After almost 3 years with General Data Protection Regulation, there is still big uncertainty among businesses regarding its particular obligations in case of a data breach. Under the GDPR, any incident resulting in the destruction, loss, alteration or disclosure of personal data is a data breach and its occurrence triggers the controller’s obligation to examine the breach and, in some cases, to notify Data Protection Authority (DPA) and inform data subjects whose personal data the breach concerned. In case the breach poses risks to data subjects (of a monetary loss or physical harm) the controller is obliged to notify the DPA within 72 hours. In addition, in case the risks identified by the controller are particularly high, it is also necessary to inform the data subjects.

Recently Polish DPA issued decisions regarding the data breach notifications which were quite controversial. As an example, in one of the cases the scale of the breach was quite insignificant (mail send by mistake to wrong receiver). The company identified the incident as data breach, however, with no risk to data subject identified, it decided not to notify the DPA. The conclusion reached by the DPA (after the proceeding initiated by the e-mail receiver) was different – it found that not only the breach posed risk to data subjects but that the risk was high and that also the data subject should have been notified.

During the espresso, our Polish expert, Karolina Miksa from WKB lawyers in Poland, will provide more details about the Polish cases and discuss, if, to avoid sanctions, the companies should consider to notify any data breaches to the DPA.

Listen to the podcast version of this espresso here

From 1 January 2021, Russia-based employers must comply with new requirements regarding their remote employees. In this video Nikita Maltsev from Gorodissky & Partners highlights some of the new requirements regarding remote work conditions, namely: (1) types of remote work, (2) documents exchange, (3) provision of necessary equipment, (4) new grounds for dismissal.

For more information please read the article “HOME SWEET HOME – NEW REMOTE WORKING LAW ADOPTED” from Gorodissky & Partners here: https://www.gorodissky.com/publications/articles/home-sweet-home-new-remote-working-law-adopted/

The Accountability principle does not exist in the EU and GDPR only. Other relevant regulations, such as the Colombian law, take this principle in great consideration and it is not recommended to apply it in its EU interpretation.

So how should it be implemented in Colombia, also regarding the size of an organization?

Listen to this privacy espresso with Stella Sofia Vanegas and Angela Maria Noguera from Vanegas Morales Consultores to learn our country experts' considerations, starting from the role of the companies' board of directors to the one of every single employee!

We analyzed with José Leitão, privacy expert from MdME Lawyers in Macau, the recent MDPO decision and fines in excess of MOP,000,000.00 (more than EUR100,000.00) due to out of purpose usage of data and its implications to data controllers in Macau.

Learn more on what happened and how to avoid such fines in this privacy espresso!

In these uncertain times, VU security has developed a Digital Identity in Vaccination Process (DIVP) helping governments and citizens in these sensitive activities.

Know more about the DIVP development and its impact and effects it is bringing where applied

Under a very recent study conducted by the Association of Compliance Officers in Ireland (ACOI), released on January 28th, 76% of Irish businesses believe the data protection landscape is more uncertainty now than it was 12 months ago, due to 3 main reasons: Brexit, the increase in remote working and the impact of the Schrems II ruling.

As to such last reason, in July, the Court of Justice of the European Union (CJEU) issued a landmark ruling in the Schrems II case, when invalidating the EU-US Privacy Shield arrangement and raising questions over the level of data protection offered for those relying on Standard Contract Clauses (SCCs) when transferring data from the European Economic Area (EEA) to a third country.

Companies from all over the world are now concerned whether the existing mechanisms in place allowing for cross border transfers outside the EEA (such as to entities pertaining to the same corporate group located in other countries) remain valid.

Due to additional factors, businesses in all countries are disoriented when it comes to the applicable mechanisms to transfer personal data overseas. In Brazil, for instance, we have a brand new Data Protection Law (the LGPD) -- now finally in force and effect -- that sets forth rigid instruments to allow for cross border data transfers, analogous to the ones provided by the GDPR, without a fully operational Data Protection Authority that should take actions to enable such instruments.

Certain cross border mechanisms can be considered onerous and unworkable and the companies should evaluate the adequate proceedings to be adopted. We should also not lose sight of the fact that maintaining a strong data protection culture within the corporate group is a key factor for compliance with the applicable data protection rules, including the ones covering cross border data transfers.

Learn more on this with the PrivacyRules experty from Brazil Luiza Sato from ASBZ Advogados!

Our global experts Gabriel Avigdor from datalex | digital lawyers (Switzerland), Padraig Walsh from Tanner De Witt (Hong Kong), Stephen Mathias from Kochhar & Co. (India), Markus Myhrberg from Lexia Attorneys (Finland) and Michael Nitardy from Frost Brown Todd (USA) explored, in a roundtable discussion, the new WhatsApp privacy policies and their impact from the perspective of five different corners of the world to understand what happened, what the alternatives do and which are the real changes!

Watch the PrivacyRules first webinar of 2021 on cybercrime during the pandemic!

These are times when cybercrime is rampant and even the EU is thinking of enabling law enforcement exercise of advanced penetration of data. Our webinar comes in a very timely moment and provide useful independent information to a larger audience within Europe and abroad.

This recorded webinar includes an open debate and Q&A at the very end.

