PL&B International, Issue 154
August 2018


Lead story:
California passes strictest data privacy law in the US

Businesses covered by the new Act must work towards meeting the requirements before 1 January 2020. Michelle Hon Donovan and Sandra A. Jeskie of Duane Morris LLP report from California.


Subscribe




Issue price: £105 + VAT

Also includes:

  • Japan’s proposed EU adequacy assessment: Substantive issues
  • Japan and EU agree on adequacy
  • Nordic DP developments
  • Modernised’ data protection Convention 108+ and the GDPR
  • GDPR implementation falls behind in 10 EU Member States
  • UK ICO promotes certification and codes of conduct
  • GDPR: Unintended consequences
  • Big Data, purpose use limitation and ethics under the GDPR
  • The differences between the UK DP Act 2018 and the GDPR
  • Who will get first big GDPR fine?
  • Italy issues a standard on certifying Data Protection Officers
  • Blockchain demystified
  • Managing GDPR in a B2B company: An Italian experience
  • Taiwan and Mauritius to apply for EU adequacy
  • Faults’ with Facebook’s and Google’s GDPR privacy updates
  • Netherlands’ DPA starts Article 30 GDPR checks
  • Brazil passes DP Bill
  • Still no end in sight for EU e-Privacy Regulation
  • Kenya publishes DP Bill
  • EU Parliament calls for EU-US Privacy Shield suspension

 

Publisher's note

It was 40 years ago today

It was 40 years ago today that my article in The Times was published in the United Kingdom. It made the case for the Minister of Transport to make it public whenever a safety related fault was found in cars. Until that time, such recalls had been communicated to car dealers but, were covered by the Official Secrets Act so were not available to car owners or the media. Car manufacturers were not keen that information on their faulty cars became known, a disincentive to potential buyers of their models.

Click for full article

The day after publication, I was invited to visit the Ministry of Transport where civil servants told me that the Minister had read my article and had agreed that recalls of faulty cars should be made public. As a result, he changed government policy so that from then on, the Ministry of Transport published press releases about the recall of faulty cars.

This example is one of a series of consumer related issues which led in 2000 to the adoption of the UK’s Freedom of Information Act. The PL&B UK Report still covers both data protection and freedom of Information and related laws.

A recommendation to government on data protection law aspects of Brexit

Last month, I wrote to the UK’s Prime Minister, other ministers and the Shadow Minister for Exiting the EU with the July edition of the PL&B UK Report. I made the case, from the data protection law perspective, for the UK staying within the European Economic Area supported by the experience of Iceland outside but alongside the European Union.

Our lead story was on the presentation by Iceland’s Data Protection Commissioner, Helga Þórisdóttir, at last month’s PL&B 31st Annual International Conference in Cambridge. She explained the flexibility this position provides to Iceland closely matching the flexibility sought by the UK government in its negotiations with the EU. A video clip of her presentation on Iceland’s data protection law on our YouTube channel.

PL&B remains forward looking

We remain forward looking. Accountability is a continuing theme. This edition has an article on blockchain, probably the most complex article we have ever published but made as clear as possible with the help of the team responsible for this conference session. The article on preparing for the GDPR in an Italy-based multinational company demonstrates that such work is the art of the possible. Certification is a work in progress and takes different forms as we see in Italy and the UK.

Collective action under Art. 80 GDPR gets the green light

It is clear from the start of my article in The Times, that the law suit in the US against British Leyland regarding their allegedly defective cars was conducted by a group of consumers. This similar right for individuals to a private right of action is now available under the GDPR and we will explore national experience and the potential for such action in the future in a half day conference in Brussels on 23 October. PL&B is organising this conference together with the Brussels Privacy Hub, a privacy advocacy organisation so we will cover this subject from as many angles as possible. We will keep you informed.
 
Best Regards

Stewart Dresner, Publisher