Data Protection

  • China, Data Protection

    2023

    China: Long-awaited standard contract released and filing requirement added for transfer of personal information out of China

    On 24 February 2023, the Cyber Administration of China ("CAC") issued measures containing a standard contract template for transfers of personal information, detailed guidelines including for a required impact assessment and a filing-requirement for transfers of personal information from China to other countries.

  • Data Protection

    2022

    EDPB focuses on BCR-Cs: New recommendations 01/2022 for BCR-C sent for public consultation

    In 2021 and 2022, many businesses in Norway were busy performing a Schrems-II assessment of their transfers of personal data to third countries, and transitioning to the modernised standard contractual clauses (SCC) issued by the EU Commission in 2021.

  • Shipping Offshore, Data Protection

    2022

    Transfer of employee information outside of China under PIPL and the new Draft Standard Contract

    The Cyberspace Administration of China has issued a draft standard contract for cross-border transfers of personal information out of China which will, if adopted, constitute a valid transfer mechanism under the Chinese Personal Information Protection Law. Both the transferring entity and the overseas recipient must still be aware of additional data protection requirements related to cross-border transfers, including reporting requirements.

  • Data Protection, Employment Law, Technology and digitalisation

    2022

    New Guidelines and Recommendations on Data Protection at the Workplace

    The Norwegian Data Protection Authority (Nw.: Datatilsynet) has recently published both updated guidelines on employees' whistleblowing and an interesting study on monitoring and control of employees' digital activities (both available only in Norwegian). Both these new initiatives relate to data protection at the workplace, and are relevant to all businesses.

  • Technology and digitalisation, Intellectual Property, Data Protection

    2022

    1 - A Europe Fit for the Digital Age

    The European Union has recently been active in terms of legislative developments relating to technology and digitalisation. News about Digital Services Act, Digital Markets Act, European Union's new Artificial Intelligence Act, Data Act and Data Governance Act are emerging frequently and there is a new development almost every week.

  • Data Protection, Technology and digitalisation

    2022

    Credit Information Act: new rules for credit assessments and processing of personal data

    This article provides an overview of key issues in the new Credit Information Act which businesses must be aware of to ensure compliance with the new regulations.

  • Data Protection, Technology and digitalisation

    2022

    With a passion for data protection and privacy

    As the new Director of the Data Protection Authority, Data Protection lawyer Line Coll would like the authority to provide a more practical advice and be perceived as more relevant to the business community. After 25 years as a lawyer, she will soon deal with a completely new part of her career.

  • Data Protection, Technology and digitalisation

    2022

    Line Coll will be the new Director of the Data Protection Authority

    Our Partner and dear colleague Line Coll will be the new Director-General of the Norwegian Data Protection Authority. We are very proud and will miss her a lot!

  • Data Protection, Technology and digitalisation

    2022

    Transfer of Personal Data and the Use of Google Analytics: Austrian Data Protection Authority's Decision

    Austrian Data Protection Authority decided that the use of Google Analytics violates the transfer rules under the GDPR.

  • Data Protection, Technology and digitalisation

    2021

    New Draft Decision's Potential Impact on GDPR's Strict Consent Rules

    The Irish Data Protection Commissioner's new draft decision has received significant attention. The decision relates to the legal basis of processing under the GDPR and it is criticised by many for giving entities a by-pass from GDPR's strict rules. In this article, Wikborg Rein looks into the draft decision and evaluates what it might mean for the application of the GDPR in the future.

  • Data Protection, Technology and digitalisation

    2021

    Facebook to Delete Personal Data of More Than One Billion Users

    Last week, Facebook announced their decision to stop using the face recognition technology. Facebook's decision comes against the backdrop of intensifying concerns around data privacy and Facebook's practices, and it is expected to affect more than one billion users. Wikborg Rein reviews the details of Facebook's decision and its potential consequences in this brief article.

  • Data Protection, China, Technology and digitalisation

    2021

    New Chinese privacy law – PIPL

    4 factors you need to be aware of when doing business in China.

  • State aid and EU/EEA law, Intellectual Property, Competition law, Procurement, Data Protection, Technology and digitalisation

    2020

    New Partners

    We have the pleasure of announcing that Gry Hvidsten, Hanna Beyer Olaussen and Hanne C. Zimmer are appointed new Partners in Wikborg Rein as of 1 January 2021.

  • Data Protection, COVID-19, Technology and digitalisation

    2020

    COVID-19 and new IT solutions: Privacy in quarantine?

    The corona virus is putting the health and social contemporary world in crisis. The spreading of the virus is very fast and the implementation of new IT solutions to manage both ascertained and potential corona contagions is under evaluation worldwide. The question is - how will the new technologies handle privacy of individuals?

