Brexit planning full steam ahead? Spotlight on telecoms and media

As the 31 October 2019 deadline for the UK to leave the EU draws ever closer, uncertainty continues to remain as to whether any such departure will be accompanied by a “deal” (i.e. a version of the Withdrawal Agreement setting out arrangements for the UK’s withdrawal) or “no-deal”. Or indeed whether the October exit date will be further extended once again. Continue reading

DCMS Consults on Implementing New Rules for VSPs

As outlined in our blog post on the implementation of the AVMS directive, legislative amendments to the AVMSD were published in the EU Official Journal and entered into force on 19 December 2018 following lengthy negotiations. The reform seeks to modernise the AVMSD to reflect market consumption and technological changes, largely arising from the merging of television, internet services and the rise of on-demand content consumption. Specifically, the reform aims to align the regulatory landscape (to some extent) for emerging audiovisual media services (including video-sharing platforms or “VSPs”), enhance protections for minors and consumers, combat racial and religious hatred, and safeguard media plurality. Continue reading

Brexit, Data, Brexit

As we all continue to try to grapple with the implications of a no-deal Brexit, the last week or two has seen the publication of a few things of interest from a data protection perspective:

The EDPB’s view of data transfers in a no-deal Brexit scenario

On 12 February 2019, the European Data Protection Board (the “EDPB“) published a general information note on data transfers under the GDPR in the event of a no-deal Brexit (available here). In summary, the information note provides that organisations must comply with the GDPR when transferring personal data from the EU to the UK, which will become a “third country” for GDPR purposes (from 00.00 am CET on 30 March 2019). No new or additional safeguards are contemplated by the EDPB which effectively means that organisations must choose between:

  • Standard contractual clauses (which the EDPB acknowledges are “ready to use”);
  • Binding corporate rules;
  • Codes of conduct or certification mechanisms (although none are yet approved/available under the GDPR); or
  • Derogations such as individual explicit consent (although the EDPB emphasises that the derogations must be interpreted restrictively and mainly relate to processing activities that are occasional and non-repetitive).

For further information regarding the potential impact of a no-deal Brexit on data transfers, including an analysis of worked examples, please see our previous blog post available here.

Continue reading