On 1 May 2018, the “Information Security Technology – Personal Information Security Specification” (PI-Specification) by China’s National Information Security Standardization Technical Committee (NISSTC) will come into effect. The PI-Specification, inter alia, provides guidance on the collection, storage, use, transfer and disclosure of personal information. While the PI Specification is voluntary and not legally binding, it is likely that Chinese regulators will take into account breaches of the PI Specification when enforcing cybersecurity obligations.

The requirements for the collection, use, and storage of personal information are briefly outlined below. Continue Reading China Issues New Standards on Personal Information Security

Christian Wulff, a former German Federal President who resigned in February 2012, caught the attention of the public in May 2015 with his announcement that he was back together with his ex-wife Bettina Wulff. Following this, the press published a photograph of him pushing a cart at the parking lot of a supermarket next to his wife, Bettina Wulff. Mr. Wulff felt hurt in his right to privacy. He filed a lawsuit aiming to prohibit the publication of this private photo. In first and second instance Mr. Wulff was successful; the German Federal Court now overruled the previous decisions and decided that Mr. Wulff’s right to privacy were not infringed by the publication of the photo. Continue Reading The Right to Privacy of a Former Federal President

An increasing number of financial institutions and fintech companies are coming together to create consortia or shared utility service providers that will identify, design, build and provide emerging technologies like blockchain and the possibility of using decentralized, distributed ledger technology that can be accessed and used by market participants to record information. Continue Reading Challenges with the Evolution of Blockchain

On 7 November 2016, the Standing Committee of the National People’s Congress has formally passed China’s first comprehensive privacy and security regulation for cyberspace. Since the new Cyber Security Law (CSL) will come into effect on 1 June 2017, technology companies that are operating in or planning to expand to the Peoples Republic of China (PRC) are well advised to adapt their IT infrastructure and data architecture to the new law. Violations of the law may, at worst, lead to high fines, website shutdowns or license revocations. Some of the most significant changes brought about by the new law are briefly outlined below. Continue Reading China Adopts New Law on Cybersecurity

On 14 February 2017, the organization Cloud Infrastructure Services Providers in Europe (CISPE) issued a press release that a number of leading cloud computing vendors operating in Europe have declared compliance with the CISPE Data Protection Code of Conduct (the “Code”) for some or all their services. All cloud infrastructure services compliant with the Code requirements are listed on the CISPE Public Register. The providers of these services can display a certification mark on their websites to notify their customers of their services’ compliance with the Code. Continue Reading European Cloud Industry Body Sets Up Data Protection Code of Conduct

According to press reports, German car giant Volkswagen has banned its employees from using the wildly popular smartphone app Pokémon GO during work hours. Reportedly, the company cited impaired attention and distraction from work as the primary grounds for the prohibition, but data security and privacy issues are supposedly involved as well. Volkswagen has not yet made an official statement on the ban.

This app in particular and augmented reality in general pose many legal questions, especially, in the field of privacy law. The most pressing privacy issue with Pokémon GO seems to be the constant tracking of geolocation data. By agreeing to the Pokémon GO Privacy Policy, the user allows Niantic, the company behind the app, to track the user’s “device location […] and some of that location information, along with [the] user name” any time he or she uses the app. Continue Reading ‘Pokémon GO’ and Privacy Issues

On 12 August 2016, the Cyberspace Administration of China (“CAC”), the General Administration of Quality Supervision, the Inspection and Quarantine of China (“GAQSIQ”), and the Standardisation Administration of China (“SAC”) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the “Guidelines”). Under the Guidelines, mandatory national standards will be introduced to regulate critical fields such as major information technology infrastructure and classified networks in an effort to harmonise the current divergent local practice. Continue Reading China Releases Guidelines to Strengthen Cybersecurity Standardisation

Efforts to coordinate and enhance cybersecurity across the European Union (“EU”) have taken a step forward with the publication on 19 July 2016 of the new Network and Information Security Directive (2016/1148/EU) (the “Directive”) in the Official Journal of the European Union. Member States will have until 9 May 2018 to transpose the Directive into their national laws. Continue Reading A new EU Framework on Cybersecurity: The Network and Information Security Directive

In banking, open data, a common pool of customer data that can be freely used and redistributed by anyone, could provide a number of benefits to customers and could increase competition in banking in the UK as well as in other jurisdictions. For example, open data could be used to improve the ability to make effective decisions about the use and management of money, or enable comparison applications to make more detailed and accurate assessments of how customers can save money. Continue Reading The Development of Data Sharing and Open Data in Banking

Today’s cars include up to 100 electronic control units as well as numerous sensor networks and assistance systems. While these devices can improve the comfort and safety of the driver and passengers, they also can collect and store a great deal of information about the current driving pattern, geolocation, traffic or even weather conditions. Some data collected this way Continue Reading Data Privacy and Ownership – Who Owns Car-Generated Data?