Don't miss the opportunity to join and interact with our high level speakers:
- Ben Waites from Europol
- Jaime Ansieta Antivilo, from Policía de investigaciones de Chile
- Els De Busser, from the Leiden University - Faculty of Governance and Global Affairs
- Luca Brunoni, from ILCE - Institut de lutte contre la criminalité économique HEG Arc
- Andrew Gould, from the National Police Chiefs'​ Council & INTERPOL Advisor
- Kemal Veli Açar, Independent Researcher & Consultant for the Cybercrime Programme Office of the Council of Europe (C-PROC).
- Sebastian Stranieri CEO at VU SECURITY
- Ruben Roex (Moderator), Attorney-at-law / Partner at Timelex (Belgium)
- Juan Carlos Manríquez Rosales, Founding Partner at MBCIA Abogados (Chile),
- Ludovic Tirelli, Founding Partner at Penalex Avocats - Avocats & spécialistes en droit pénal (Switzerland)

Watch it now here

Listen this short talk with Rose Marie King-Dominguez from SyCipLaw focused on data privacy law issues triggered by the COVID-19 pandemic, and relevant to employers.

This session will give you a very quick basic briefing on the data privacy regime in the Philippines. This quick webcast is of particular interest for Enterprises with a local presence, or that receive services from Philippine BPOs or other companies.

Watch it here

Our Portuguese expert Tiago Félix da Costa, from the law firm Morais Leitão, Galvão Teles, Soares da Silva & Associados, joined us in this privacy espresso to discuss how the application of the new E-privacy Regulation may affect the European framework on direct marketing.

In this espresso, we analyzed the differences between the previous directive 2002/58/EC and the upcoming e-privacy regulation by using the Portuguese law as tertium comparationis. Find out what's new and how you can prepare for this significant change.

Why do technology startups think about user's privacy protection from the first public launch of the project?

Listen to this 10 minutes session with Ivan Ivanov, founder of Uvecon and Co-Organizer of the Digital Week Online to learn more on:

- Cross-border expansion of software startups

- key points to consider

- The importance of checking the startup compliance with regulations for early-stage investors

Our Italian expert Chiara Agostini, TMT and Privacy Partner at RP Legal & Tax, discuss the differences among the use and collection of data for loyalty programs and for pure marketing purposes.

The collection of data for the management of fidelity programs, prize contests or cashback initiatives, does not allow the data controller to process the collected data for autonomous marketing purposes such as the sending of advertising and other promotional communications.

Bring Your Own Device (BYOD): We're seeing a lot of company policies encouraging employees to "bring your own devices" (smartphones, laptops and tablets). The thinking is that if employees get to use devices they're familiar with and happy with, then you'll be able to recruit and keep happy workers. There are cost savings (from the company not buying devices) and supposedly increased productivity. But...

- during the employment relationship or at termination, it's hard/impossible to get access to employee-owned devices to confirm misappropriation of trade secrets;

- such devices are loaded with personal data -- financial data on taxes and investments, family or other personal photos, videos, etc. - greater likelihood of friends, family members, etc. borrowing or using a personal device and thus exposed to company information.

- some security solutions like keystroke/keylogging software really are bad mojo to try sneaking onto a person's personal device.

- lack of separation between work and home devices also opens up more potential opportunity to malware that can cause bigger problems re: hackers and breaches.

Learn more about this complex topic with the PrivacyRules expert John Eastwood from Eiger in Taiwan

With the ever-increasing presence of technology in the workplace and the risks associated with the use of digital tools, information sharing and employees working from home, control measures in Norway are on the rise. Such, measures, ranging from access controls to GPS tracking, are subject to the GDPR as incorporated into the Norwegian Personal Data Act. Furthermore, the Norwegian Working Environment Act and its appurtenant regulations impose several procedural obligations on employers wishing to implement control measures in the workplace. Failure to comply with these obligations could not only expose the employer to potential liability and loss of reputation, but also render any evidence gathered through the measure inadmissible before the Norwegian courts.

Our Norwegian expert, Alexander Mollan from Brækhus Advokatfirma DA, delves into this complicated patchwork of laws in order to provide you with some practical tips on how to avoid any risk dealing with this sector.

What’s the biggest threat to personal privacy in 2021?

Our Chairman and US expert Joe Dehner, Counsel at Frost Brown Todd LLP, reveals how to face the biggest threat of 2021, the splinternet!

But what is the splinternet? How is it related to us, our governments and the entire world?

Learn it with us in this brief video and follow PrivacyRules not to miss our next episodes.

Session 2 has been moderated by Joe Dehner (PrivacyRules Chairman), debating with Kohei Kurihara (Japan), Grace Shaw (Canada), Kevin Warburton (Hong Kong), Ken Morris (USA), and Eric Cook (USA) about:

- Points to consider about data lifecycles: (i) collection and storage, (ii) processing, (iii) transfer (domestic or overseas, intra-group or to third parties), and (iv) deletion

- Points to learn from precedents: what is the main cause of data breaches based on your experience?

- How can you detect and recognize a (potential) data breaches promptly?

- What should be considered in order to establish effective cybersecurity compliance?

Session 1 has been moderated by Akira Matsuda (our host from Japan), debating with Yingyu Wang (Singapore), Jihong Chen (China), Agnieszka Wiercińska-Krużewska (Poland) and Kim Walker (UK) on:

- Establishing an effective compliance system for cross-border data transfers – what should businesses focus on?

- What is the difference between domestic data transfer compliance and international data transfer compliance?

- What is the best way to monitor the data flows?

- How do you comply when a business uses overseas processors?

Data is an important business in Greater China, where distinctive frameworks allow differences to be an opportunity provided that proper guidance and legal advice are ensured to companies operating in and with the various jurisdictions.

Meet our leading members Jihong Chen from China, Pádraig Walsh from Hong Kong, José Leitão from Macau, and John Eastwood from Taiwan debating about how data privacy must be embedded in data related business plans, operations and corporate policies across Greater China.

