developments in global data protection transfer how they
play

Developments in Global Data Protection & Transfer: How They - PowerPoint PPT Presentation

Dec 25, 2023 •129 likes •400 views

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Gabriela Kennedy Partner Partner and Head of Asia IP & TMT +1 312 701 8577 +852 2843 2380 reisner@mayerbrown.com

  1. Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Gabriela Kennedy Partner Partner and Head of Asia IP & TMT +1 312 701 8577 +852 2843 2380 reisner@mayerbrown.com gabriela.kennedy@mayerbrownjsm.com Mark Prinsley Lei Shen June 7, 2016 Partner Senior Associate +44 20 3130 3900] +1 312 701 8852 mprinsley@mayerbrown.com lshen@mayerbrown.com

  2. Speakers Rebecca S. Eisner Partner Rebecca S. Eisner is the Partner in Charge of the Chicago office of Mayer Brown LLP and a member of the firm’s Business & Technology Sourcing group. Her practice focuses on complex global cloud and emerging technologies, outsourcing and technology transactions, privacy, data protection and data transfers, Internet and e-commerce law issues. She is a frequent writer and speaker on outsourcing, cloud computing and privacy and data protection topics. data protection topics. Gabriela Kennedy Partner Gabriela Kennedy is a partner of Mayer Brown JSM and head of the Asia IP and TMT group. She is also co-leader of Mayer Brown's global Intellectual Property practice. She is based in Hong Kong, practising intellectual property, privacy , media, information technology and telecommunications law. Gabriela advises extensively on technology and data protection issues in Hong Kong and throughout Asia, particularly in relation to business processing outsourcing, the cross-border transfer of data, data compliance and data breaches. The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 2

  3. Speakers Mark A. Prinsley Partner Mark A. Prinsley is a partner of Mayer Brown and head of the Intellectual Property & IT group in London as well as the outsourcing practice. He is regularly named as a leading individual in the areas of business process outsourcing, information technology and intellectual property by Chambers' UK and Global guides. His practice involves acting for customers at all stages of outsourcing transactions with a particular focus on the financial services sector. Lei Shen Senior Associate Lei Shen is a senior associate in the Cybersecurity & Data Privacy and Business & Technology Sourcing practices in Mayer Brown's Chicago office. Lei focuses her practice on data privacy and cybersecurity, technology and business process outsourcing, and information technology transactions. Lei is a Certified Information Privacy Professional in U.S. privacy law (CIPP/US) and a member of the International Association of Privacy Professionals (IAPP). The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 3

  4. EUROPE: IMPLICATIONS OF THE GENERAL DATA OF THE GENERAL DATA PROTECTION REGULATION

  5. EU General Data Protection Regulation • Implementation – Regulation adopted and published 27 April 2016 and replaces existing EU data privacy regime in May 2018 • Key changes – Territorial scope/application – Compliance obligations Compliance obligations – Rights of data subjects – Sanctions for breach – International transfers The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 5

  6. Territorial Scope/Application • New law is by way of EU Regula�on ̶ should result in a largely harmonised posi�on throughout all EU countries • Applies to processing of personal data – (a) in the context of the activities of a controller or processor established in the EU, irrespective of where the processing takes place; – (b) of data subjects who are in the EU by controllers or processors not established in the EU where the processing relates to offering goods or services to the data subjects the EU where the processing relates to offering goods or services to the data subjects or monitoring the behaviour in the EU of data subjects – NOTE: It applies to Data Processors and Data Controllers The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 6

  7. Compliance Obligations • “Privacy by design” concept builds on current technical and organisational security measures’ obligations on data controllers • More sophisticated requirements for the contractual arrangements between a data controller and a data processor • Formal record-keeping obligations on controllers and processors, records to be open to inspection by information commissioner • Data privacy impact assessments for high-risk processing • Data privacy impact assessments for high-risk processing • Data privacy officers required in some situations The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 7

  8. Enhanced Rights of Data Subjects • Greater transparency of nature of processing – more information to be made available – clear and concise explanations required – likely emergence of “washing instructions” icons • Right to be forgotten • Right to be forgotten – impact on information made publicly available • Data portability – for data an individual has provided to the data controller and where the processing is carried out by automated means • Right to object to processing – potential impact on the “legitimate interests” ground for processing personal data – absolute right to object to processing for direct marketing The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 8

  9. Data Breach and Sanctions (and International Transfers) • Personal data breaches – presumption that Information Commissioner must be notified within 72 hours of the controller becoming aware of the breach – processor under obligation to notify the controller – notification of data subjects only required where there is a high risk to the rights and freedoms of the data subject • Administrative fines • Administrative fines – up to 4% of worldwide annual turnover or € 20 million, whichever is the greater. BUT many qualifications on likely level of fines • Direct legal remedies – greater clarity as to potential for direct proceedings. Consumer class actions possible • International transfers – current regime continues – but that is not the whole story! The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 9

  10. ASIA: CONSTANT CHANGE ASIA: CONSTANT CHANGE

  11. The Emergence of Privacy Legislation Current overarching data privacy law S. Korea Piecemeal approach Japan Proposed/draft data privacy law China Taiwan India Amendment Bill approved in 2015 Hong Kong and will come into force by 2017 The Philippines Thailand Malaysia Singapore Indonesia The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 11

