Cynthia O'Donoghue

Cynthia O'Donoghue

Reed Smith

Contact  |  View Bio  |  RSS

Latest Publications


Indonesia publishes data protection rule aimed at government agencies

On 14 July 2015, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (‘Draft Regulation’). Pursuant to...more

10/2/2015 - Bank Indonesia Data Privacy Data Protection Data Security Digital Communications Draft Guidance Financial Services Authority Government Agencies Indonesia Information Technology Ministry of Health Personal Data Personally Identifiable Information Proposed Regulation

EU Court Ruling on Safe Harbor Expected 6 October

Last week we blogged about the game-changing ECJ Advocate General recommendation that the court was to find the U.S.-EU Safe Harbor program invalid. It was anticipated that the court would not issue judgment for several...more

9/30/2015 - Advocate General Binding Corporate Rules Data Privacy Data Security EU EU Data Protection Laws European Commission European Court of Justice International Data Transfers Personal Data Umbrella Agreement US-EU Safe Harbor Framework

Safe Harbor Invalid! Will the ECJ follow the Advocate General recommendation?

Advocate General Yves Bot today delivered an opinion recommending that the European Court of Justice (ECJ) find the U.S.-EU Safe Harbor Program invalid. His opinion, while non-binding, relates to a request for a preliminary...more

9/24/2015 - Advocate General Binding Corporate Rules Cybersecurity Data Privacy Data Protection Data Protection Authority Data Security EU EU Data Protection Laws European Court of Justice International Data Transfers NSA Personal Data US-EU Safe Harbor Framework

EU Data Protection Reforms: ICO Critiques Council Draft Regulation Over Consent, Access Rights, EU v. Member State Balance of...

With the EU Data Protection “reform train” rounding what is hopefully the final bend towards the summit of consensus, the UK ICO have published their latest analysis on the Council’s draft EU Data Protection Regulation. The...more

9/23/2015 - Consent Data Controller Data Privacy Data Protection Data Security EU EU Council of Ministers EU Data Protection Laws European Commission Online Safety for Children Parental Consent Personal Data Personally Identifiable Information Popular Proposed Regulation UK

Data Subject Access Requests – Stick to What’s Reasonable, Proportionate, and Has the Proper Motive, Says UK Court

In August, the High Court, in Dawson-Damer & Ors v Taylor Wessing [2015] EWHC 2366 (Ch), refused an application to compel a UK law firm (“TW”) to comply with a data subject access request (“DSAR”) under the Data Protection...more

9/10/2015 - Attorney-Client Privilege Discovery Personal Data Proportionality Reasonableness Factors UK UK Data Protection Act

UK first: right-to-be-forgotten notice issued against Google Inc.

The UK’s Information Commissioner’s Office (‘ICO’) has published what appears to be its first public enforcement notice based upon “the right to be forgotten” against Google Inc. The “right to be forgotten” was introduced by...more

9/3/2015 - Data Privacy Enforcement Actions Google ICO Right to Be Forgotten Right to Privacy Search Engines Takedown Notices UK

Data Localisation Law – clarifications published with one month to go…

Just one month before the new Data Localisation Law (‘the law’) is due to come into force, the Russian Ministry of Communications has published its long-awaited clarifications (in Russian) to the new law....more

9/2/2015 - Data Collection Data Localisation Law Data Privacy Data Protection Data Storage Providers New Legislation Personal Data Personally Identifiable Information Russia

ENISA, European cybersecurity agency, releases 2014 annual activity report

On July 28, the European Union Agency for Network and Information Security (ENISA) published its Annual Activity Report 2014. The report summarises its operations and programs from the previous year, and highlights the areas...more

9/2/2015 - Cyber Attacks Cyber Threats Cybersecurity Data Protection Data Security ENISA EU

Privacy in financial markets, not to be ignored

The Article 29 Working Party published a letter it sent to the European Commission urging it to consider the data protection and privacy issues when adopting the secondary regulations (‘Regulations’) necessary to implement...more

8/31/2015 - Article 29 Working Group Confidentiality Cybersecurity Data Controller Data Privacy Data Protection Data Retention Data Security Electronic Communications EU European Commission Financial Services Industry MiFID Personal Data Personally Identifiable Information Proportionality Proposed Regulation

Brazil’s proposed privacy laws raise public concern

The Brazilian government’s proposal for Brazil’s first data protection framework (‘the Proposal’) hit a stumbling block after major concerns were raised in public comments. After the public consultation period ended,...more

8/28/2015 - Brazil Consent Data Privacy Data Processors Data Protection Data Protection Authority Data Retention Data Security International Data Transfers Personal Data Popular Public Comment

Hong Kong Commissioner upgrades rules for processing biometric data

The Hong Kong Commissioner has published guidance (‘Guidance’) to assist data users in complying with Hong Kong’s privacy laws when processing biometric data, and takes a broader approach than previous guidance dealing with...more