And the elephant in the room: what happens when such data are transferred with the US? Our Greater China members will analyse relevant aspects with our US member.

Seminario online de PrivacyRules en español Nuestras expertas colombianas Stella Sofía Vanegas y Angela Maria Noguera Moreno llevaron una discusión muy interesante sobre el tema "Mitos y realidades del Big-Data y la ética de la Inteligencia Artificial" con el Consultor de CAF, Armando Guio Español, el fundador de Datasketch, Juan Pablo Marin Diaz y nuestra experta Mariela de la Guardia Oteiza.

AI, innovation and privacy

North & South America Innovation Day - Friday 16 October, 12.00 - 13.00 (PDT)
 
PrivacyRules founding tech member Ken Morris from KnectIQ in the USA, moderated a panel of amazing experts: Mohsen Rezayat, Chief Solutions Architect at Siemens Digital Industries Software; Alexander McD White, Privacy Commissioner of the Office of the Privacy Commissioner for Bermuda; Ron Bodkin, VP of AI Engineering and CIO of the Vector Institute; Angela Maria Noguera Moreno, Consultant and Privacy expert at Vanegas Morales Consultores; Michael Nitardy, Attorney and member of the Frost Brown Todd's privacy and data security team.

International data transfers post EU – US Privacy Shield: how, where, under which framework?

Africa, MENA, Europe, Innovation Day - Thursday 15 October, 12.00 - 13.00 (GMT)
 
PrivacyRules experts Geert Somers from Timelex in Belgium and Markus Myhrberg from Lexia in Finland moderated a debate with our expert Stephen Mathias from Kochhar & Co. in India together with specialised guest speakers Alisa Vekeman, policy officer at the Unit for International Data Flows and Protection of the European Commission, and Vic Harkness, security consultant at the multinational cybersecurity company F-Secure Corporation. In light of the recent Court of Justice of the European Union decision on the “Schrems II case”, this panel debated issues of fundamental value for any business and practitioner dealing with international data transfers in and out of the EU.

Design thinking: privacy from start to finish in the corporate life cycle   

APAC Innovation Day - Wednesday 14 October, 12.00 - 13.00 (GMT +8)
 
Our Hong Kong expert Padraig Walsh from Tanner De Witt in Hong Kong moderated a panel addressing #privacybydesign featuring first class guest speakers Kohei Kurihara from the Privacy by Design Lab in Japan and Jason Lau, CISO at Crypto.com and two other #privacyrules experts Yingyu Wang from Taylor Vinters Via LLC in Singapore and Kelly Dickson from Macpherson Kelley in Australia. 

Meet our Finnish expert Markus Myhrberg from Lexia Attorneys!

Learn more about how to be in compliance with the Finnish data privacy framework, the main data compliance issues faced by our data protection lawyers, and about the Lexia's startup program Lexia Growth.

Finland is one of the most developed countries in the technology sector, don't miss the opportunity to know better its secrets.

Listen to the only audio version here

Know the data protection laws in Czech Republic and Slovakia with Michal Nulicek and Jan Tomisek from the law firm ROWAN LEGAL.

Meet our experts, know their data privacy regime, the connected laws and the main practical issues faced in their everyday professional activity.

Take 10 minutes to watch this webcast or to listen to it during a break, run or walk!

The only audio version is available on our SoundCloud page at this link.

The use of tracking technologies became fundamental in the internet society. However, these technologies are still regulated in different ways across Europe. Is the GDPR helping in the harmonization process? Will the E-privacy Regulation play a fundamental role on this regard?

Learn more about this topic from our highly experienced guest speakers Norbert Vass from the Hungarian Data Protection Authority, Grzegorz Jendroszczyk, data protection officer at Piwik PRO and from our lawyers Geert Somers and Bernd Fiten from Timelex in Belgium and Alekszej Dubalar from Lakatos, Köves and Partners in Hungary.

Watch this video to learn more from our experts and leave us your feedbacks and questions in the comments below!

Know the Israeli data protection law with Haim Ravia and Dotan Hammer from the Israeli law firm Pearl Cohen Zedek Latzer Baratz.

Meet our experts, know their data protection regime, the connected laws, and the main practical issues faced in the everyday professional activity of an Israeli data privacy expert... Listen to this webcast!

You can also listen to this interview in its podcast version here

EU and non-EU PrivacyRules experts debate on the groundbreaking decision of the Tribunal of the Court of Justice of the European Union (CJEU).

EU PrivacyRules data-privacy experts Volker Wodianka from SKW Schwarz in Germany and Jean-Christophe Chevallier from Ydès Avocats in France, analyze the decision and compare interpretation and perspectives with our US data-privacy expert Michael E. Nitardy from Frost Brown Todd and Gabriel Avigdor from datalex llc in Switzerland.

Our Swiss expert, Gabriel Avigdor from datalex llc, explains in just 5 minutes what has brought the Court of Justice of the EU to invalidate the EU-US privacy shield.

What happened? What are the consequences for cross-border personal data transfer? Are Standard Contractual Clauses still valid? May, this decision, involve also third countries such as Switzerland?

Watch this flash video to learn more about this case and its effects!

This video will be soon available on our Youku channel here!!

PrivacyRules and Zhong Lun (China) held an e-conference on data breach management for multinational companies on 8 July 2020. Legal and cybersecurity experts from three continents debated the topic, during which PrivacyRules also introduced its upcoming global data breach prevention and response mechanism.

