Eduardo Ustaran
Greater London, England, United Kingdom
12K followers
500+ connections
About
Global co-head of the Hogan Lovells Privacy and Cybersecurity practice Eduardo Ustaran is…
Articles by Eduardo
-
The existential role of global data flows for AI
The existential role of global data flows for AI
By Eduardo Ustaran
Activity
-
On my way back home from Milan after an intensive half-day client workshop on #AI #governance and #privacy with marvelous Dr. Henrik Hanssen and…
On my way back home from Milan after an intensive half-day client workshop on #AI #governance and #privacy with marvelous Dr. Henrik Hanssen and…
Liked by Eduardo Ustaran
-
What do you think the new Labour Government should do with UK data protection and ePrivacy laws? Should it pick up the previous Government's Data…
What do you think the new Labour Government should do with UK data protection and ePrivacy laws? Should it pick up the previous Government's Data…
Liked by Eduardo Ustaran
-
“Access to justice is more than just a legal concept. It is a fundamental human right.” This year, we walked with the Lady Chief Justice and…
“Access to justice is more than just a legal concept. It is a fundamental human right.” This year, we walked with the Lady Chief Justice and…
Liked by Eduardo Ustaran
Experience
Education
Publications
-
The privacy challenges of the new European Commission
Hogan Lovells Chronicle of Data Protection
Following the European Parliament’s election earlier this year and after months of political manoeuvring, a new European Commission is now in place and fully operational. As the main policy making body in the European Union, the Commission continues to be in charge of pushing forward the ongoing data protection legislative reform that will lead to a new legal framework for privacy across the EU. Here is a list of impending privacy-related challenges faced by the new Commission.
-
Prepare Yourself for the ‘Risk-Based’ Approach to Privacy
Data Protection Law & Policy
Assuming a fair amount of hard work and that the EU institutions are able to put their political skills to good use, 2015 may be the year that sees the culmination of a legal modernisation process that has been running for the best part of four years. It was in 2010 when the European Commission formally acknowledged that the 1995 Data Protection Directive was ready for a makeover to address the privacy and data protection needs of the 21 century. Since then, stakeholders covering a whole…
Assuming a fair amount of hard work and that the EU institutions are able to put their political skills to good use, 2015 may be the year that sees the culmination of a legal modernisation process that has been running for the best part of four years. It was in 2010 when the European Commission formally acknowledged that the 1995 Data Protection Directive was ready for a makeover to address the privacy and data protection needs of the 21 century. Since then, stakeholders covering a whole spectrum of views have participated in a process that is approaching a decisive stage. In early 2014, the European Parliament came forward with a bold proposal to amend the Commission’s original draft and put the ball firmly in the Council of the EU’s court. As the Council finalises its own proposal, a picture of what the new framework will look like is starting to emerge.
Taking into account the political situation in Europe today, where Member States’ governments prefer an element of legal uncertainty over complete harmonisation, it is possible to see what may happen. In all likelihood, the Regulation will include some risk-based provisions, which will have the effect of raising or lowering the level of accountability of organisations handling personal data depending on the perceived risks of those activities for the individual. -
The wider effect of the Google 'right to be forgotten' case
PDP Journal
The controversy of the CJEU's ruling in Google v AEDP has focused on the impact of the judgment on freedom of expression and the right of access to information, as well as the potentially devastating effect of a large amount of deletion requests. However, the CJEU's decision is not only relevant to search engines or Internet companies. The implications of the judgment are much wider.
-
Is Appointing an EU Controller Still Valuable for Global Businesses?
Data Protection Law & Policy
The CJEU has shaken the basis on which the applicability of EU data protection law has been understood until now. According to the CJEU’s interpretation of the existing rules, each and every local subsidiary in the EU may be capable of triggering the applicability of the local data protection law. So here’s the critical question: would that local – Spanish, Italian, French, German… – law apply when the declared controller is in, say, Ireland or the UK?
-
Cookie Consent — What's Changed?
Privacy Perspectives
The EU data protection authorities have realised a large number of websites are cutting corners and whilst they appear to follow the implied consent approach, some of the essential features of this model are in fact missing.
-
CNIL: Cookie Sweep in September and Audits in October
Hogan Lovells Chronicle of Data Protection
The French data protection authority has announced that following the “cookie sweep day” due to take place the week commencing 15 September 2014, it will launch a program of website audits in October to verify compliance with the CNIL’s 5 December 2013 cookie recommendations.
