Laws converge to strengthen privacy rights

The GDPR has dominated data protection discourse this year and has been influential in many countries outside Europe. Other prominent data protection law themes which have strengthened privacy rights include:

The Facebook/Cambridge Analytica affair which attracted widespread media attention to the use of personal data for political campaigning. The leading investigation into the convergence of data protection, marketing and political campaigning laws, is being headed by Elizabeth Denham, the UK’s Information Commissioner (covered fully in Privacy Laws & Business United Kingdom Report).
The convergence of data protection and consumer law led by Norway’s Consumer Council and Norway’s Data Protection Commissioner (p.16) and
The convergence of data protection and competition law which falls naturally within the scope of the US Federal Trade Commission but is also a theme in Europe at EU and national levels. The head of Germany’s Federal Cartel Office, Andreas Mundt, said on 1st October that he was “very optimistic” that his office would take action against Facebook this year after finding it had abused its market dominance to gather personal data without consent. In addition, Italy’s Competition Authority has fined Facebook 10 million Euros for violations of the Consumer Code (p.15).

Privacy law developments in the US

The heads of leading US-based tech companies have declared their support for a US federal privacy law (p.26). The new California Consumer Privacy Act (PL&B International Report June 2018 p.7) is clearly an incentive to them as they do not want to be dealing with 50 different state privacy laws, as they do now with the 50 different state data breach laws, also pioneered by California.

Companies which make sweeping statements in support of privacy laws have to pay careful attention to implementation. This tension is illustrated by Microsoft. The company’s Head of Legal, Brad Smith, announced in Brussels on 25 May at the official GDPR launch event, that Microsoft would be implementing the GDPR worldwide. This point was confirmed by Julie Brill, Microsoft’s Corporate Vice President for Privacy and Deputy General Counsel. She said at the DPAs’ Annual Conference in Brussels in October that Microsoft is committed to privacy and has recognised privacy as a fundamental right (p.27). However, the Netherlands’ Data Protection Authority ruled in October that Microsoft’s Windows 10 breaches Dutch data protection law and it will impose sanctions if the violations do not end (p.13).

Conference news

I am pleased to announce that three DP Commissioners confirmed that they will speak at PL&B events in 2019:

Helen Dixon (p.1) Ireland’s Data Protection Commissioner, at PL&B’s Ireland Conference in Dublin on 9th May 2019, organised in association with McCann Fitzgerald,
Andrea Jelinek (p.27), Chair of the European Data Protection Board, will give her first presentation in the UK at PL&B’s 32nd Annual International Conference, 1-3 July 2019 at St. John’s College, Cambridge, and
Elizabeth Denham, the UK’s Information Commissioner, will return to speak at the Cambridge Conference next July.

Our editorial team wish you seasonal greetings and look forward to continuing to provide you with PL&B International Report and PL&B United Kingdom Report in 2019, our 33rd year of continuous publication.


Stewart Dresner, Publisher

International Report 156

Lead story:

Spain adopts GDPR implementing law

The new law entered into force on 7 December.  Rafael García del Poyo of Osborne Clarke reports from Spain.

Contents also include:

  • How Ireland's DP Commission will exercise its powers
  • Comment: GDPR still not in force everywhere
  • Q&A with Helen Dixon
  • Norway’s DPA and Consumer Council support each other
  • Uruguay moves towards the EU GDPR standard
  • DPAs: Ethics comes before, during and after law
  • Japan and Korea: Different paths to EU adequacy
  • Cathay’s data breach catastrophe goes beyond Hong Kong
  • The GDPR’s extra-territorial effect is felt in Hong Kong
  • Asia-Pacific free-trade deals clash with GDPR and Convention 108
  • The role of legal protection insurance
  • Korea’s proposed overhaul of its data protection laws
  • Finland’s new Data Protection Act enters into force on 1 January
  • EDPB issues guidelines on territoriality of the GDPR
  • Windows 10 breaches Dutch law
  • Facebook fined €10m
  • Ethics research issued in HK
  • EU Standard Contractual Clauses case imminent in Ireland
  • EDPB under pressure to produce more GDPR guidance