PrivacyRules Chinese founding member from Zhong Lun, Jihong Chen, outlined Chinese legal requirements for privacy compliance and data breach response. The e-conference offered specific insights on an interesting case study related to a suspect data breach against a Chinese multinational company that applies AI to its industrial processes. The first session of the e-conference saw the analysis of top legal advisors Michael Nitardy from Frost Brown Todd in the USA, Volker Wodianka from SKW Schwarz in Germany, Yingyu Wang from Taylor Vinters Via in Singapore and Akira Matsuda from Iwata Godo in Japan. The second session was focused on cybersecurity solutions to protect data, with the participation of PrivacyRules founding tech expert Ken Morris from KnectIQ, as well as Mark Whittley from Blackpanda and Kevin Lee from Horangi.

Nearly 200 participants, including representatives of the largest multinational companies operating from and in China, attended the event.

Contact us or our experts to know more about these solutions!

Download the slides of our experts here:

- Details about the hosting member, Zhong Lun Law Firm

- Introduction from the PrivacyRules CEO Andrea Chmieliński Bigazzi

- Introduction to session 1 from Jihong Chen: How to manage a cross-jurisdictional data breach

- Presentation of Akira Matsuda from Iwata Godo, Japan

- Presentation of Volker Wodianka from SKW Schwarz, Germany

- Introduction to session 2 from Ken Morris: Management of data breach crisis –cybersecurity aspects

The PrivacyRules live webinar on "Public safety v. privacy: the covid-19 tracing apps conundrum" was moderated by our Australian expert Kelly Dickson from Macpherson Kelley with Susanne Lie, senior legal adviser at the Norwegian Datatilsynet as a special guest. Three other PrivacyRules experts were panelists: Ruth Ng from Taylor Vinters Via LLC in Singapore, Haim Ravia from Pearl Cohen in Israel and Geert Somers from Timelex in Belgium.

Learn more on this fascinating topic by watching this webinar!

This webinar has been moderated by our Swiss expert Ludovic Tirelli from Penalex together with three first-class guest speakers Ben Waites from Europol, Els De Busser from the Leiden University, Filippo Musca from the The Siracusa International Institute for Criminal Justice and Human Rights, and two other PrivacyRules criminal law experts, Ruben Roex from Timelex in Belgium and Juan Carlos Manríquez Rosales from MBCIA Abogados in Chile.

The experts have discussed, among other things, about:
- The main crime trends EUROPOL has observed as a result of the COVID-19 pandemic
- If the Data Protection Authorities have successfully exercised their supervisory competences in relation to the COVID-19 monitoring measures
- How the privacy and tech experts from the private sector can support the cybercrime-fighting efforts
- The criminals use of the various types of vulnerabilities, and how are states and other actors reacting to that globally

The seminar has been be moderated by PrivacyRules Hong Kong member Pádraig Walsh from Tanner De Witt, with exclusive participation of Dr. Mohsen Rezayat, Chief Solutions Architect at Siemens Digital Industries Software, and PrivacyRules Polish member Agnieszka Wiercińska-Krużewska from WKB Lawyers, PrivacyRules UK member Kim Walker from ShakespeareMartineau, and PrivacyRules US member Mike Nitardy from Frost Brown Todd as panellists.

Watch the event recording here

Concerned about the data privacy implications of returning to work in the Covid-19 era?

The PrivacyRules US expert Michael Nitardy has moderated an international discussion on the topic with:

➡️ Victoria Beckman of Frost Brown Todd (USA),
➡️ Padraig Walsh of Tanner De Witt (Hong Kong) and
➡️ Jean-Christophe CHEVALLIER of Ydès Avocats (France)

Watch this webinar to learn what your company should consider and do in this volatile situation, where privacy and public health are major concerns globally.

PrivacyRules local expert, Sergey Medvedev from Gorodissky & Partners, elaborates on the risks related to the non-compliance with the Russian data privacy law in these complex times.

You may wonder if the Russian data protection law must be complied with even during the Covid-19 times, the answer is yes! Beware that the Russian data protection law has been recently amended giving higher powers to the Russian IT Regulator (Roskomnadzor) which can now impose truly heavy fines against non-compliant companies. Worth noting, the Roskomnadzor can now start random inspections and, if the inspection reveals that a company is non-compliant, the Regulator can initiate an administrative proceeding before the competent Court without the need of a prosecutor.

The sanctions can be of civil, administrative or criminal nature. An example of a heavy sanction is the blockage of the website for an online business or an e-commerce company (which is what happened in the LinkedIn case). Furthermore, in certain cases fines are imposed on the basis of the number of the employees the sanctioned company has.

To know more about the risks related to the complexity of the Russian privacy regulations, watch this video and contact Sergey for guidance and advice!

The President of Indonesia, Joko Widodo, issued a Presidential Decree No. 12/2020 declaring Covid-19 pandemic as a Public Health Emergency situation. Then, the Government has released Regulation No. 21 of 2020 on Massive Social Restrictions (“GR 21/2020) allowing the Regional Government to implement Massive Social Restrictions.

On April 09, 2020, the Governor of DKI Jakarta has issued Regulation No. 33/2020 on Implementation of Massive Social Restrictions in Jakarta.

In this pandemic situation many business activities are disrupted and stop operating. For this reason, they are assessing their existing contracts to determine whether the pandemic of Covid-19 can be considered as force majeure or not.

Our Indonesian expert from SIP Law Firm , R. Yudha T. W., elaborates on the recent updates of its country and explains how Indonesia is handling the concept of force majeure.

Listen to this flash news to know more about this interesting topic!

The Morrisons case: When is an employer liable for data breaches by its employees?

