The German FCO/Facebook decision: implications for data privacy regulation

The German competition authority, the Federal Cartel Office (“FCO“) last week announced the results of its investigation into Facebook for a novel abuse of dominance involving consent for its data collection. Whilst the full decision is not yet public, the FCO has published a background paper here. In short, the FCO found that Facebook had a dominant position in the German market for social networks, and abused this with its data collection policy. The FCO did not impose a fine on Facebook, but has instead required Facebook in the future to only use data from non-Facebook sources where it has users’ voluntary consent, the withholding of which cannot be used to deny access to Facebook. Facebook has announced that it will appeal. Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, Enforcement, News, Uncategorized

Brexit and its impact on international transfers of personal data

Miriam Everett, Head of the Data Protection and Privacy group at Herbert Smith Freehills, has been working with the LexisNexis Data Protection Intelligence Group to publish a paper on Brexit and international personal data transfers: Practical approaches for the private sector in a time of uncertainty.

The paper explores how potential new international transfer restrictions (between the UK and EEA) may apply in a variety of worked examples and in the event of different Brexit outcomes. It also outlines, with practical examples, the steps that businesses may want to take to continue personal data transfers post-Brexit.

As we approach the exit date, organisations are having to critically assess international data transfers and evaluate how to legitimise such transfers in a post-Brexit world. This paper is the first of its kind (as far as the group is aware) to give detailed worked examples of how available compliance solutions could be applied to both GDPR and UK GDPR regulation.

Click here to read the full paper.

Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Extra-territoriality, GDPR

Happy International Data Privacy Day!

January 28th is International Data Privacy Day, which is celebrated internationally each year. It exists to promote awareness about the importance of respecting privacy, safeguarding data and enabling trust.

Continue reading

Leave a Comment

Filed under Data Protection

Japan Adequacy Decision Adopted by the EU Commission

On 23 January 2019, the EU Commission adopted a decision confirming the adequacy of Japanese data protection laws for the purpose of transferring personal data from the EU to Japan in compliance with the international data transfer restrictions set out in Chapter V of the GDPR. Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, Extra-territoriality

Cyberattack on German Public Figures Leads To One of Germany’s Largest Data Breaches

Last week, it was announced that during December 2018 almost one thousand German public figures, including journalists and a number of prominent politicians including the Chancellor and President, were the subject of one of Germany’s largest data breaches. The leaked data included contacts, private chats, credit card details and other financial details of figures from many of the major German political parties. The German interior ministry have since stated that there is no evidence that government systems or data have been compromised in the cyberattack. Continue reading

Leave a Comment

Filed under Data breach, Data subject rights, Enforcement

Data Protection Predictions 2019

2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for data protection and privacy? This article sets out some predictions for further data protection developments in the year to come. Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Enforcement, ePrivacy, GDPR, Guidance, Uncategorized

UK Government note clarifies “no deal” and data protection

The UK Government has published a “no deal” note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance will be published in the next few weeks but, in the meantime, it clarifies at a high level a number of key issues for organisations both within the UK and outside but doing business with the UK.

Continue reading

Leave a Comment

Filed under Brexit, Contractual clauses, Data Protection, Extra-territoriality, GDPR, Guidance

March deadline approaches in call for views on government cyber security skills stategy

The UK Government recently launched a Call for Views on its Initial National Cyber Security Skills Strategy. The closing date for stakeholder responses is 1 March 2019, with the final strategy document expected to be published late in 2019. Continue reading

Leave a Comment

Filed under Brexit, Cyber Security

Online advertisers face French data probe

Earlier this year, the French Competition Authority (“FCA“) published the results of its 2-year inquiry into the online advertising sector, identifying competition concerns in the sector. The inquiry concluded that two major global players hold “overwhelming” market power and generated almost 90% of the online advertising industry’s growth in 2017.

The head of the FCA, Isabelle de Silva, has now confirmed that the FCA will be launching a probe into the collection of data by companies and whether such data were accessible by others. She declined to name the companies under investigation, although has explained that the focus will be on companies that are defined by their access to and use of data.

Regardless of the subjects of the new investigation, its very existence highlights an increasing trend of regulatory scrutiny with respect to data. In a year that has seen a significant focus on personal data and privacy as a result of the implementation of the GDPR across Europe, this latest investigation shows that it is not just the data privacy regulators who are interested in the impact that data has. Continue reading

Leave a Comment

Filed under Data Protection, Data subject rights, Marketing

New Mirai based malware variants – BrickerBot and a Bitcoin miner

The Mirai malware gained its infamy in October 2016 following its record breaking attack on systems operated by domain name system provider Dyn, using unsecured Internet of Things (“IoT“) enabled “smart” devices (such as CCTV recorders, webcams and routers). It resulted in the widely reported outage of Twitter, Netflix, Spotify and Airbnb, amongst others.

Mirai is highly effective as it targets devices which often run unattended, do not have anti-virus installed, and have no external visual indication that they have been compromised. Mirai works by systematically trying the 62 most common default username/password combinations against the Telnet/SSH port of internet connected devices in an attempt to gain administrative access to the device. Whilst simple, the sheer number of vulnerable devices on the internet means that “botmasters” (the creators and controllers of the collections of compromised computers and IoT devices (each a bot and together a botnet)) have been able to create and sustain botnets containing up to 100,000 devices. Botmasters are then able to sell the use of their botnets online to the highest bidder for use in, for example, Distributed Denial of Service attacks against specific targets (e.g. Dyn). Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection, Uncategorized