On 13 September 2017, the Commission issued a proposal for a Regulation to strengthen the role of the EU Agency for Network and Information Security (“ENISA“) by:

  • granting it a permanent mandate;
  • clarifying its role as the information hub of the EU for cybersecurity; and
  • tasking it with the responsibility of proactively contributing to policy in the area of network information and security.

The proposal also introduces EU-wide cybersecurity certification schemes for ICT products and services, which will be prepared by ENISA.  This aims to address current market fragmentation and provide a comprehensive set of cybersecurity rules, technical requirements, standards and procedures. Continue Reading EU Commission proposes stronger mandate for ENISA and EU-wide cybersecurity certification

The UK Government has released a “Future Partnership” paper setting out its vision for UK-EU data flows post-Brexit. In particular, the paper anticipates seeking an early UK-EU agreement that each area’s data protection laws provide equivalent protection, which would allow data to continue to flow between the EU, the UK and other third countries post-Brexit.  Continue Reading UK Government seeks EU equivalency for UK data protection law post-Brexit

With holiday season upon us, earlier this week Matt Hancock, the UK Government’s Digital Minister, announced proposals for a new UK data protection law. Previously covered on this blog here and here, little new of substance was announced, but in a slow news week, the announcement garnered significant UK media coverage and attention.  Continue Reading UK’s Digital Minister announces changes to UK data protection law

This week heralded further progress for the European Digital Single Market strategy, with the online content portability regulation mentioned previously on this blog coming into force on 20 July 2017, following publication of this regulation in the EU Official Journal on 30 June 2017. The regulation itself sets out a number of key dates during next year and onwards for content providers and consumers alike to watch for. Continue Reading ‘Watch like at home’: dates worth watching for

Following the Government’s decision to include a revised data protection law in the Queen’s Speech last month, the House of Lords EU Home Affairs Sub-Committee reviewed the potential implications on national security, stability and public safety of the UK exiting the European Union without an agreement to ensure there is unhindered data flow between the two sides. The Committee issued a stark warning that it was “struck by the lack of detail” on how the Government would ensure that the UK data protection regime continues to allow data transfer with the European Union in a post-Brexit world.

Continue Reading UK Data protection post-Brexit: a “cliff-edge”?

In a judgment delivered on 14 June 2017, the Court of Justice of the European Union (CJEU) decided that making available a online sharing platform falls within the concept of “communication to the public” for the purposes of copyright law, and can therefore amount to infringement of copyright in protected works which are shared via that platform. This decision bolsters the ability of copyright owners to pursue the operators of such platforms, and to obtain relief against intermediaries (in particular ISPs) forcing them to block their users from accessing such platforms.

The immediate practical consequence of the CJEU’s decision is that the national courts are entitled to grant blocking injunctions against ISPs in order to block users from accessing TPB. This is plainly a positive outcome from the point of view of copyright holders, giving them stronger rights to restrict unauthorised distribution of their protected works. The generally pro-rightsholder approach of the CJEU in this case mirrors the recent efforts of the English courts to modernise its remedies in order to secure adequate protection against infringing activities, as reported in a previous blog post.

Continue Reading Providing an online sharing platform is an “act of communication”, says the CJEU

A revised data protection law forms part of the new government’s legislative agenda for the UK. Key points in the Queen’s Speech on 21 June 2017 were that a new UK Data Protection Bill (the Bill) will replace the current Data Protection Act 1998; the new Bill will implement the EU General Data Protection Regulation (GDPR) in the UK (a fact that the party manifestos were silent on before the election); and the government intends to put the UK in the best position to maintain data sharing across the EU and internationally. These points remained unchallenged in the subsequent parliamentary debates, and the government’s express intention to implement the GDPR through national law in the UK was welcomed by many businesses. Continue Reading Proposal for a new UK Data Protection law

On June 8, 2017, The European Council adopted the Regulation on cross-border portability of online content services. The regulation will allow consumers who have paid for online content services in their home country to access those services when visiting another country within the EU. Alongside the ‘Roam like at home’ rules which came into force yesterday, the regulation forms part of the European Digital Single market strategy. The regulation will come into effect in the first quarter of 2018. Continue Reading ‘Watch like at home?’: Europe adopts online content portability rules

The European Commission’s January 2017 Communication on Building an European Data Economy (‘Communication‘)  proposes a principle of free movement of data within the EU. Whilst the coming into force of the General Data Protection Regulation (‘GDPR‘) on 25 May 2018, significantly changes and tightens the rules relating to the collection and use of personal data in Europe, those changes need to be read alongside the Communication (and the accompanying staff working paper) to fully understand the regulatory environment for data in Europe. The Communication examines actual or potential blockages to the free movement of data and presents options to remove unjustified and or disproportionate data location restrictions in the EU. It also considers the barriers around access to and transfer of non-personal machine-generated data, data liability, as well as issues related to the portability of non-personal data, interoperability and standards. Continue Reading European data economy: the free movement of data principle and other tall tales…