❗Flash Briefing from the UK❗

⚡Kim Walker of Shakespeare Martineau discusses the UK Supreme Court’s important recent judgement clarifying the scope of the principle of “vicarious liability”: when is an #employer strictly liable for the wrongdoings of its employees even though the employer is entirely blameless?

➡️ The case is of particular interest to anyone advising on #dataprotection, because the employee, in this case, had maliciously and wrongfully uploaded #payroll data of 100,000 employees to the internet, potentially exposing Morrisons to huge claims for compensation from the employees involved.

➡️ The High Court and the Court of Appeal in the #UK had previously found Morrisons vicariously liable for the rogue employee’s actions.

The discussion includes:

❓How do you decide what an employee’s “field of activities” are?

❓When is the wrongful action “closely connected” to the field of activities?

❓Are the employee’s motives relevant?

❓Why was the previous leading case (Mohamud v Morrisons) different?

❓What are the practical implications in the field of data protection?

L

La Crisis generada por el COVID 19 ha puesto en jaque a Autoridades nacionales y locales, a las empresas, y en general a todos los ciudadanos. Muchos temas han surgido, varios riesgos han aflorado, y es a partir de estos que queremos hoy compartir con todas las personas del común, no solamente con los especialistas en privacidad lo que ha venido sucediendo con el manejo de la información personal relacionada con este virus.

En esta serie discutiremos con nuestros expertos Stella Sofía Vanegas & Angela Maria Noguera Moreno (Colombia), Yamil Yuivar Carneiro (Chile) and Luis Marimón Prats (Spain) sobre:

▶️ Episodio 1: Medidas legales adoptadas

▶️ Episodio 2: Recolección y usos de datos

▶️ Episodio 3: Casos prácticos de implicaciones laborales y riesgo de uso de datos personales

In this third and last episode of the miniseries our local expert, Yudha Triarianto from SIP Law Firm, discuss the relevance and advantages of cooperating with specialized law firms as in the PrivacyRules Alliance and provide some tips on why to do business in Indonesia

Find the Podcast version here!

Stay updated with Privacy worldwide, follow PrivacyRules!

How the Australian Government is facing the Covid-19 spread? Which are the key restrictions that companies and individuals are facing and which are the future perspective?

Know more on this topic with Kelly Dickson, our expert lawyer from Macpherson Kelley in Australia, we will discuss:

- Which are the main consequences of the restrictions

- The top priorities that companies should consider

- How MK lawyers can help

- The use of Health information

- The use of tracking systems

This podcast is available on SoundCloud also

In Uruguay, the new Decree 64 / 2020 introducing new measures in relation to privacy matters has been published recently.

The main changes it contains are:
· The creation of the figure of the DPO
· Certain changes in relation to the data incident
· Certain changes in relation to security measures

Learn more about it with our local experts Sofía Anza and Jonathan Clovin from Guyer & Regules, find the complete review of the Decree here: https://bit.ly/3dYDOl5

In these webinars, we analyze how the privacy regulators of Belgium, Germany, and Switzerland addressed the spread of Covid-19. Our experts Geert Somers, Bernd Fiten, Volker Wodianka and Gabriel Avigdor assess the main challenges related to the coronavirus emergency and explain the details of their respective DPAs' positions.

In this fourth episode, our experts try to share their advice on how the issue may/should be addressed in the future.

This webinar is available in a podcast version also

In these webinars, we analyze how the privacy regulators of Belgium, Germany, and Switzerland addressed the spread of Covid-19. Our experts Geert Somers, Bernd Fiten, Volker Wodianka and Gabriel Avigdor assess the main challenges related to the coronavirus emergency and explain the details of their respective DPAs' positions.

In this third episode, our experts provide some suggestions to companies and private organizations on how to better handle the Covid-19 related difficulties.

This webinar is available in a podcast version also

In these webinars, we analyze how the privacy regulators of Belgium, Germany, and Switzerland addressed the spread of Covid-19. Our experts Geert Somers, Bernd Fiten, Volker Wodianka and Gabriel Avigdor assess the main challenges related to the coronavirus emergency and explain the details of their respective DPAs' positions.

In this second episode, our experts discuss the challenges that the Covid-19 is bringing to companies and private organizations and viable solutions proposed in their respective countries.

This webinar is available in a podcast version also

In these webinars, we analyze how the privacy regulators of Belgium, Germany, and Switzerland addressed the spread of Covid-19. Our experts Geert Somers, Bernd Fiten, Volker Wodianka and Gabriel Avigdor assess the main challenges related to the coronavirus emergency and explain the details of their respective DPAs' positions.

The first episode offers an overview on what each DPA issued and thoughts on the related matters.

This webinar is available in a podcast version also

The spread of the Covid-19 has sparked discussions on the balance of interests between the protection of an individual’s personal data privacy, and the interest and greater good of the public. Country frameworks differ significantly, and the reaction of data protection authorities have differed.

We, at PrivacyRules, are well placed to bring your perspectives from many locations. This webinar focuses on the main issues faced by companies in Asian countries.

In this webinar our experts, Ruth Ng, Akira Matsuda, José Leitão, Hyunjee Kim and Pádraig Walsh, compare the Covid-19 response of the regulators in their respective countries: Singapore, Japan, Macau, South Korea and Hong Kong. Our experts also provide guidance and help on how to deal with legal issues arising from Covid-19 in the context of personal data privacy and more generally.

WRITE DOWN YOUR QUESTIONS AND WE WILL ANSWER YOU WITH NEW TAILORED MATERIALS!

Data Breach Notification regulations are among the most debated issues of the data privacy framework of every country. Related country frameworks differ greatly: which are the most effective ones?

