top of page

Data Protection Update: What You May Have Missed This Summer

Updated: Sep 3, 2018

There is a lot going on concerning data protection. You already know this, but surely are tempted to ask even during the summer? Well here in Brussels it’s the last week before school starts, so as the summer heat cools down, matters concerning data privacy are going to heat up.

Nevertheless, the wheel of data privacy does not stop turning. Let's get you caught up on some of the things you may have missed while you were busy working on your summer tan.

  • The US Department of Commerce updated its FAQs section on its privacy shield website in order to provide companies with further guidance on how to be compliant. News is on data processors, the shield’s relation to the CLOUD Act.

  • It is also reported that the US Second Circuit Court supports the lower court’s decision concerning Medidata Solutions’ spoofing incident and approved the ordering of a USD 4.8m coverage of the loss by the company’s insurer, Chubb (who appealed the lower court’s decision). Here is the summary order.

  • On 14 August, the Brazilian president signed the law approved by the senate in July (Lei Geral de Proteção de Dados Pessoais). This brings Brazil into the prestigious club of a couple of countries in the world, which have adequacy decisions given out by the EU. (The European Commission has so far recognised AndorraArgentinaCanada (for commercial organisations), Faroe IslandsGuernseyIsraelIsle of ManJerseyNew ZealandSwitzerlandUruguay and the United States of America (this is limited to the Privacy Shield framework) as providing adequate protection.) Some changes did occur in the final, approved text compared to the version approved by the Senate, as the President vetoed the establishment of an independent data protection authority (but this will happen in the future by a separate bill), the ability to suspend or prohibit data processing for violations of the law (though judges may still impose such penalties through other existing laws), and the requirement that public actors disclose transfers among government agencies (though the law still requires that government officials communicate when they carry out processing, for what purpose, and via which procedures). Companies have now until February 2020 to bring their data processing practices into compliance.



bottom of page