July 17, 2019

July 16, 2019

Subscribe to Latest Legal News and Analysis

July 15, 2019

Subscribe to Latest Legal News and Analysis

EU – US Data Transfer/Safe Harbor Talks, German IT Security and More: Data Privacy Alert for 27 July 2015


EU – US Data Transfer/Safe Harbor Talks Inch Closer to Deal On 23 July 2015, high level talks recommenced between Vera Jourová and Penny Pritzer with the intention of strengthening the Trans-Atlantic data transfer agreement and resolving the remaining disputes in relation to the agreement. The two officials continue to disagree on the issue of whether US authorities should be able to access personal data for national security purposes.

Following the talks, the EU justice chief Vera Jourová commented that she is aiming for a finalization of discussions in the coming weeks.


Bundestag Adopts Draft Law on IT Security

The Bundestag, the German Federal Parliament, has recently adopted controversial draft law on IT security. The draft aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The Federal Office for Information Security (BSI) has been given a fundamental role and fines of 100,000 euros for non-compliance will be enforced.

The draft has previously been criticized by German privacy watchdogs and consumer organizations who suggest that it does not protect data adequately.

German Privacy Commissioner Presents Activity Report for 2013 and 2014

Last month, the German Privacy Commissioner, Andrea Voßhoff, presented the 25th activity report on data protection to the German Parliament. Voßhoff called for more resources to be dedicated to her administration and for the administration to be provided with the opportunity to present activity reports to the parliamentary plenum in the future. In relation to the Cookie Directive, Voßhoff called for the legislator to implement the consent solution clearly in the German Telemedia Act.

Federal Government Provides Draft on WLAN Liability to EU Commission

The German Federal Government has recently presented its controversial draft to the EU Commission concerning WLAN providers’ liability in respect of disturbances. The draft has undergone minor revision after strong criticism from public authorities as well as commercial and private providers. The draft now stipulates that WLAN providers shall not be principally responsible for infringements by WLAN users and that any liability as a result of disturbances should be avoided through reasonable protective measures.

Federal Privacy Authorities Examine Social Networks and Dating Portals

In a press release, the privacy officer of Baden-Württemberg announced that several federal states, notably Hamburg, Bavaria and Baden-Württemberg, are in the process of randomly examining social networks and dating portals in order to ensure that they are compliant with German data privacy laws. Numerous companies registered in these states have received comprehensive questionnaires on how they manage personal user data. The companies are expected to these requests by the end of July.


Tier 1 Applicants Required to Provide Criminal Record Certificates

The government has introduced a new requirement for Tier 1 entry clearance applicants to provide criminal record certificates. From 1 September 2015, investors and entrepreneurs applying for entry to the UK will need to supply certificates from any country they have lived in for 12 months or more in the 10 years prior.

Hackers Leak Data Stolen from Infidelity Website

On 20 July, hackers stole data from Ashley Madison, an infidelity website, and are threatening to make personal details of subscribers publicly available. Ashley Madison has been attempting to keep the stolen data off the web through the use of legislation such as the Digital Millennium Copyright Act (DMCA).

UK Government Announces FOIA Review

The UK Government announced this week the setting up of a five person commission to consider whether the Freedom of Information Act 2000 is too expensive and overly intrusive. Cabinet Office Minister, Matthew Hancock, stated that the Commission would “consider whether there is an appropriate public interest balance between transparency, accountability and the need for sensitive information to have robust protection”. The Information Commission has stated he believes the FOIA to be fit for purpose. 

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Mark Gleeson, Data Protection, Privacy, attorney, Squire Patton Boggs law firm

Mark is a partner in London specialising in data protection, privacy and freedom of information.

Mark has considerable experience of advising leading private and public sector organisations, both nationally and internationally, on information law. He advises on both a compliance and strategic basis. 

He has advised on and managed a large number of multi-jurisdictional data projects. 

He has particular expertise in advising on the exploitation and monetisation of information including the use of data including behavioural and location information....

+44 20 7655 1465
Caroline Egan Lawyer Squire Patton Data Protection

Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and crossjurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

Caroline lectures on domestic and cross-jurisdictional data protection issues, and was named a notable practitioner in data protection law in Chambers UK.


  • Advising a US based implementer of global HR databases utilising a cloud-based solution on the different forms of agreement required to satisfy EU compliance requirements, depending on the Safe Harbour status of its clients, and the capacity in which data is received from Europe, and on achieving Safe Harbour status as a pure processor and negotiating the relevant terms of individual agreements, with their clients.
  • Providing data protection training to clients in a variety of sectors, including IT, retail, leisure, customer services and financial services.
  • Advising businesses on all aspects of acquiring and lawfully using customer data, including usage in connection with advertising and marketing, both on and off line.
  • Advising a major US group with worldwide subsidiaries on a number of major international projects involving the transfer of personal data outside the EEA from 17 European jurisdictions. Projects have included outsourced IT projects, employment appraisal procedures, personnel administration, provision of international emergency assistance and insurance related matters. Caroline dealt with UK compliance and project-managed compliance across all affected jurisdictions, working both with data protection experts in our continental European offices and with independent lawyers in other countries. She also provided briefings, core summaries of requirements and training to key senior US and UK personnel.
  • Advising a leading global medical products company on compliance with European data protection law in its rollout of a global HR database, involving transfers of data to entities from a significant number of European countries outside the EEA both within the client group and to third party service providers.
  • Advising a number of major organisations in fields as varied as medical products, pensions and IT service providers on addressing data security breach issues, in some cases at UK level only, but in others involving the law of multiple jurisdictions.
  • Advising a number of global companies with US parents on the strategic advantages and disadvantages of Safe Harbour certification and use of the EC approved Model Clauses.
Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal...

+49 30 72616 8226