Cynthia O'Donoghue

Cynthia O'Donoghue

Reed Smith

Contact  |  View Bio  |  RSS

Latest Publications


CJEU says dynamic IP addresses can constitute personal data

The Court of Justice of the European Union (“CJEU”) has ruled that dynamic IP addresses can constitute personal data. Dynamic IP addresses, registered by a website provider when an individual accesses its website, shall...more

10/27/2016 - CJEU Data Protection EU General Data Protection Regulation (GDPR) Internet Service Providers (ISPs) IP Addresses Personal Data Websites

In the age of Big Data, the EDPS issues an Opinion on enforcement and upholding fundamental rights

The European Data Protection Supervisor (“EDPS”) issued an Opinion on coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and...more

10/13/2016 - Big Data Cybersecurity Data Protection Digital Single Market EDPS Enforcement EU Mergers Personal Data Popular

Does Brexit mean Brexit for data protection in the UK?

Three months on from the landmark Brexit vote 23 June, the Information Commissioner’s Office is setting out its position regarding data protection laws in a post-Brexit UK. Elizabeth Denham, the new Information Commissioner,...more

10/5/2016 - Data Protection EU Facebook General Data Protection Regulation (GDPR) Intellectual Property Protection Member State Referendums UK UK Brexit WhatsApp

A supply of software can be a sale of goods

The High Court held, in The Software Incubator v Computer Associates [2016] EWHC 1587 (QB), that a supply of commoditised software is a sale of goods for the purposes of the Commercial Agents (Council Directive) Regulations...more

9/16/2016 - Sale of Goods Act (SOGA) Software

The Effect of Brexit on Cyber Security: A National Response to an International Threat?

As the risk of cyber attacks respects no borders, a cohesive and harmonised EU-level approach to cyber security is appropriate. It is therefore understandable that UK organisations have questions following the recent...more

9/2/2016 - Cyber Attacks Cybersecurity Data Protection Acts EU European Commission Member State OFCOM Outsourcing Popular Referendums Treaty of Lisbon UK UK Brexit

ICO Reminds Organisations of EU-U.S. Personal Data Transfer Obligations

The Interim Deputy Commissioner at the Information Commissioner’s Office (“ICO”), Steve Wood, has published a blog reminding organisations of their obligations when transferring personal data to the United States, pursuant to...more

8/25/2016 - Article 29 Working Party (WP29) Binding Contractual Rules Data Protection Acts EU EU-US Privacy Shield ICO International Data Transfers Model Clauses Personal Data U.S. Commerce Department UK Data Protection Act US-EU Safe Harbor Framework

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications...more

8/15/2016 - Confidential Information Data Breach ePrivacy Directive EU EU Data Protection Laws European Commission General Data Protection Regulation (GDPR) ICO Opt-In UK

High Court Permits University’s Contravention of Its Own Privacy Policy

The High Court in Bangura v Loughborough University [2016] EWHC 1503 (QB) ruled 19 May that Loughborough University acted lawfully under the Data Protection Act 1998 (“DPA”) in supplying Leicestershire Police with the...more

8/12/2016 - Criminal Investigations Data Protection Personal Data Privacy Policy Rape Sexual Assault Students UK UK Data Protection Act

“Battle-ready” Privacy Shield gets muted welcome from EU data protection authorities

On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month. After praising the...more

7/28/2016 - Article 29 Working Party (WP29) Binding Corporate Rules Data Controller Data Processors Data Protection Authority EU EU-US Privacy Shield European Commission International Data Transfers Ombudsman Personal Data Surveillance U.S. Commerce Department

European Commission Publishes Communication on Cybersecurity

On 5 July, the European Commission (“EC”) published a communication outlining measures to improve resilience to cyber incidents, improve cooperation and information sharing, and promote innovation and competition in the...more

7/20/2016 - Critical Infrastructure Sectors Cyber Attacks Cybersecurity ENISA EU European Commission Information Sharing Member State NIS Directive

Electronic Signature Regulation Now Effective

Tasked with harmonising the disparate member state legislation that implemented the eSignatures Directive (Directive 1999/93/EC), Regulation (EU) N°910/2014 (the “eIDAS” Regulation) became effective 1 July this year. The...more

7/20/2016 - Authentication Certificate of Authority Digital Signature Standards Digital Single Market E-Signatures EU EU Directive FinTech Mobile Devices Mobile Health Apps Personal Data

Practical Cybersecurity Guidance from TheCityUK and Marsh

TheCityUK and Marsh have jointly published a report urging UK financial and related professional services sectors to step up their efforts to address cyber risk. The report (headed “Cyber and the City”) suggests that...more

7/19/2016 - Board of Directors Counterparty Risk Cyber Attacks Cyber Insurance Cyber Threats Cybersecurity Financial Services Industry New Guidance Reputational Injury Risk Management UK

Brexit: Baroness Neville-Rolfe on Data Implications

At the beginning of July, Baroness Neville-Rolfe gave a speech at the annual Privacy Laws & Business conference, outlining the government’s stance on the implications of Brexit for a range of data issues including the GDPR,...more

7/18/2016 - Cybersecurity Data Protection EU General Data Protection Regulation (GDPR) ICO International Data Transfers Internet of Things Personal Data Proposed Legislation UK UK Brexit

CJEU Attorney General Opinion Seeks to Restrict the Interpretation of ‘Establishment’

In June, the Attorney General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued his opinion (English translation pending) in the case of Verein für Konsumenteninformation v Amazon EU Sàrl (Case C-191/15)....more

7/15/2016 - Amazon CJEU Data Controller Data Processors EU EU Data Protection Laws Member State Personal Data Principle Place of Business

EU-U.S. Data Privacy Shield adopted – a phoenix rising from the ashes of Safe Harbour?

