Switzerland is in the process of adopting legislation on electronic identification. The Federal Council published a preliminary draft e-ID Act and opened it for consultation by any interested actors. The Federal Council recently shared the consultation findings and commissioned the Federal Department of Justice and Police to prepare a revised draft act by Summer 2018.
The US District Court for the District of New Jersey recently granted Travelers' motion to dismiss Posco Daewoo America Corporation's suit for coverage under the computer fraud provision of its crime insurance policy. Daewoo had sought coverage for amounts that had been designated for payment to it by a third-party supplier and stolen after a criminal impersonated a Daewoo employee. The court held that the crime policy did not cover the lost sums because Daewoo had not owned the stolen money.
Data protection law is set for a radical overhaul in 2018 and accountancy firms should be preparing now for the changes and the compliance challenges that this will bring. The EU General Data Protection Regulation (GDPR) is an attempt to harmonise data protection laws across Europe. The United Kingdom's recently announced Data Protection Bill (which will replace the existing Data Protection Act) will transpose the GDPR into UK law and will be applicable despite Brexit.
Recent judicial interpretations of the Illinois Biometric Information Privacy Act present potential litigation risks for retailers that employ biometric-capture technology. Federal judges in various district courts have allowed cases to move forward against companies such as Facebook, Google and Shutterfly, and retailers that use biometric data may also become litigation targets as federal judges decline to narrow the statute's applicability and additional states consider passing copycat statutes.
The EU General Data Protection Regulation left room for member states to introduce their own laws in certain areas, including in relation to employment law. As such, the government has now released the draft Data Protection Bill, which is the first glimpse of what will eventually evolve into the Data Protection Act 2018. The bill does not contain major surprises from an employer's perspective, but there is increasing emphasis on the importance of policy documents and record keeping.
The Federal Council recently issued a draft of the revised Federal Data Protection Act. This draft marks yet another decisive step towards the overhaul of the Swiss data protection landscape. The act's revision is an ongoing process intended to modernise Switzerland's data protection landscape and align it with revised EU legislation.
The government recently issued a statement of intent to publish a new Data Protection Bill. The bill will bring into law the EU General Data Protection Regulation, which takes effect in the United Kingdom in May 2018 and will be the most comprehensive overhaul of data protection law this generation. The new regime for handling personal data has challenges for employers in their capacity as data controllers with increased rights for individuals and enhanced fines for non-compliance.
The Hangzhou Internet Court was recently inaugurated. It has first-instance jurisdiction over a range of disputes, including contract disputes arising from online shopping services and small loans, disputes over internet copyright ownership and infringement, and product liability claims for goods purchased online. This move comes after the Supreme People's Court piloted a programme in May 2017 which granted the Hangzhou Railway Transport Court jurisdiction over five categories of internet-related civil cases.
The telecoms sector is on the move, with numerous revisions being made to upcoming legislation. The first to enter into force is the revision of the Intelligence and Security Act, followed by the revision of the Lawful Interception Act. The other revisions have yet to reach Parliament. The pending revisions request that providers remain alert and continually adapt their processes in order to remain compliant.
The Data Protection Authority recently published two guidelines on the implementation of Law 6698 on the Protection of Personal Data on its website. Although these guidelines are not pieces of legislation or legally binding, they include detailed information on the implementation of data protection concepts and procedures regulated under the law. Therefore, it is important to review these guidelines to understand the Data Protection Authority's perspective on data protection-related obligations.
The widely publicised amendments to the Act on the Protection of Personal Information recently came into force. In addition to changing how companies must handle personal information, the amendments reflect a significant shift in how such obligations are regulated and enforced. They also mark the establishment of the Personal Information Protection Commission, which will be the regulatory body responsible for managing and ensuring compliance with the amended act.
For companies that are interested in entering the Russian market, but reluctant to establish a physical presence in the country, an online presence can be a viable alternative. The legal requirements for selling goods to Russian customers online are similar to those of other countries. In addition to complying with the mandatory requirements of Russian law, sellers should also make use of the benefits offered therein.
Following the enactment of Law 6698 on the Protection of Personal Data, Turkey is preparing relevant secondary legislation. The Draft Regulation on the Data Controllers' Registry and the Draft Regulation on the Erasure, Destruction or Anonymisation of Personal Data were recently published on the website of the Data Protection Authority (DPA) for public consultation. The DPA is also organising meetings with the public and private sectors to gather their opinions and comments on the regulations.
Approximately one year before the General Data Protection Regulation will come fully into force, the Austrian legislature has officially started a six-week consultation process for the national Data Protection Amendment Act 2018. If and to what extent the legislature will make use of the competencies provided for by the 'opening clauses' in the General Data Protection Regulation is highly relevant to companies, and the amendment act has answered this question.
The cyber threat to UK businesses is ever increasing, particularly as hackers develop new variants and methods with which to target businesses. Businesses need to regard cybersecurity as a priority and should have risk management strategies in place to prepare and rehearse for cyber and data breach incidents.
The Information Commissioner's Office consultation on its draft General Data Protection Regulation Consent Guidance recently ended. Of key relevance to the insurance sector is the position that consent should not be a precondition of a service. As an insurance policy cannot be provided without 'explicit consent', the consent will have to be 'conditional'; that is, individuals will have to be told that if they do not consent, they cannot take out the policy.
Four significant decisions have recently affected how data controllers respond to subject access requests (SARs) under the Data Protection Act 1998. In one case, the court declined to enforce further compliance with a SAR as the data controller had already carried out proportionate searches and properly applied the privilege exemption. In the others, it considered the limits on a data controller's obligations when responding to a SAR.
Under the Data Protection Law, data controllers must take all necessary technical and administrative measures to ensure an adequate level of security to prevent unlawful processing of and access to personal data and to safeguard such data. Data controllers should provide the required supervision within their own institution or agency or outsource this service to an independent third party to ensure compliance with the Data Protection Law.
While the media's attention has recently been lavished on Brexit and President Trump, there is one news story that will affect businesses across Jersey sooner than might be expected: the implementation of the General Data Protection Regulation. Jersey businesses must ensure that they comply with the new regulation when it comes into force in May 2018. That means starting work now to assess the impact of the regulation and decide what changes will be needed to ensure compliance.
One of the many obligations imposed on data controllers by Law 6698 on the Protection of Personal Data is to provide certain information to data subjects during the collection of their personal data, including the identity of the data controller and its legal representative and to whom and for what purpose the processed personal data can be transferred. These provisions are in line with the EU Data Protection Directive (95/46/EC), with certain distinctions.