Our experts: Lyndsay Wasser and Kristen Pennington from McMillan (Canada), Agnieszka Wiercińska-Krużewska from WKB (Poland) and Pádraig Walsh from Tanner De Witt (Hong Kong) compare their Data Breach Notification and Fines regulations and assess what are the best practices for regulators and businesses to adopt in this area.

Jodi Daniels from Red Clover Advisors, explains the recent updates to the Washington Privacy Act and its differences and similarities with the CCPA and the GDPR in just 3 minutes!!

Stay tuned with data protection worldwide, follow PrivacyRules!

Our Alessandro meets Jordan Fischer, the Managing Partner of the New York boutique firm XPan Law Group, in this special Podcast (audio version here) on the New York Shield Act.

Watch it and learn more about the content and challenges of the Act, which are its main features and which are its similarities/differences with other regulations such as the CCPA and the GDPR.

Stay updated with privacy, follow PrivacyRules on LinkedIn, Twitter, SoundCloud and YouTube!

Jodi Daniels from RedClover Advisors, US Data Privacy service provider of PrivacyRules, explains how her 2020 Privacy Compliance Checklist and her other tools can help you dealing with CCPA and other data-privacy regulations!

Stay tuned with data protection worldwide, follow PrivacyRules!

In this second episode of the miniseries our local expert, Yudha Triarianto from SIP Law Firm, compares the Indonesian regulation with the GDPR in order to check the main differences and similarities between the two frameworks.

In the previous episode we discussed:

- Who is Yudha Triarianto and what SIP Law Firm does

- The complex patchwork of regulations touching data privacy in Indonesia and the contents of the recent proposal for a new Personal Data Protection Bill

In the next episode we will:

- Discuss why it is important for SIP Law Firm to be part of the PrivacyRules Alliance

- Receive some tips on why to do business in Indonesia Follow PrivacyRules to stay updated with privacy worldwide.

Find the Podcast version here!

Stay updated with Privacy worldwide, follow PrivacyRules!

Kelly Dickson (Australia), Ruth Ng (Singapore), Peter Szanislai (Hungary) and Pádraig Walsh (Hong Kong) address the recent Hong Kong proposal to update its data privacy regulations, and compare and contrast those proposals to other countries’ frameworks.

The webinar explains:

- The main features of the proposals in Hong Kong, and how they compare to the different frameworks.

- What is not addressed in the Hong Kong proposals, but is already a feature in other jurisdictions.

This webinar demonstrates the capability of PrivacyRules to offer different perspectives on the same issue across different locations, and to provide the best resource and solution to clients on data-privacy cases.

Michael Nitardy, member of the Privacy & Data Security team of Frost Brown Todd LLP, analyzes with us the new CCPA in this PrivacyRules Miniseries!

In this second episode of the mini-series, Michael explains what companies have to do to comply with the CCPA.

Follow us to stay updated and to know more about this very current topic!

In this first episode of the miniseries our local expert, Yudha Triarianto from SIP Law Firm, introduces himself and his firm, explain the complex patchwork of regulations touching data privacy in Indonesia and the contents of the recent proposal for a new Personal Data Protection Bill!

In the next episodes we will:

- Compare the indonesian regulation to the GDPR

- Learn the main practical issues Yudha have faces as a data privacy expert

- Discuss why it is important for SIP Law Firm to be part of the PrivacyRules Alliance

- Receive some tips on why to do business in Indonesia Follow PrivacyRules to know more on this and many other topics!

Find the Podcast version here!

Stay updated with Privacy worldwide, follow PrivacyRules!

Michael Nitardy, member of the Privacy & Data Security team of Frost Brown Todd LLP, analyzes with us the new CCPA from all its different corners in this PrivacyRules Miniseries!

In this first episode of this mini-series of webinars, Michael gives us an overview of what should people from all over the world know, and take into consideration, about the CCPA.

Follow us to stay updated and to know more about this very current topic!

In Part 1 of this two-part Briefing, Kim Walker from Shakespeare Martineau explains what Brexit means for the processing of personal data in the UK during the Transition Period which is due to last until 31 December 2020, including the laws that apply during Transition and the changing role of the UK’s supervisory body, the ICO, during and after this period. Part 2 will cover transfers of data between the UK and EU during and after Transition and what happens to EU data stranded in the UK when the Transition Period comes to an end.

Find out more on Kim and Shakespeare Martineau by following them on LinkedIn

Kelly Dickson from Macpherson Kelley Law Firm explains the case raising the first data privacy class action in Australia and it's main implications for the future!

The EU-U.S. Privacy Shield, the GDPR and the recent CCPA are not frameworks for lawyers only... Listen to Jodi Daniels from RedCloverAdvisors (US) and Volker Wodianka from Schlutius (Germany) explaining why their specific services are important to help companies dealing with data across continents!

Don't miss the opportunity to know more about this case that is going to raise one of the most interesting debates of 2020. Our Swiss expert, Gabriel Avigdor from datalex llc, explains the contents and main issues raised by the Norwegian Consumer Council (“NCC”) through its 186 pages study report called “OUT OF CONTROL. The document, supported by a 93 pages technical report, explains how the industry of digital advertising (“AdTech” industry) is exploiting personal data of consumers through dating mobile applications to use and monetize such data for their business interest and the ones of “shadow companies”. Find also a deeper analysis of the case in the latest Gabriel's article here.

Pádraig from the Hong Kong Law Firm Tanner De Witt explains the implications of a recent cybersecurity incident affecting secondary schools in Hong Kong.

