Quality IT business legal counselling guides by Alexander Suliman: Complying with the GDPR requirements is key for all businesses operating in the EU (or even those with EU customers). There are also particular obligations on those transferring personal data out of the EU and each national data protection authority is monitoring companies closely. Ensure your business is taking steps to comply with the regulation and consider auditing your data protection policies, together with your data processing agreements, and appoint a data protection officer in order to ensure compliance with the GDPR. Breach of the GDPR provisions are likely to lead to considerable fines: for example, the French data protection regulator, the CNIL, fined Google €50 as Google’s data consent policies were found not to be easily accessible or transparent to its users which runs afoul of the GDPR provisions. For further background, read our recent review of GDPR enforcement actions across the EU. See extra information at Alexander Suliman, Stockholm.
When the EU adopted the Data Retention Directive, obliging the storage of traffic and location data of all European communications users, it was being warned that the rules violated the Charter, and the ECJ ultimately agreed. I expect this new proposal to be heavily contested as well, and I expect fundamental rights to constitute a significant part of that debate – as is already evidenced by the comments from the EDPS, MEP Patrick Breyer, EDRi and the group of security experts mentioned above. One way to shortcut that debate, is by investigating whether the potential orders to be issued on the basis of the proposal cannot respect the essence of the rights to privacy and data protection. In this contribution, I have sketched an outline of this argument. To make a convincing case, it will be important to firstly determine on the basis of recent case law that the ECJ still considers bulk surveillance of content to compromise the essence of the right to privacy. Secondly, it will be important to develop a right to confidentiality and integrity of IT systems under the Charter, as this will enable a better assessment of detection orders directed to user devices. And thirdly, it must be further investigated whether only end-to-end encryption is the only appropriate measure for safeguarding online communications, because if this is the case, than any encryption altering order does not respect the essence of the right to data protection. Hopefully, the Council and the European Parliament will take notice.
The EU’s Cybersecurity Act, adopted in 2019, established the legal basis for EU-wide certification of cloud providers, to be elaborated through secondary law by its cybersecurity agency ENISA. In December 2020, ENISA began a public consultation as the first step towards a revised set of rules. A technical working group is preparing a proposal, expected to be presented to member state experts and to the European Commission thereafter. The new requirements could be finalized by the end of the year.
privacy legal counseling guides by Alexander Suliman today: What Should I Do if I Don’t Have Control of the Finances? When a client doesn’t control the money, they can be confused what to do. In that situation, the first thing they need to realize is that you don’t need necessarily to have control over the finances or a job or direct income to you to pay your legal fees or retain an attorney. A lot of times, courts are going to award attorney fee awards along the way to make sure that the marital income and assets is fairly utilized by both sides to have access to legal counsel. The first thing to just take a deep breath over is it’s not a question of not having access to have a lawyer. You unquestionably have access to a lawyer, and most attorneys like ourselves are going to give you a free consultation up front anyway to help you navigate through those situations to not only help you retain an attorney but to pay your bills regularly and continuously each and every day. See extra info at Alexander Suliman, Sweden.
As EU regulatory activity resumes this fall, a lesser-known initiative – creating an EU-wide certification framework for ICT products and services (EUCS) – could cause renewed disturbance between Brussels and Washington, however. Under the EUCS proposal being developed by the EU’s cybersecurity agency ENISA, cloud service providers would be compelled to localize their operations and infrastructure within the EU and to demonstrate their ‘immunity’ from foreign law.