On Thursday 8th October, the Privacy and Cyber Security Group held a breakfast
briefing (a "fireside chat") at Dentons' London
office where the keynote speaker was Christopher Graham, the UK
Information Commissioner. Nick Graham, Global Co-Chair of the Group
opened the session which was led by Chantal Bernier, Counsel from
Dentons Canada and former Canadian Privacy Commissioner. There was
full attendance and an engaged audience. The event covered a number
of privacy issues, not least the CJEU's decision two days
earlier that Safe Harbor is invalid.
Safe Harbor Decision: reactions
Christopher Graham provided reassurance and pragmatism in
response to the Safe Harbor ruling. He was keen to emphasise that
the message from the ICO (his office), is "don't
panic"! He does not intend to be "knee-jerking into
sudden enforcement". At the same time, he said that the ICO
"understand(s) the significance of what has happened".
"If you're using the cloud, you're concerned about
this. If you're an SME involved in transfers of information
between Europe and the U.S., you're concerned... We absolutely
understand that the ICO needs to be thoroughly engaged... We're
working hard on making sure there is a coherent, coordinated
response from the DPAs [Data Protection Authorities] to these
developments". With regards to the meeting due later that day
of the Article 29 sub-committee on transfers, he said that the ICO
will argue for a "practical response" and "will be a
voice arguing restraint".
When asked whether the decision will also impact the alternative
transfer mechanisms to Safe Harbor (i.e. Standard Contractual
Clauses and BCRs), Graham responded: "Let's not create a
drama out of a crisis, by saying, 'Oh if that's the case
for Safe Harbor that must also be the case for BCRs and Standard
Contractual Clauses. Let's not panic." He pointed out that
Safe Harbor was already in the process of being renegotiated, and
that also there are special arrangements for security services
provided in the Data Protection Directive. "The problems about
the access that security authorities claim for personal information
are there in every jurisdiction... Talk about elephants in the
room. That's one of the elephants", he said. Graham
reassured that the ICO and the other national data protection
authorities are working together and with the respective
governments towards balancing these "competing
One of key themes of the morning was the importance of national
authorities working in "effective co-ordination" and GPEN
as "leading the way as the network of networks". Graham
warned that as a result of this better co-ordination, authorities
will be "more on your case". However, he was quick to
note that enforcement is a "weapon of last resort":
"we don't get off fining people". "We want to
encourage good behaviour. You have a friend in the ICO", he
Graham announced that the ICO is currently revising its Privacy
Notices Code of Practice to take account of the mobile environment
and to steer the focus of these policies on clear language rather
than "legal speak", among other things.
Since the session, the DPAs have met with regards to Safe Harbor
and are now working on issuing guidance.
As part of the session we conducted a risk survey of the
audience to identify the main data privacy concerns currently faced
by business. Below is a graphic displaying our findings of what
respondents prioritised as most concerning.
Dentons is the world's first polycentric global law firm. A
top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm
is committed to challenging the status quo in delivering consistent
and uncompromising quality and value in new and inventive ways.
Driven to provide clients a competitive edge, and connected to the
communities where its clients want to do business, Dentons knows
that understanding local cultures is crucial to successfully
completing a deal, resolving a dispute or solving a business
challenge. Now the world's largest law firm, Dentons'
global team builds agile, tailored solutions to meet the local,
national and global needs of private and public clients of any size
in more than 125 locations serving 50-plus countries.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
L’evento, organizzato in collaborazione con AIGI, Associazione Italiana Giuristi d’Impresa, approfondirà le novità del Decreto Legislativo n. 3/2017, entrato in vigore lo scorso 3 febbraio, che recepisce la Direttiva 2014/104/UE sul private enforcement.
Cosa cambia in concreto con la nuova disciplina in materia di azioni di risarcimento del danno derivante da intese anticoncorrenziali ed abusi di posizione dominante? Quali sono i rischi e le opportunità per le imprese?
Ne discuteranno i nostri partner Sara Biglieri e Michele Carpagnano con uno straordinario panel di giuristi d’impresa.
Daniel Vázquez, head of the environmental law department in the Madrid office, will be a speaker in the Aqua Energy Forum that will take place in Madrid from the 23th to the 24th of March. This Conference will give voice to the best specialists, creating a forum for discussion of special interest to professionals in the energy and environmental sectors.
Amongst the attendees there will be CEOs, managers and technicians from: companies which activity consist in either supplying, distributing, sanitizing or reusing energy, gas and water; associations and organizations related to water management; equipment manufacturers; companies developing their activity in the reuse, desalination and renewable energy segments; companies interested in the sustainable development objectives; Start-ups dedicated to this sector and NGOs.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).