The EU-U.S. Privacy Shield has been adopted by the European Commission. On 12 July 2016, following a positive vote from the member states (the Article 31 Committee) on 8 July, the EU College of Commissioners formally adopted...more

7/15/2016 - Article 29 Working Party (WP29) Data Retention EU EU-US Privacy Shield European Commission International Data Transfers Ombudsman Personal Data Popular Schrems v Data Protection Commissioner Self-Certification Standard Contractual Clauses Surveillance U.S. Commerce Department US-EU Safe Harbor Framework

Trade Secrets Directive Adopted by the European Council

Almost three years after its initial proposal, the Trade Secrets Directive has been formally adopted by the European Council and published in the Official Journal on 15 June (2016/943/EU). Member states will have until 9 June...more

7/6/2016 - Confidential Information EU EU Council of Ministers EU Trade Secrets Directive Free Speech Intellectual Property Protection Journalists Remedies Trade Secrets UK Whistleblowers

Draft Privacy Guidelines for Mobile Health App Developers Published

Mobile health or ‘mHealth’ applications commonly raise complex privacy issues as a result of processing large amounts of sensitive personal data. Following the publication of its Green Paper on the topic in 2014, the European...more

7/6/2016 - App Developers Draft Guidance EU EU Data Protection Laws European Commission General Data Protection Regulation (GDPR) Mobile Health Apps Personal Data

What Brexit Means for Data Protection

For global pharmaceutical and medical device companies handling personal data in the European Union (EU) or engaged in transatlantic data transfers, some of the many questions created by the Brexit vote include what its...more

7/6/2016 - EU EU-US Privacy Shield General Data Protection Regulation (GDPR) ICO International Data Transfers Manufacturers Medical Devices Personal Data Pharmaceutical Industry UK UK Brexit UK Data Protection Act

Data Protection in a Post-Brexit Landscape

The United Kingdom’s vote to leave the European Union coincides with a seismic change in data protection law. Once Article 50 of the Lisbon Treaty is invoked, there will be a period of two years to complete negotiations and...more

6/29/2016 - Article 50 Treaty of the EU Data Controller EU EU-US Privacy Shield General Data Protection Regulation (GDPR) ICO International Data Transfers Personal Data Popular Treaty of Lisbon UK UK Brexit UK Data Protection Act

Unprecedented High Court Decision Orders the Destruction of Confidential Information on the Defendants’ Computers

The High Court in Arthur J. Gallagher Services (UK) Limited and others v Skriptchenkov and others [2016] EWHC 603, granted 11 February a mandatory injunction ordering the inspection and imaging of electronic devices and...more

6/21/2016 - Confidential Information Document Destruction Electronically Stored Information Former Employee Intellectual Property Protection Misappropriation Trade Secrets UK

German Data Protection Authority fines companies for transferring data to the United States

Following the CJEU’s judgment of October 2015 invalidating the European Commission’s Safe Harbor Decision, the Data Protection Authority Hamburg (“DPA Hamburg“) started investigations against 35 internationally operating...more

6/9/2016 - Article 29 Working Party (WP29) Data Protection Authority Fines Germany International Data Transfers Personal Data Popular Standard Contractual Clauses US-EU Safe Harbor Framework

UK relies on EU Treaty exception to avoid “anti-FISA” data transfers clause in European General Data Protection Regulation...

In a written statement to Parliament, Baroness Neville-Rolfe confirmed the UK Government’s view that the Treaty on the Functioning of the European Union (“TFEU”) means that Article 48 of the GDPR does not apply to the UK....more

5/25/2016 - Edward Snowden EU Foreign Intelligence Surveillance Act General Data Protection Regulation (GDPR) International Data Transfers Opt-In Personal Data Surveillance TFEU UK

Cyber Security Takes Centre Stage in UK Government’s Strategy

The UK Department for Culture, Media and Sport recently released a statement on cyber security, in which it urged businesses to take better care to protect against cyber criminals. This statement follows publication of its...more

5/25/2016 - Cyber Attacks Cyber Crimes Cyber Threats Cybersecurity Data Breach Data Breach Plans Data Protection UK

The Network and Information Security Directive: Serious Cyber Attacks Will Require Notification

The Council of the European Union adopted the EU Network and Information Security (NIS) Directive (the ‘Directive’) 17 May, ready for final adoption by the European Parliament. The Directive, initially proposed in 2013, has...more

5/23/2016 - Critical Infrastructure Sectors Cyber Attacks Cyber Incident Reporting Cyber Threats Cybersecurity Data Breach Digital Service Providers EU EU Council of Ministers General Data Protection Regulation (GDPR) Member State New Legislation NIS Directive Notice Requirements

139 Results
View per page
Page: of 6

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.