In November 2019 the Education Bureau detected some strange activity in respect of its WebSAMS web application management system for secondary schools. Even if, the Education Bureau had developed an upgrade to the system and notified all schools within 5 days, four schools were affected and the personal information of teachers and some students have been lost. This data breach incident is interesting for three main reasons, listen to Pádraig and discover witch are them!

This Podcast is also available in its video version on our YouTube Channel!

Our new expert from Macau, José Leitão from MdME Lawyers, discusses the complex framework of this jurisdiction during a very practical interview.

Learn more about how this country is facing the development of the Data Privacy sector with very strict and unique rules and hear its comparison to the GDPR and other international frameworks!

Our Chinese and Russian experts compare the complex patchworks of their respective data protection frameworks with an interesting focus on their countries' data localization requirements and the necessary elements for cross border data flows.

Thanks to this webinar you will be able to understand the activities you need to put in practice if you are using, sending data or simply starting a new business in Russia or China.

Lyndsay Wasser of Canadian law firm McMillan and Kim Walker of UK law firm Shakespeare Martineau discuss the recent decision by the Privacy Commissioners in Canada that Canadian data analytics company AggregateIQ used voter personal data to target political advertising in breach of Canadian federal and provincial data protection laws. The UK's Information Commissioner's Office (ICO) ruled in 2018 that AggregateIQ failed to comply with the GDPR in several respects when it provided data analytics services to political parties during the UK's EU referendum in 2016. The decisions are evidence of global privacy regulators' continuing concern about the way in which personal information can be used for voter manipulation.

Lyndsay discusses the Commissioners' clarification of the requirement for service providers to ensure that customers who provide personal data for them to process have received consents from individuals as required by Canadian law and the steps that they are required to take in order to verify that adequate consents have in fact been obtained. Kim discusses the different approach taken by the ICO under the GDPR where consent is only one of several lawful bases for processing data and discusses the ICO's particular focus on AggregateIQ's failure to process the data fairly and transparently, so the individuals had no knowledge or expectation of how their data would be used.

Lyndsay and Kim then draw conclusions from the two decisions and propose practical steps for businesses to take, particularly those involved in digital marketing and the adtech industry.

The consciousness of the broadness and complexity of the Data Privacy sector has brought the PrivacyRules Swiss experts, Gabriel Avigdor and Ludovic Tirelli, to create a new way to conceive the lawyers' work through their platforms: datalex and penalex.

These digital platforms provide transparent, easily accessible and reliable 24/7 information on data privacy, new technologies, healthcare and cybercrime in the Swiss context. Learn more about Gabriel and Ludovic, their activities and the Swiss framework in this very interesting Webcast and watch their previous participations on our activities:

- PrivacyRules Webinar on Libra, Blockchains and Cryptocurrencies 

- PrivacyRules-Zhong Lun Conference, datalex llc presentation 

- PrivacyRules Data Transfer Webinar

Watch the video of the recording here!

Meet Volker Wodianka of SKW Schwarz & SCHLUTIUS, the brand new German expert of PrivacyRules, in this fascinating discussion on his activities and the main differences of the German framework making it unique even under GDPR.

Hear how the Federal structure helped him to anticipate the scenario of conflicts among different Data Protection Authorities and how their DPO compliance regime is different and stricter than the one of the GDPR!

Watch the PrivacyRules video-session entitled "Privacy and Data Protection in Africa, Rights and Opportunities" at the AFBA 2019 Conference in Monrovia Liberia.

Our speakers are:

- Janet Othero (Kenya) Kenya: Government Digital Transformation and Data Protection

- Juan Carlos Manriquez Rosales (Chile) Rule of law 4.0: how the public and private sectors shall adapt to fully respect the hr into the digital economy

- Kenneth Morris (USA) Data Protection Best Practices: Inadequate for Privacy and Regulatory Compliance - Time for a 21st Century Model

Watch the video-podcast on our YouTube channel

After the recent webinar on the "first year implementation of the GDPR", our Alessandro and Péter Szanislai, data privacy and GDPR expert of the PrivacyRules' Hungarian member firm, Lakatos Koves, decided to reconnect in order to discuss the impact of the new regulation in Hungary.

In fact, the GDPR application in Hungary has affected more than 80 sectors and Peter explain us the main challenges related to the overlaps among the national legislation and the European Regulation in matters such as advertisement, employee monitoring and the use of CCTV.

Our experts from Hong Kong, Switzerland, Singapore and South Korea discuss together about the use of Blockchain and Cryptocurrencies in their respective jurisdictions with specific considerations on the new Facebook's currency, Libra. If you want to know more about this topic and to summarize the situation on each of these jurisdictions, please click on their Country Overviews below:

- Hong Kong

- Singapore

- Switzerland

- South Korea

Even if the GDPR has harmonized the data protection regulations within the EU, there are still some differences between one country to another. Agnieszka stresses how many other Polish Laws have been influenced by the GDPR and how the local legislator has acted to avoid conflicts as much as possible.

But, of course, some problems emerged. What's happening exactly and which are the best ways to approach such issues? Agnieszka offered us her practical experience and an overview of interesting cases in Poland to help us understand what approach needs to be taken from every business in Poland.

Find the Youtube version of the Podcast here!

Jodi Daniels, founder of Red Clover Advisors discuss the latest on Data Protection regimes in the US, the privacy related challenges that companies faces everyday and how to approach data privacy regulations such as CCPA. 
Jodi also offers some practical advise to people interested in doing business in the US with some forecasts on the future development of privacy regulations in the country.

Find the Podcast also in Youtube here

Our Alessandro and our expert, Léon Patrice SARR from LPS [email protected], discusses the Data Privacy issues faced by Senegalese people everyday and the main challenges for companies in Senegal regarding the local data privacy regulation and its evolution.

