Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

US Consumer Financial Protection Bureau guidelines for third-party financial data sharing

Jacob Reed

On October 18, the U.S. Consumer Financial Protection Bureau (CFPB) published nine principles for the protection of consumers in the emerging financial data aggregation industry. The CFPB, which is charged with ensuring consumer access to fair and transparent financial services, emphasized that the principles are not intended as guidance on existing laws and regulations and Read More

WP29 draft guidelines on profiling and automated decision-making under the GDPR

Ondrej Kramolis

On 17 October, the Article 29 Working Party (WP29) published new draft guidelines on profiling and automated decision-making under the GDPR (the Guidelines). The Guidelines identify two benefits of profiling – increased efficiencies and resource savings and note that profiling and automated-decision making can be used to tailor services and products to align with individual Read More

ICANN to reconsider the .Amazon domain applications

David Stone

Amazon filed applications for the .AMAZON top-level domains in several scripts in 2012. Five years later, ICANN will re-examine the applications after an Independent Review Process (“IRP”) proceeding. The IRP Panel found that ICANN’s Board failed to demonstrate the existence of public policy reasons for denying the applications. The early stages of the .AMAZON application Read More

WP29 guidelines on personal data breach notification under GDPR

Anita Anand

The Article 29 Working Party this week published draft Guidelines on personal data breach notification under GDPR.  The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day.  Many are now asking what further clarity the draft guidelines bring for companies Read More

A first look at the New UK Data Protection Bill

Praveeta Thayalan

The new UK Data Protection Bill (the Bill) was published on 14 September 2017 and, once enacted, will repeal the Data Protection Act 1998 (the DPA). The Bill preserves parts of the DPA and implements the standards of the General Data Protection Regulation (the GDPR) across the categories of data processing within the scope of Read More

UK government publishes its data protection wish list for Brexit

David Smith

On 24 August 2017, the UK Government’s Department for Exiting the European Union published a future partnership paper outlining its proposal for a shared approach to data protection following Brexit.  The paper represents a welcome initiative from the UK Government as it seeks to preserve the UK’s position, participation and influence in EU data protection Read More