  • COVID-19, Technology and digitalisation, Data Protection

    2020

    COVID-19 and Data Protection

    The Norwegian and three other European data protection supervisory authorities on employers' collection and disclosure of employee data.

  • Data Protection, Technology and digitalisation

    2019

    GDPR, information security and the importance of carrying out "proper due diligence"

    ICO issues statements of intention to fine British Airways and Marriott.

  • Data Protection, Technology and digitalisation

    2019

    Administrative fines for breach of the privacy by design principle and of the duty to ensure information security in the GDPR

    Two of Norway’s largest municipalities were found to be in breach of the General Data Protection Regulation (GDPR) in two separate and unrelated cases each of which involved the use of technology in the municipalities’ schools.

  • Data Protection, Technology and digitalisation

    2019

    Google and Apple asked to provide better information on the use of personal data

    A recent initiative co-ordinated by the Norwegian and Dutch consumer associations has asked Google and Apple to respectively provide better information to their users.

  • Data Protection, Technology and digitalisation

    2019

    The UK prepares for Data Protection after Brexit: Two New Regulations

    When the UK leaves the EU, the General Data Protection Regulation (GDPR) will no longer be directly applicable in the UK. Two new sets of regulations have therefore been recently promulgated by the British Parliament to retain, as much as possible, the status quo and are meant to come into effect upon the UK's withdrawal from the EU. Both sets of regulations were issued pursuant to the UK's European Union (Withdrawal) Act 2018.

  • Data Protection, Technology and digitalisation

    2019

    Two recent decisions of the Norwegian Privacy Appeals Board

    The Norwegian Data Protection Authority (NDPA) has a broad set of powers, including the power to deliver warnings, reprimands or impose fines on data controllers and processors for non-compliance with the new Personal Data Act and the GDPR. As the new Personal Data Act and the GDPR only recently came into force, there are not yet many decisions based on the new legal regime. However, some of the recent NDPA decisions were appealed to the Privacy Appeals Board (PAB) and the appeal decisions have referred to the new legislation. Two such recent decisions respectively concern the data subject's right to object to processing and the right to erasure.

  • Technology and digitalisation, Data Protection

    2019

    List of processing operations where a DPIA is always required

    The Norwegian Data Protection Authority has recently published a list of processing operations that shall always require a data protection impact assessment (DPIA) pursuant to article 35(4) of the General Data Protection Regulation (GDPR).

  • Technology and digitalisation, Data Protection

    2019

    Controversial draft bill on the Norwegian Intelligence Service

  • Data Protection, Technology and digitalisation

    2018

    Complaints against Google by consumer organisations for breach of GDPR

    On 27th November 2018, the Norwegian Consumer Council and consumer organizations from six other European countries – the Netherlands, Sweden, Greece, Poland, Slovenia and the Czech Republic – each filed a complaint against Google with their respective data protection authority.

  • Data Protection

    2018

    Are we entitled to know what the robots are thinking?

    When Hermon Melles (26) planed his master's thesis he decided to find a research topic that included both his major interests: law and technology. While writing his thesis at the offices of Wikborg Rein he has been given the opportunity to converse with some Norway's most competent lawyers within data protection and technology.

  • Technology and digitalisation, Data Protection

    2018

    Identification and mapping of processing activities (Part 1)

    With less than a year until the General Data Protection Regulation (GDPR) enters into application, many companies are investigating the extent to which they are compliant as well as identifying what tasks need to be performed to enable them to become compliant by then.

  • Data Protection, Technology and digitalisation

    2018

    Implementing the GDPR in Norway

    The General Data Protection Regulation (GDPR) starts to apply within the European Union (EU) from 25th May 2018. Since the GDPR is an EU regulation, it will have direct applicability and direct effect in all EU member states as from that date. Norway, however, is not an EU member state but a member of the European Economic Area (EEA) and a different procedure therefore applies before the GDPR can become part of Norwegian law.

  • Data Protection, Technology and digitalisation

    2018

    Identification and mapping of processing activities (Part 2)

    In the first part of this article, we examined the controller's obligation to keep records of processing activities pursuant to Article 30 of the GDPR. In this second part, we focus on the data processor's obligations to keep such records.

  • Data Protection, Technology and digitalisation

    2018

    The WP29 Opinion 2/2017 on data processing at work

    Article 29 Working Party (WP 29), consisting of data protection authorities from all EU and EEA states and the European DP Supervisor, has recently issued an Opinion 2/2017 on data processing at work ("the Opinion").

  • Data Protection, Technology and digitalisation

    2018

    Fintech and Privacy

    On 7th February 2018, the Norwegian Data Protection Authority ("DPA") published a report which examines the challenges that the revised Payment Services Directive (PSD2) pose for privacy.