The interview ends with some practical advice for people interested in doing business in Senegal.

Find the YouTube video of the Podcast here

Find the Podcast's video here!

Stella Vanegas Morales, founder of Vanegas Morales Consultores and expert for the Colombian jurisdiction at PrivacyRules help us understanding the data protection regulation in her country. Learn more on the main data privacy challenges for Colombian companies, the best practices to avoid issues and how to assess the risks involved to the use of data!

The Podcast's video is available on YouTube here.

Our UK and Hong Kong experts, Kim Walker and Padraig Walsh, discuss with us on the recent data breaches involving respectively the two Airlines of Cathay Pacific (violating 9.4 million personal data) and British Airways (disclosing 500 K customers' information).

The discussion focuses on the different approach of the Hong Kong's Office of the Privacy Commissioner for Personal Data ant the UK's Information Commissioner Office resulting no fines in the first case and an intention of £183m fine in UK. 

How is it possible to have so different results? Is that difference just a result of the GDPR presence in UK and absence in HK? 

Discover it with us in this great podcast!! 

PrivacyRules launches its fourth webinar dedicated to the GDPR in its first-year implementation.

PrivacyRules gathered six of its EU experts to analyze the different approaches of their respective countries to the GDPR with particular attention to the decisions of their respective Supervisory Authorities and the related lessons learned. The participating experts were:

1. Agnieszka Wiercińska-Krużewska from Wierciński, Kwieciński, Baehr (Poland);
2. Geert Somers from Timelex (Belgium);
3. Jean-Christophe Chevallier from Ydés Avocats (France);
4. Kim Walker from Shakespeare Martineau (United Kingdom);
5. Péter Szaniszlai from Lakatos, Köves and Partners (Hungary);
6. Stefanos Tsimikalis, Tsimikalis Kalonarou (Greece).

Click here to see the video of this Podcast on Youtube

Our Alessandro and Padraig Walsh, Partner of Tanner De Witt, and PrivacyRules expert for Hong Kong, explore the Data protection regime in Hong Kong discussing its most recent developments and some interesting cases of data breaches. The podcast also compares the framework's similarities and main differences with the GDPR, the issues related to the conclusion of the Brexit process and the particularly strong provisions of this country on direct marketing.

In the final part of the recording, Padraig also discusses the main issues related to the use of Blockchains and AI.

Disfruta nuestro webinar sobre protección de datos en Latino América en el que panelistas de Colombia, Uruguay, Chile y México proveen información general sobre las leyes de protección de datos en cada país, los retos y obstáculos que se han tenido en la implementación de las leyes de manera practica y efectiva, los pronósticos sobre el desarrollo de la jurisprudencia de protección de datos en cada país, y buenas prácticas para prevenir y reaccionar a un incidente de violación o fuga de datos.

Encuentra las diapositivas de Guillermo aquí

Enjoy our new webinar in Spanish language dealing with the data protection regimes in Latin American countries. Our panelists from Colombia, Uruguay, Chile and Mexico provides general information on the data protection laws in each country, the challenges and obstacles that have been faced in the implementation of such laws in a practical and effective way. The webinar follows discussing the potential development of the data protection laws in each country and the good practices to be respected to prevent and react to violation of data.

Find the slides from Guillermo here

Our Alessandro and Ruth Ng, lawyer of Taylor Vinters Via, explore the Data protection regime in Singapore discussing its business-friendly structure and its focus on inspiring consumer confidence. 

The podcast also compares the framework's similarities and main differences with other regimes such as the GDPR, dealing with the consent requirements, the data breach notification system and the incoming data portability requirements and explains the potential development of the PDPA bill in 2020. As always, the recording concludes with the main practical challenges and most interesting experiences in the everyday practice of the expert!

Steve Ahn from SEUM, South Korean member of PrivacyRules, explains the most recent development of the South Korean Data Protection framework, its relation with the Blockchain regulation and the practical issues related to those sectors. Steve also raised some interesting points on the latest on the use of Cryptocurrencies and Initial Coin Offerings.

Available also on Youtube and Youku!

PrivacyRules launch its second webinar episode to tackle some data privacy questions, such as: According to the GDPR, when do I need a DPO? When do I need an EU-Representative?  What is the difference between them? 

We’ve gathered two of our best and brightest GDPR experts Markus Myhrberg, Stefanos Tsimikalis and our US data privacy expert Michael Nitardy to break down and demystify these questions from the point of view of non-EU businesses.

To have a broader overview of the topic, please find attached the slides prepared for you from our members:

Markus Myhrberg, Lexia, Finland: GDPR, EU Representative and Data Protection Officer

Stefanos Tsimikalis, Tsimikalis Kalonaru, Greece: The Data Protection Officer

Kelly Dickson, Principal Lawyer at Macpherson Kelley explains the latest development and practical challenges of the Australian Data Protection Framework and its interactions with other countries!

 Meet our Tech expert Chris Huntington, from Nexigen and know more about Risk Management and their new Fishing Platform! 

Available also on Youtube and Youku!

PrivacyRules is proud to launch its webinar series with this Webinar. Our Panelists from Switzerland, Russia, Mexico and Japan will go through their respective Data Transfers frameworks and discuss the main practical issues they face in their countries.

Interested on a specific point? Find it here:

GDPR: 01:19
Swiss Law: 04:29
Russian Law: 11:04
Mexican Law: 14:59
Japan: 19:59
Open Discussion: 26:30

Any question? Send them through the form appearing below the video. Our speakers will answer your questions in a follow-up video!