8/28/2015 - Biometric Data Hong Kong New Guidance Personal Data Privacy Laws

Hungary accepts use of BCRs as part of recent data protection law changes

On 6 July 2015, the Hungarian Parliament adopted several amendments (‘Amendments’) to Act CXII 2011 on the Right of Informational Self-Determination and the Freedom of Information (‘Data Protection Act’). The Amendments,...more

8/25/2015 - Amended Legislation Binding Corporate Rules Data Breach Data Privacy Data Processors Data Protection Data Protection Authority Data Security Enforcement Actions Fines Hungary

South Korea introduces further data protection breach penalties to encourage compliance, and issues mobile app guidance

Ever since January 2014, when South Korea’s credit card industry lost huge amounts of customer data during a data breach, the South Korean government has been gradually announcing stricter penalties for those who run afoul of...more

8/21/2015 - Compliance Customer Lists Data Breach Data Protection Mobile Apps New Guidance Penalties Personally Identifiable Information South Korea Treble Damages

Chinese Appeal Court Provides Ruling for Lawful Use of Cookies

In May, the Intermediate People’s Court of Nanjing City, Jiangsu Province, published its civil judgment ruling that the search engine Baidu’s use of cookies, used to personalise advertisements aimed at consumers when they...more

8/18/2015 - Advertising Appeals China Cookies Privacy Policy Right to Privacy Search Engines Third-Party Service Provider Websites

EU antitrust authorities to take value of personal data into consideration when reviewing digital markets in merger and antitrust...

In an interview on 9 April 2015, European Competition Commissioner Margrethe Vestager indicated that companies who control personal data could come under increased scrutiny from European antitrust authorities. She recognises...more

4/16/2015 - Antitrust Division Big Data Data Controller EU Strategic Enforcement Plan

South Korea Strengthens Security Measures for Personal Information

South Korea’s Ministry of Government Administration and Home Affairs issued an amended version of the Standards of Personal Information Security Measures (the ‘Standards’). These Standards seek to close loopholes and...more

4/9/2015 - Cybersecurity Data Protection Mobile Devices Popular South Korea

Italy Releases Draft Declaration of Internet Rights

Italy’s Chamber of Deputies has proposed a ‘Draft Declaration of Internet Rights’ (Declaration), acknowledging both the way in which the internet has changed interactions and the way it has erased borders, but also noting...more

4/1/2015 - Declaration EU EU Data Protection Laws Italy

Enforced subject access requests now a criminal offence in the UK

In September 2014 we reported on the UK’s intention to stamp out a practice commonly known as “enforced subject access requests”. This concerned the previously dormant section 56 of the UK Data Protection Act 1998 (‘DPA’),...more

3/19/2015 - Criminal Background Checks Criminal Prosecution UK

Ofgem's Smart Meter Network Decision: UK gas and electricity consumer privacy gets broader protection

In February 2015, Ofgem (the UK’s Office of Gas and Electricity Markets) published its Decision on Extending the Smart Meter Framework to Remote Meters (the Decision). This confirms that, following a public consultation, the...more

3/11/2015 - Climate Change Ofgem Oil & Gas Privacy Laws UK

FCA publishes Memorandum of Understanding between the FCA and ICO

On 28 January 2015, the Financial Conduct Authority (FCA) published the Memorandum of Understanding (MoU) which it entered into with the Information Commissioner’s Office (ICO) (dated 29 September 2014)....more

3/6/2015 - Financial Conduct Authority FSMA ICO Information Sharing Memorandum of Understanding

NGOs may rely on UK's Journalism Exemption

The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption...more

3/6/2015 - Exemptions Journalism NGOs UK UK Data Protection Act

PCI Security Standards Council Announces Revisions to the use of SSL

The Payment Card Industry (PCI) Security Standards Council has released a bulletin on impending revisions to version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard...more

3/6/2015 - Cybersecurity Debit and Credit Card Transactions NIST PCI-DSS Standard Personally Identifiable Information

Article 29 Working Party issues its Cookie Sweep Combined Analysis - Report

On 3 February, the Article 29 Data Protection Working Party published its ‘Cookie Sweep Combined Analysis – Report’. The sweep was undertaken by the WP29 in partnership with eight of the European data protection regulators,...more

2/27/2015 - Cookies Data Collection EU Internet Media Right to Privacy Websites

South Korean Communications Commission Releases Guidelines on Data Protection for Big Data

In December 2014, the Korea Communications Commission (KCC) released the“Big Data Guidelines for Data Protection” (Guidelines). Aimed at Information and Communications Service Providers (ICSPs), they are designed to prevent...more

2/24/2015 - Big Data Data Breach Data Protection Personally Identifiable Information Privacy Policy South Korea

China's State Administration for Industry and Commerce Releases Measures Defining Consumer Personal Information

In January, China’s State Administration for Industry and Commerce (SAIC) released its ‘Measures on Penalties for Infringing Upon the Rights and Interests of Consumers’ (Measures) which are due to take effect March 15, 2015....more

2/24/2015 - China Data Collection Data Protection Personally Identifiable Information SAIC

60 Results
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.