With COVID-19 officially declared a pandemic by the World Health Organization, European governments and companies, facing unprecedented challenges, are encouraging their employees to work from home, protect their health and support government measures. Through these difficult times, it remains extremely important for European companies to take swift action, follow up on their projects on a daily basis and to ensure that data security and privacy protection measures are in place and are strictly monitored by professionals at all times. Privacy and data protection violations during COVID-19 times cannot be justified and may be investigated by the data protection authorities, whether it be during or after the crisis.
(more…)COVID-19: European Business Continuity While Mitigating Data Protection and Security Challenges From a Distance
March 31st, 2020 | Posted by in Europe | Privacy - (0 Comments)IAPP Data Protection Intensive France #DPI20
February 13th, 2020 | Posted by in Communication | Conference | Europe | France | Privacy | World - (0 Comments)Les 12 et 13 février 2020, l’IAPP organise sa conférence “Data Protection Intensive: France” — retrouvez nous lors du panel “Global Developments: CCPA and Beyond” avec Delphine Charlot de Mastercard et les meilleurs moments ci-dessous:
(more…)🇺🇸 IAPP Data Protection Intensive France – Global Developments: CCPA and Beyond
February 4th, 2020 | Posted by in Conference | Data Transfer | Europe | France | internet | Legislation | Privacy | World - (0 Comments)The California Consumer Privacy Act of 2018 (CCPA) stands to radically change the way organisations throughout the United States, and even the world, handle personal data. Coming into force on 1 January 2020, CCPA has motivated other U.S. states such as Washington and Texas to move toward having their own privacy laws. Increasingly, pressure is building in Washington, DC, to advance federal privacy legislation, both on the domestic and international scene. In addition to Japan obtaining a GDPR-adequacy recognition (followed soon by Korea and India), Brazil has adopted its General Data Protection Act (GDPA) which is heavily inspired by the EU GDPR and will come into force in August 2020. In this session, hear about the new laws and legislative initiatives, how they will change the way you do business internationally and how to get prepared.
Along with Delphine Charlot, CIPP/E, Senior Counsel, Privacy and Data Protection, Mastercard
The Privacist – Volume 1
October 8th, 2019 | Posted by in Communication | Europe | France | Press | Privacy - (0 Comments)Brexit: Deal Or No-Deal? Data is the Question
With the Brexit deadline looming ahead on 31 October 2019, the situation seemingly reaches new levels of uncertainty every day. Last week, the U.K. Supreme Court’s eleven judges unanimously ruled that Prime Minister Boris Johnson’s decision on 9 September 2019, to prorogue Parliament was “unlawful and void.” Parliament will therefore carry on its Brexit discussions…with now only thirty days left to finalise a deal. Although Parliament, while still in session, passed a law to extend the Brexit deadline, such an extension would still require approval by the EU.
So how should companies prepare, on either side of the Channel (and beyond), in the coming months for the more-likely-by-the-day-scenario of No-Deal?
(more…)Regulating Connected and Autonomous Vehicles – A Blueprint for an AI Legal Framework
October 4th, 2019 | Posted by in Communication | Connected Cars | Ethics | Europe | France | IT | Legislation | Privacy - (0 Comments)A French Revolution, at last?
Despite optimistic statements in 2016 on both sides of the Atlantic (in between the European Commission’s communication on connected cars for Europe, and the Obama administration’s Detroit Auto Show announcement), it would seem that some of the hype surrounding connected and autonomous vehicles (“CAVs”) faltered. One reason may be the desensitization of the general public, as the initially promised 2020 deployment is dawning without a hint of general commercial availability in sight. On the other hand, the intricacies of the regulatory frameworks at stake also hinder the development of consumer-ready offers.
More often than not, France is perceived as an administrative maze, yet may become (unexpectedly to some) a leader in the race to regulating this incoming industry. However, far more than being limited to the automotive industry, regulating CAVs will serve as the blueprint for an artificial intelligence (“AI”) legal framework.
