33rd Anniversary edition of Privacy Laws & Business International Report



This PL&B International Report is our 33rd Anniversary edition where we report on an increase from 10 national privacy laws in February 1987 to 142 today. As a subscriber, you can follow this narrative by logging into PL&B’s website. You can search using any word. As this edition has a front page story on India, I looked back and found that the May/June 2003 edition had India plans EU-style data law as its front page story! Will Indonesia (p.9) – the world’s fourth most populous country, beat India (p.1) – the worlds’ second most populous country - to the finishing line of adopting a national data protection law?

Professors Graham Greenleaf and Bertil Cottier have updated their survey which we published a year ago, summarising the 10 new laws in Africa, Asia and the Caribbean, totalling 62 new laws in the last decade (p.24).

EU adequacy, Standard Contractual Clauses and icons

While Korea has now announced 5 August as the date when its new data protection law will enter into force (p.21), it is an open question whether Korea or the United Kingdom (p.31) will be the next country to earn an EU adequacy decision from the European Union. While the assessment of Korea is likely to be mainly on technical grounds, the EU’s decision on the UK is likely to have a political dimension as part of a wider negotiation on the UK’s exit from the EU. Wojciech Wiewiórowski, European Data Protection Supervisor, referred to this aspect when he declared publicly last month that the decision on whether the ICO, the UK’s DPA, can continue its participation in the European Data Protection Board (as an observer) will be mainly a political one (p.15).

Law firms and companies will focus their attention on the decision of the Court of Justice of the European Union in the Schrems II case on the validity and effectiveness of Standard Contractual Clauses (p.11), expected in the next few months.

The GDPR is complex so I expect that individuals will gain benefit from the widespread adoption of an easy to understand icon system (p.16). This approach is also advocated by the academic paper (p.30) whose principal author is Privacy Laws & Business’s long-standing academic supporter since 1986, Professor Joel Reidenberg of Fordham University Law School, New York. He demonstrated his foresight in another area 20 years ago when he assessed the EU-US Safe Harbor, and found it lacking, a line of argument followed in October 2015 by the European Court of Justice. As with Professors Greenleaf and Cottier, we bring to your attention the most relevant academic work when it illuminates privacy issues relevant to business.

The EU’s GDPR has influenced many national laws across the world. Whether these laws can hold powerful online companies to account remains a question still to be resolved. Facebook has established a new Oversight Board (p.18) which is a step forward but inevitably has attracted critics regarding its personnel and the extent of their influence on the company. Another countervailing force is consumer organisations. I expect that the research and advocacy work of the Norwegian Consumer Council (p.26), such as its publication last month of Out of control on adtech tracking and profiling, will be needed for the foreseeable future.

Next PL&B Conferences

Germany’s data protection law: Trends, opportunities and conflicts, 11 March, London

Although the GDPR has applied fully only since May 2018, there are already moves to update it by the European Commission (p.10) and Germany’s Data Protection Authorities (p.29). We will focus on the working of German data protection law at this conference.

Nowhere to Hide, 29 June-1 July, Cambridge

In just over four months, we will hold PL&B's 33rd Annual International Conference, Nowhere to Hide, and you can now see the first partial list of speakers (p.31). Registration is now open.

We look forward to receiving your feedback and meeting you at our events.

Regards,

Stewart Dresner, Publisher

International Report 163

Lead story:

New GDPR law for Greece

Spyridon Vlachopoulos and Vassiliki Christou from the University ofAthens explain new aspects and limitations of this law.

Contents also include:

  • Comment: Korea amends its privacy laws; Greece adopts GDPR law
  • India’s data privacy Bill
  • EU Council GDPR position
  • Data protection and AI
  • Schrems II: SCCs valid and effective?
  • A decade of 62 new DP laws
  • How to regulate facial recognition?
  • Korea amends Act
  • GDPR data protection icons
  • Book Review: EEA DP Regulation
  • Facebook’s new Oversight Board
  • Berlin DPA imposes €14.5millionfine
  • Indonesia’s data Bill in Parliament
  • CNIL issues whistle blowing guidelines
  • Italy’s DPA issues €11.5 million fine
  • Facebook to pay $550 million
  • GDPR survey on fines, notifications
  • Norway’s Consumer Council: Adtech
  • Balancing privacy and biometrics
  • German DPAs propose GDPR changes
  • South Africa’s law in force soon
  • UK ICO delays BA, Marriott fines
  • Proposal on privacy indicators
  • UK adequacy by the end of 2020?
  • New Chair for OECD privacy WP