In the ever more #digitalized society, the importance of the #information stored on the #cloud grows higher and higher. Everyone is now relying on cloud storage and sharing of information. The same is also valid to #criminals. And there are many ways for the #law enforcement authorities to #access this information.
But the real question here is “where is the #balance between the fundamental right to #privacy and the need to obtain unique #e-evidence in complex criminal cases ?”
Watch this webinar with Denitsa Kozhuharova from the Law and Internet Foundation, Pieter Gryffroy from the Belgian PrivacyRules member firm Timelex, and our top-level guest speakers from the European Court of Human Rights, the Public Prosecutor For Cybercrime of the Netherlands and the MSAB to find out more about the topic.
We are approaching the 1st anniversary of the Brazilian General Data Protection Law (LGPD). Much has changed in the Brazilian data protection landscape but there is still a long way to go towards a great level of compliance by the companies and consolidation of the work performed by the Brazilian supervisory authority (ANPD).
In this privacyespresso, Luiza Sato from ASBZ Advogados, the Brazilian member of PrivacyRules, will talk about the current LGPD awareness and the difficulties reported by the companies for the noncompliance; the top 5 topics of consultation by the clients in this first year of LGPD effectiveness; the next actions to be adopted by the ANPD; and the trends expected for this following year of the law.
This quick session includes an update on the Personal Data Protection Bill, the regulation of intermediaries and proposed regulation of M2M providers, the e-commerce business and Indian government interaction with Twitter and WhatsApp.
On 1 July 2021, Russia adopted a new law on foreign internet companies. They are required to obey the national laws, register with local authorities, accept and follow local court acts, and block certain content. By 1 January 2022, they must establish subsidiaries, representative offices, or branches in Russia.
The law sets forth an applicability test that extends the Russian jurisdiction over various types of IT companies – starting from internet giants (having more than 500,000 Russian users daily), hosting providers and ending up with any website supporting user accounts and messaging between Russian users.
Today, it can easily happen that a data protection breach involves data processing in several Member States parallelly and data subjects resident in several Member States. This can be imagined, for example, in the case of webshops, cross-border services or various processes that involve different data controllers and processors.
If a data protection incident is so serious that it needs to be reported to an authority, the question arises of which authority should be notified?
Two concepts in the GDPR help us with this, one is the supervisory authority, the other is the lead supervisory authority.
The reason for the distinction between a "simple" supervisory authority and a "lead" supervisory authority is that the GDPR has intended to create an "one-stop-shop" procedure for cross-border data processing in order to avoid parallel and competing procedures being conducted by different Member State authorities.
Watch this PrivacyEspresso with Aleksej Dubalár from the Hungarian law firm Lakatos Koves to clarify these concepts and to understand which authority you should notify in a cross country case.