Other authors -
Five Reasons To Do BCRs Now
Privacy Perspectives
Whilst the reform of the EU data protection framework continues its tortuous course in Brussels' corridors of power, privacy pros in the real world are doing their best to cope with the current uncertainty. One of the ever-present sources of concern for those with data-related operations in Europe is how to overcome the restrictions affecting international data transfers in a cost-effective, sustainable and effective manner. In reality, there are many paths to follow, but choosing the right one…
Whilst the reform of the EU data protection framework continues its tortuous course in Brussels' corridors of power, privacy pros in the real world are doing their best to cope with the current uncertainty. One of the ever-present sources of concern for those with data-related operations in Europe is how to overcome the restrictions affecting international data transfers in a cost-effective, sustainable and effective manner. In reality, there are many paths to follow, but choosing the right one is not always obvious—each case is different, and limited resources and time constraints often add an unwelcome degree of stress and complexity to the process.
-
International Data Transfers – The Challenge Continues
Hogan Lovells Chronicle of Data Protection
Any global organisation that operates in Europe should take into account the current situation in order to plan how to manage its international data flows now and in the future.
-
Is EU Privacy Law Enforcement About to Become a Team Effort?
Data Protection Law & Policy
European DPAs could be forgiven for thinking that they have become a focal point of reference for the functioning of the current and forthcoming EU data protection regime. This has been reinforced even more by the importance given to the one-stop-shop (OSS) debate within the Council of the EU.
-
An Honest Recap on Safe Harbor
Privacy Perspectives
The big question that remains on the ground is whether EU-based organisations that rely on Safe Harbor as the legal basis for transferring data to either their own corporate group entities or service providers operating in the U.S. are doing the right thing or should be looking for alternatives.
-
For Privacy Pros: A Look At Your Job Tomorrow
Privacy Perspectives
Our success as guardians and developers of the information society will depend on our ability to understand and effectively deal with the never-ending evolution of technology, the strategic and commercial value of personal data and the global nature of all data-reliant activities. With that in mind, here are some of the issues that we are going to have to master in order to fulfil our duties as privacy pros.
-
The Privacy Pro’s Guide to the Internet of Things
Privacy Perspectives
The privacy issues raised by the IoT will test our skills in the same way that more traditional Internet uses have been challenging our professional ability to identify risks, assess their likely impact and deploy practical solutions for everyone's benefit. Here are some tips on how we may be able to handle the IoT revolution.
-
Shutting Europe down is not the way to protect privacy
IAPP Privacy Perspectives
A draft LIBE report into the US surveillance program proposes extreme measures with potentially catastrophic consequences for global data flows. A different, more pragmatic approach is needed instead.
-
The Future of Privacy
DataGuidance
In recent years, privacy and data protection have become critical issues whose significance is only set to grow. The implications of devising an effective framework to regulate the use of personal information are crucial for the future of humanity, our freedoms and our economic wellbeing.
The Future of Privacy argues that in order to get the balance right, policy makers, regulators and organisations must address the specific challenges presented by rapidly evolving technology, the…In recent years, privacy and data protection have become critical issues whose significance is only set to grow. The implications of devising an effective framework to regulate the use of personal information are crucial for the future of humanity, our freedoms and our economic wellbeing.
The Future of Privacy argues that in order to get the balance right, policy makers, regulators and organisations must address the specific challenges presented by rapidly evolving technology, the increasing value of personal information and the globalisation of data-reliant activities.
Leading expert Eduardo Ustaran makes a number of public policy suggestions about how to address these factors and anticipates the key elements that organisations and privacy professionals will need to tackle to comply with the regulatory framework of the future. -
Big data means all data
Data Protection Law & Policy
There is an awesomeness factor in the way data about our digital comings and goings is being captured nowadays. That awesomeness is such that it cannot even be described in numbers. In other words, the concept of big data is not about size but about reach. In the same way that the ‘wow’ of today’s computer memory will turn into a ‘so what’ tomorrow, references to terabytes of data are meaningless to define the power and significance of big data. The best way to understand big data is to see…
There is an awesomeness factor in the way data about our digital comings and goings is being captured nowadays. That awesomeness is such that it cannot even be described in numbers. In other words, the concept of big data is not about size but about reach. In the same way that the ‘wow’ of today’s computer memory will turn into a ‘so what’ tomorrow, references to terabytes of data are meaningless to define the power and significance of big data. The best way to understand big data is to see it as a collection of all possible digital data. Absolutely all of it. Some of it will be trivial and most of it will be insignificant in isolation, but when put together its significance becomes clearer – at least to those who have the vision and astuteness to make the most of it.
