When precisely is a data controller lawfully permitted to process personal data?
If a data controller does not have the consent of a data subject to process his or her data, when does the “legitimate interest”...more
Much has been said about the EU "Cookie" laws introduced by an amendment to the Privacy and Electronic Communications Directive in 2011. Companies with European customers (including those in the US) have grappled with the...more
It is difficult to recall a time when the issue of personal data transfers from the European Economic Area ("EEA") has been as widely and hotly debated as it has over the past year or so. Significant movements during the past...more
Whilst regulatory action by the U.K. Information Commissioner’s Of?ce (‘‘ICO’’) is relatively commonplace and well reported following data breaches, particularly since the ICO was granted powers to issue on the spot ?nes for...more
It has been said for some time that data is the new oil, but many global organizations continue to struggle to comply with regulatory requirements when it comes to the exploitation of this valuable resource....more
What exactly is the '"best" solution for an international business needing to handle and transfer personal data across borders?
This has become an increasingly important and common question as business becomes more...more
One of the issues that distinguishes U.S. law from English law is the concept of an implied contractual duty of good faith. While U.S. law has embraced this concept, it was believed that English law had not. However, as a...more
In a further push towards “privacy by design,” the Article 29 Working Party, which is made up of representatives from the various EU data protection authorities, has recently approved the use of Binding Corporate Rules...more
On 1 January 2013, over 4 years after the idea was first discussed, new Binding Corporate Rules (BCRs) for data processors were launched following a meeting of European data protection authorities....more