  12. Data Localisation Stringent data localisation restrictions S. Korea Partial data localization restrictions Japan No restrictions China Taiwan India Hong Kong Thailand The Philippines Malaysia Singapore Indonesia The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 12

  13. Personal Data Cross-Border Transfer Restrictions Specific cross-border transfer restrictions Applies to Specific cross-border S. Korea sensitive restrictions not yet in force data only Japan Some cross-border restrictions China Bill approved in 2015 and will come into force by Taiwan India 2017 Hong Kong The Philippines – must Thailand ensure third-party Malaysia provides comparable level of protection Singapore Indonesia The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 13

  14. Marketing Restrictions Specific direct marketing restrictions S. Korea No specific direct Japan marketing restrictions China Taiwan India Hong Kong The Philippines Thailand Malaysia Singapore Indonesia The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 14

  15. Emerging Trends • Data localisation – China and Indonesia • Cybersecurity – HK – HKMA initiated Cybersecurity Fortification Initiative in May 2016, SFC issued Circular on Cybersecurity in March 2016 – China – draft Cybersecurity Law China – draft Cybersecurity Law – Singapore – new Cybersecurity Act will be tabled in Singapore’s parliament in 2017 – Philippines – Sept 2015, National Cybersecurity Inter-Agency Committee and National Cybersecurity Coordination Centre formed The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 15

  16. Emerging Trends ( Cont. ) • Biometric / sensitive data – India –25 March 2016, law passed enabling federal agencies to access Aadhaar database scheme – HK – Electronic Health Record Sharing System (March 2016); guidelines on handling biometric data in July 2015 – Japan – 2015 amendments to introduce restrictions on sensitive personal data in PDPA (come into force in 2017) (come into force in 2017) The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 16

  17. US: DATA BREACH NOTIFICATION LAW NOTIFICATION LAW UPDATES AND RESPONSE TO SAFE HARBOR

  18. Recent US Developments Overview • Recent Updates to US Data Breach Notification Laws • Invalidation of Safe Harbor and Rejection of Privacy Shield The Age Of Disruption HOW EMERGING TECHNOLOGIES AND CYBERSECURITY ARE TRANSFORMING SOURCING 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David Mirchin Head of Technology Transactions Group 2009 2 2010-2011 Bad luck 3 Topics 1. Context: Recent Developments 2. EU: Israel Adequately

534 views • 28 slides
Protection of Emergency Workers and Helpers Recent Developments in International Standards in

Protection of Emergency Workers and Helpers Recent Developments in International Standards in

International Conference on Occupational Radiation Protection: Enhancing the Protection of Workers - Gaps, Challenges and Developments IAEA Headquarters, Vienna, Austria 1 5 December 2014 Protection of Emergency Workers and Helpers Recent

409 views • 18 slides
Data Privacy Compliance in Global Transactions: Navigating Complex Data Protection Laws in U.S.,

Data Privacy Compliance in Global Transactions: Navigating Complex Data Protection Laws in U.S.,

Presenting a live 90-minute webinar with interactive Q&A Data Privacy Compliance in Global Transactions: Navigating Complex Data Protection Laws in U.S., Europe and Asia WEDNESDAY, MARCH 5, 2014 1pm Eastern | 12pm Central | 11am

524 views • 41 slides
CMS Data Transfer tests towards LHC data taking CMS Data Transfer tests towards LHC data taking D

CMS Data Transfer tests towards LHC data taking CMS Data Transfer tests towards LHC data taking D

CMS Data Transfer tests towards LHC data taking CMS Data Transfer tests towards LHC data taking D Bonacorsi CMS Facilities Infrastructure Operations INFN CNAF Bologna Italy On behalf of the CMS experiment

766 views • 48 slides
Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special Counsel, Data Privacy GTC Law Group Distinguished Fellow, Ponemon Institute The Universe of Current Privacy Concerns n The Privacy world is today

698 views • 40 slides
Navigating the New Consumer Product Regulatory Landscape: Developments in Consumer Protection at

Navigating the New Consumer Product Regulatory Landscape: Developments in Consumer Protection at

Navigating the New Consumer Product Regulatory Landscape: Developments in Consumer Protection at the Agencies and in the Courts CHERYL A. FALVEY JENNIFER S. ROMANO Crowell & Moring LLP Agenda Regulatory Developments Impacting

661 views • 22 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Detecting Safety issues: will new scientific developments strengthen public health protection?

Detecting Safety issues: will new scientific developments strengthen public health protection?