-
The familiar perils of the mobile ecosystem
Data Protection Law & Policy
I had not heard the word 'ecosystem' since school biology lessons. But all of a sudden, someone at a networking event dropped the 'e' word and these days, no discussion about mobile communications takes place without the word 'ecosystem' being uttered in almost every sentence. An ecosystem is normally defined as a community of living things helping each other out (some more willingly than others) in a relatively contained environment. The point of an ecosystem is that completely different…
I had not heard the word 'ecosystem' since school biology lessons. But all of a sudden, someone at a networking event dropped the 'e' word and these days, no discussion about mobile communications takes place without the word 'ecosystem' being uttered in almost every sentence. An ecosystem is normally defined as a community of living things helping each other out (some more willingly than others) in a relatively contained environment. The point of an ecosystem is that completely different organisms – each with different purposes and priorities – are able to co-exist in a more or less harmonious but eclectic way. The parallel between that description and what is happening in the mobile space is evident. Mobile communications have evolved around us to adopt a life of their own and separate from traditional desktop based computing and web browsing. Through the interaction of very different players, our experience of communications on the go via smart devices has become an intrinsic part of our everyday lives.
-
Killing the Internet
Data Protection Law & Policy
The beginning of 2013 could not have been more dramatic for the future of European data protection. After months of deliberations, veiled announcements and guarded statements, the rapporteur of the European Parliament's committee responsible for taking forward the ongoing legislative reform has revealed his position loudly and clearly. Jan Albrecht's proposal is by no means the final say of the Parliament but it is an indication of where an MEP who has thought long and hard about what the new…
The beginning of 2013 could not have been more dramatic for the future of European data protection. After months of deliberations, veiled announcements and guarded statements, the rapporteur of the European Parliament's committee responsible for taking forward the ongoing legislative reform has revealed his position loudly and clearly. Jan Albrecht's proposal is by no means the final say of the Parliament but it is an indication of where an MEP who has thought long and hard about what the new data protection law should look like stands. The reactions have been equally loud. The European Commission has calmly welcomed the proposal, whilst some Member States' governments have expressed serious concerns about its potential impact on the information economy. Amongst the stakeholders, the range of opinions vary quite considerably – Albrecht's approach is praised by regulators whilst industry leaders have massive misgivings about it. So who is right? Is this proposal the only possible way of truly protecting our personal information or have the bolts been tightened too much?
-
Technology issues that will shape privacy in 2013
Data Protection Law & Policy
Making predictions as we approach a new year has become a bit of a tradition. The degree of error is typically proportional to the level of boldness of those predictions, but as in the early days of weather forecasting, the accuracy expectations attached to big statements about what may or may not happen in today's uncertain world are pretty low. Having said that, it wouldn't be particularly risky to assume that during 2013, the EU legislative bodies will be thinking hard about things like…
Making predictions as we approach a new year has become a bit of a tradition. The degree of error is typically proportional to the level of boldness of those predictions, but as in the early days of weather forecasting, the accuracy expectations attached to big statements about what may or may not happen in today's uncertain world are pretty low. Having said that, it wouldn't be particularly risky to assume that during 2013, the EU legislative bodies will be thinking hard about things like whether the current definition of personal data is wide enough, what kind of security breach should trigger a public disclosure, the right amount for monetary fines or the scope of the European Commission's power to adopt 'delegated acts'. But whilst it is easy to get distracted by the fascinating data protection legislative developments currently taking place in the EU, next year's key privacy developments will be significantly shaped by the equally fascinating technological revolution of our time.
-
The anonymisation challenge
Data Protection Law & Policy
For a while now, it has been suggested that one of the ways of tackling the risks to personal information, beyond protecting it, is to anonymise it. That means to stop such information being personal data altogether. The effect of anonymisation of personal data is quite radical – take personal data, perform some magic to it and that information is no longer personal data. As a result, it becomes free from any protective constraints. Simple. People's privacy is no longer threatened and…
For a while now, it has been suggested that one of the ways of tackling the risks to personal information, beyond protecting it, is to anonymise it. That means to stop such information being personal data altogether. The effect of anonymisation of personal data is quite radical – take personal data, perform some magic to it and that information is no longer personal data. As a result, it becomes free from any protective constraints. Simple. People's privacy is no longer threatened and users of that data can run wild with it. Everybody wins. However, as we happen to be living in the 'big data society', the problem is that with the amount of information we generate as individuals, what used to be pure statistical data is becoming so granular that the real value of that information is typically linked to each of the individuals from whom the information originates. Is true anonymisation actually possible then?
-
Getting the 'one stop shop' principle to work
Data Protection Law & Policy
Going all the way to the Rio de la Plata to discuss the content of the future European data protection framework seems a little over the top, but the recent International Privacy Commissioners' Conference in Punta del Este, Uruguay provided a perfect forum as a neutral ground for a fierce policy debate. Surrounded by equally fierce winds and rain for added dramatic effect, regulators and other influential stakeholders in the privacy world locked horns in the most constructive possible way for…
Going all the way to the Rio de la Plata to discuss the content of the future European data protection framework seems a little over the top, but the recent International Privacy Commissioners' Conference in Punta del Este, Uruguay provided a perfect forum as a neutral ground for a fierce policy debate. Surrounded by equally fierce winds and rain for added dramatic effect, regulators and other influential stakeholders in the privacy world locked horns in the most constructive possible way for three days to make the most of this annual gathering. One of the immediate outcomes was the realisation that much work remains to be done if we are to achieve the necessary balance between progress and protection. No other issue symbolised the need for this balance better than the 'one stop shop' principle under the proposed EU data protection regulation – the sole competence of one single regulator over the same controller all over the European Union.
