching proposed changes in the Bill include:
- The inclusion of a list of “legitimate interests” that will automatically qualify as being covered by the lawful basis in UK GDPR Article 6(e).
- Some limitations on data subject access requests, such as the possibility of refusing “vexatious or excessive” requests.
- More exemptions from the requirement to obtain consent to cookies.
- Much higher fees for breach of PECR.
The Bill will now progress through various Parliamentary stages over the coming months in order to become law.
First Publication: K&L Gates Cyber Law Watch in collaboration with Noirin McFadden & Keisha Phippen
France: New Requirements Concerning the Sale of Digital GoodsJuly 21st, 2022 | Posted by in eCommerce | France | internet | IT | Legislation - (0 Comments)
On 29 June 2022, Decree n° 2022-946 (the “Decree”) supplemented the regulatory framework resulting from the Ordinance n° 2021-1247 of 29 September 2021 on the legal warranty of conformity for goods, digital content and digital services (the “Ordinance”). Stakeholders have under 1 October 2022 to implement the following measures, aiming at protecting consumers of digital goods.
1. General information about the Ordinance
Implementing two 2019 European directives on certain aspects of contracts for the supply of digital content and digital services and contracts for the sale of goods (respectively Directives (EU) 2019/770 and 2019/771 dated 20 May 2019), the Ordinance aimed to foster the safety of consumers when purchasing both physical and digital goods and, to a lesser extent, to reduce the environmental impact of digital goods.
This Ordinance amended the French Consumer Code in depth, notably by expanding the legal warranty of conformity, which now covers digital products and services but is also applicable to both B2C as well as B2B contracts, when the latter are executed between professionals and non-professionals (i.e. legal entities acting outside of their direct professional activities).(more…)
French authority falls in line with ECJ position on general retention of metadataMarch 16th, 2022 | Posted by in France | Legislation | Press | Privacy - (0 Comments)
Quoted by Global Data Review:
Claude-Étienne Armingaud, a partner at K&L Gates in Paris, said the decision would have little impact in practice.
“The new sections adopted in July 2021 are implementing specific and targeted data retention requirements which should therefore comply with both the ECJ decisions and the Constitutional Council decision of today,” he said.
“So, if anything, it’s a tardy decision that was expected and confirmation that the Government did well to anticipate this.”
Read full article here.
United Arab Emirates – Federal Decree-Law No.(45) of 2021 on Personal Data ProtectionJanuary 2nd, 2022 | Posted by in Legislation | World - (0 Comments)
FEDERAL DECREE-LAW NO. (45) OF 2021 ON PERSONAL DATA PROTECTION
Read the full text.(more…)
🇺🇸 IAPP Data Protection Intensive France – Global Developments: CCPA and BeyondFebruary 4th, 2020 | Posted by in Conference | Data Transfer | Europe | France | internet | Legislation | Privacy | World - (0 Comments)
The California Consumer Privacy Act of 2018 (CCPA) stands to radically change the way organisations throughout the United States, and even the world, handle personal data. Coming into force on 1 January 2020, CCPA has motivated other U.S. states such as Washington and Texas to move toward having their own privacy laws. Increasingly, pressure is building in Washington, DC, to advance federal privacy legislation, both on the domestic and international scene. In addition to Japan obtaining a GDPR-adequacy recognition (followed soon by Korea and India), Brazil has adopted its General Data Protection Act (GDPA) which is heavily inspired by the EU GDPR and will come into force in August 2020. In this session, hear about the new laws and legislative initiatives, how they will change the way you do business internationally and how to get prepared.
Along with Delphine Charlot, CIPP/E, Senior Counsel, Privacy and Data Protection, Mastercard
Regulating Connected and Autonomous Vehicles – A Blueprint for an AI Legal FrameworkOctober 4th, 2019 | Posted by in Communication | Connected Cars | Ethics | Europe | France | IT | Legislation | Privacy - (0 Comments)
A French Revolution, at last?
Despite optimistic statements in 2016 on both sides of the Atlantic (in between the European Commission’s communication on connected cars for Europe, and the Obama administration’s Detroit Auto Show announcement), it would seem that some of the hype surrounding connected and autonomous vehicles (“CAVs”) faltered. One reason may be the desensitization of the general public, as the initially promised 2020 deployment is dawning without a hint of general commercial availability in sight. On the other hand, the intricacies of the regulatory frameworks at stake also hinder the development of consumer-ready offers.
More often than not, France is perceived as an administrative maze, yet may become (unexpectedly to some) a leader in the race to regulating this incoming industry. However, far more than being limited to the automotive industry, regulating CAVs will serve as the blueprint for an artificial intelligence (“AI”) legal framework.(more…)
Adequacy Agreements, Legislation and Compliance in a GDPR WorldNovember 8th, 2018 | Posted by in Data Transfer | Europe | France | Interview | Legislation | Privacy | Region - (0 Comments)
While Capitol Hill is inundated with proposed privacy legislations from the Data Breach Prevention and Compensation Act (DBPCA), the CLOUD Act and the ENCRYPT Act, organizations the world over are trying to understand how to get their own regulations deemed adequate enough to ensure the flow of business in the EU, now that GDPR is a reality.