Detecting Safety issues: will new scientific developments strengthen public health protection? Developments in the last 10 years for dr. Thomas Lnngren Prof. dr. Miriam CJM Sturkenboom Methods/resources for evaluation of drug safety 1950s

539 views • 39 slides
Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
1 rdt2.0: FSM specification rdt2.0: operation with no errors rdt_send(data) rdt_send(data)

1 rdt2.0: FSM specification rdt2.0: operation with no errors rdt_send(data) rdt_send(data)

Principles of Reliable data transfer important in app., transport, link layers top-10 list of important networking topics! Reliable Data Transfer characteristics of unreliable channel will determine complexity of reliable data transfer

229 views • 6 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
The Telephone Consumer Protection Act (TCPA) Recent Developments and Takeaways from the

The Telephone Consumer Protection Act (TCPA) Recent Developments and Takeaways from the

The Telephone Consumer Protection Act (TCPA) Recent Developments and Takeaways from the Oral Argument in the Appeal Challenging the FCCs Interpretations of the Act Charles E. Harris II Archis A. Parasharami Rebecca J. Lobenherz

734 views • 36 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
ICRP Transfer Group Report Justin Brown (Norwegian Radiation Protection Authority) IAEA EMRAS II,

ICRP Transfer Group Report Justin Brown (Norwegian Radiation Protection Authority) IAEA EMRAS II,

ICRP Transfer Group Report Justin Brown (Norwegian Radiation Protection Authority) IAEA EMRAS II, WG-5, 8th Sep. 2010 www.nrpa.no Background TG 73 Transfer Factor Values for estimating exposures of RAPs in environmental modelling contexts

364 views • 25 slides
Valuation Developments for Closely Held Businesses SPE SPEAKERS: Timothy K. Bronza James I.

Valuation Developments for Closely Held Businesses SPE SPEAKERS: Timothy K. Bronza James I.

Valuable Valuation Developments for Closely Held Businesses SPE SPEAKERS: Timothy K. Bronza James I. Dougherty Abigail R. Earthman Todd G. Povlich Agenda Entire transfer tax system based on taxing the gratuitous transfer of value

527 views • 34 slides
Inter-Registrar Transfer Policy Part B PDP Proposed Final

Inter-Registrar Transfer Policy Part B PDP Proposed Final

Inter-Registrar Transfer Policy Part B PDP Proposed Final Report IRTP Part B PDP Working Group Background Inter-Registrar Transfer Policy (IRTP) Straightforward

403 views • 18 slides
2020 Original Adopted Budget Final BoCC Direction Sherri Cassidy, CPFO Chief Financial Officer

2020 Original Adopted Budget Final BoCC Direction Sherri Cassidy, CPFO Chief Financial Officer

2020 Original Adopted Budget Final BoCC Direction Sherri Cassidy, CPFO Chief Financial Officer November 14, 2019 Revenue Updates Reserve Strategy Presentation Overview Next Steps Updated Roadmap 2 Financial Services

233 views • 8 slides
The application form is also available on the website of the Middle East Regional Direction (DRMO)

The application form is also available on the website of the Middle East Regional Direction (DRMO)

INTER-UNIVERSITY SCIENTIFIC COOPERATION PROJECTS (PCSI) MIDDLE EAST REGIONAL DIRECTION AGENCE UNIVERSITAIRE DE LA FRANCOPHONIE 2019 Regional Invitation to Tender PRESENTATION DOCUMENT Applications Deadline: May 31, 2019 This document contains

84 views • 4 slides
I-70 East Partially Covered Lowered (PCL) Alternative 1 Transportation Commission, June 2014

I-70 East Partially Covered Lowered (PCL) Alternative 1 Transportation Commission, June 2014

I-70 East Partially Covered Lowered (PCL) Alternative 1 Transportation Commission, June 2014

316 views • 20 slides
Tab B, No. 9c T January 2018 Alternative 1. No Action. For landings history vessels, continue to

Tab B, No. 9c T January 2018 Alternative 1. No Action. For landings history vessels, continue to

Tab B, No. 9c T January 2018 Alternative 1. No Action. For landings history vessels, continue to manage the reef fish species chosen in Action 2 using current recreational seasons, size limits, and bag limits. Alternative 2. For landings history

516 views • 28 slides
TUPE an update Lee Jefcott Employment Lawyer What is TUPE ? a reminder Transfer of

TUPE an update Lee Jefcott Employment Lawyer What is TUPE ? a reminder Transfer of

TUPE an update Lee Jefcott Employment Lawyer What is TUPE ? a reminder Transfer of Undertakings (Protection of Employment) Regulations 2006 TUPE Its right that workers should be protected when they transfer to a new

293 views • 12 slides
General Presentation Groenewout Breda, January 2018 9026X133 PR&Marketing/General

General Presentation Groenewout Breda, January 2018 9026X133 PR&Marketing/General

General Presentation Groenewout Breda, January 2018 9026X133 PR&Marketing/General Presentation The recommendations, advice and conclusions, mentioned in this report, are based on the information and data provided by client. Savings,

465 views • 20 slides
CCPS Consortia, Collaboration & Mergers Thursday 25 th March Roddy Stewart CEiS CEiS About

CCPS Consortia, Collaboration & Mergers Thursday 25 th March Roddy Stewart CEiS CEiS About

CCPS Consortia, Collaboration & Mergers Thursday 25 th March Roddy Stewart CEiS CEiS About CEiS We are a social enterprise and registered charity. Our Vision is for communities and individuals who are economically disadvantaged to

503 views • 22 slides

More recommend