(more…)Successfully extracting the full potential from your data through optimal use of AI, 2nd Artificial Intelligence in Corporate Counsel & Law Practice, TBM Group
June 13th, 2019 | Posted by in Artificial Intelligence | Conference | Ethics | Europe | France | IT | Non classé - (0 Comments)Italy: Legal Recognition of Blockchain-based Timestamping
June 1st, 2019 | Posted by in Blockchain | Europe | Trusted Services and eSignature - (0 Comments)Italian law no.12/19 dated 11 January 2019 (the “Law”) came into force on 13 February 2019 and cemented the legal enforceability of electronic timestamping performed through blockchain technologies.
(more…)GDPR – New Guidelines on Territorial Scope
November 26th, 2018 | Posted by in Europe | Privacy - (0 Comments)On 23 November 2018, the European Data Protection Board (“EDPB”) – the gathering of all European Union (EU) data protection authorities – adopted new draft guidelines on territorial scope of the General Data Protection Regulation (“GDPR” – external source). The EDPB was previously known as the Article 29 Working Party.
The long awaited guidelines (“Guidelines”, available here) provide a common interpretation on the scope of application of the GDPR. Its territorial scope, laid down in Article 3 GDPR, states that GDPR applies to:
- any EU-based controller or processor processing personal data in the context of its activities (Article 3.1 GDPR); or
- any non-EU-based controller or processor processing personal data of EU residents in connection with either:
- the offer of goods or services (Article 3.2.a GDPR); or
- the monitoring of their behavior taking place in the EU (Article 3.2.b GDPR).
The Guidelines provide clarification for both EU and non-EU based companies to assess whether all or parts of their activities would fall under the scope of the GDPR and to what extent they would be subject to the application of the GDPR.
Notably, the Guidelines clarified aspects which had been subject to controversy or misinterpretation in the six months since GDPR’s entry into force, such as:
- A non-EU controller using an EU processor for activities outside of the EU not targeting EU residents does not have to comply with GDPR. An EU processor will be subject to the relevant GDPR provisions directly applicable to data processors;
- The irrelevancy of the “targeting” criterion when considering applicability of the GDPR to monitoring activities; and
- Citizenship, established residency or other type of legal status of the data subject is irrelevant to determine the application of the targeting criterion.
Moreover, the Guidelines also clarified the criteria of the appointment of an EU representative defined in Article 27 GDPR for non-EU controllers and processors.
The Guidelines will still be subject to a public consultation before being revised and ultimately adopted in a final version.
K&L Gates’ Data Protection team remains at your disposal to assist you in the completion of your contributions, which will need to be submitted before 18 January 2019.
Blockchain & Data Protection: Trustless Should Not Mean Distrusted!
November 8th, 2018 | Posted by in Blockchain | Europe | France | IT | Privacy - (0 Comments)Amidst the international tidal wave caused by the entry into force of the EU General Data Protection Regulation (“GDPR”) in May 2018, many half, or even false truths have been spread about hindrance on a global scale of innovative technologies. However, we must keep in mind that Europe has adopted a long-standing position of technology-neutral regulations and data protection is no exception.
Indeed, from a GDPR perspective, no technology would be prohibited or regulated by nature – only its application to a specific purpose may be regulated, inasmuch as it involves personal data -whether relating to the participants and miners or the payload data itself- and falls within its broad geographical scope (see our previous Alert for more details).
(more…)
Adequacy Agreements, Legislation and Compliance in a GDPR World
November 8th, 2018 | Posted by in Data Transfer | Europe | France | Interview | Legislation | Privacy | Region - (0 Comments)While Capitol Hill is inundated with proposed privacy legislations from the Data Breach Prevention and Compensation Act (DBPCA), the CLOUD Act and the ENCRYPT Act, organizations the world over are trying to understand how to get their own regulations deemed adequate enough to ensure the flow of business in the EU, now that GDPR is a reality.
(more…)