-
Privacy in the global village
Data Protection Law & Policy
There is nothing like the Olympic Games to remind us of the diversity of our global village – from the young fully-clothed Saudi athlete to the veteran Japanese rider, including of course the African marathon runner who ran for the world. Yet among that diversity, all of those athletes have something in common: passion for sport and desire to succeed. In the ever changing world of privacy and data protection, global diversity is proven every day by fascinating developments taking place in…
There is nothing like the Olympic Games to remind us of the diversity of our global village – from the young fully-clothed Saudi athlete to the veteran Japanese rider, including of course the African marathon runner who ran for the world. Yet among that diversity, all of those athletes have something in common: passion for sport and desire to succeed. In the ever changing world of privacy and data protection, global diversity is proven every day by fascinating developments taking place in every corner of the planet. At the same time, a common pattern can be seen in many of those developments: their attempt to strike the right balance between the exploitation and the protection of the most valuable asset of our time. So whilst Brussels wakes up from its legislative recess, it is worthwhile having a look at what has been happening in other parts of the world and spot trends and priorities in the regulation of personal information.
-
A balanced approach to the cloud
Data Protection Law & Policy
Cloud computing is not a fashion or a swanky new name given to technology outsourcing. Cloud computing is not a marketing plot to sell more Internet connections and fibre optics. Cloud computing is not a twisted way of helping data hungry governments get their hands on corporate secrets. Cloud computing is in fact the most obvious business application of networked computing and essentially what the Internet was created for in the first place. However, the unstoppable growth and increasing…
Cloud computing is not a fashion or a swanky new name given to technology outsourcing. Cloud computing is not a marketing plot to sell more Internet connections and fibre optics. Cloud computing is not a twisted way of helping data hungry governments get their hands on corporate secrets. Cloud computing is in fact the most obvious business application of networked computing and essentially what the Internet was created for in the first place. However, the unstoppable growth and increasing power of cloud service providers and the suspicion of their critics have jointly contributed to a climate where controversies and horror stories abound, which is unfortunate when data protection and the cloud are in fact made for each other.
-
Binding Safe Processor Rules are Go
Data Protection Law & Policy
It was exactly four years ago when the term Binding Safe Processor Rules was coined. Nobody had heard about this concept before and the idea of allowing a humble data processor to take responsibility for adopting and implementing its own set of rules based on European privacy standards from which its clients could benefit to legitimise any international processing of personal data seemed ill conceived. Regulators and data protection lawyers were sceptical about the prospect of a service…
It was exactly four years ago when the term Binding Safe Processor Rules was coined. Nobody had heard about this concept before and the idea of allowing a humble data processor to take responsibility for adopting and implementing its own set of rules based on European privacy standards from which its clients could benefit to legitimise any international processing of personal data seemed ill conceived. Regulators and data protection lawyers were sceptical about the prospect of a service provider taking such a primary compliance role. However, the idea was not ill conceived and fortunately for the future of data protection, that scepticism has turned into pragmatism as the Article 29 Working Party has proved.
-
The future of privacy
Data Protection Law & Policy
Not that long ago, reading this article (let along writing it) would have been regarded as nerdy. Data protection used to be seen as arcane and irrelevant to businesses and ordinary people. Introducing yourself as a data protection lawyer or a privacy professional was a recipe for embarrassment and a sure way of getting some funny looks. However, at some point, something suddenly changed. What was wacky is now cool, and what seemed like an obscure legal discipline with funny jargon and odd…
Not that long ago, reading this article (let along writing it) would have been regarded as nerdy. Data protection used to be seen as arcane and irrelevant to businesses and ordinary people. Introducing yourself as a data protection lawyer or a privacy professional was a recipe for embarrassment and a sure way of getting some funny looks. However, at some point, something suddenly changed. What was wacky is now cool, and what seemed like an obscure legal discipline with funny jargon and odd rules has become a critical consideration for business and government. What happened? What was the event that radically altered our perception of the importance of personal information for the world's prosperity? The crucial catalyst was in fact a combination of three factors that will also shape the future of privacy and data protection going forward.
-
Clarifying cookie consent
Data Protection Law & Policy
Three years have gone by since the European Parliament shocked and awed everyone by tweaking the e-privacy directive and introducing the most controversial word in the data protection glossary – consent – in the provision that deals with Internet cookies. The debate that followed immediately afterwards about the meaning of consent and whether it will ever be realistic to get everyone using the web to comprehend, consider and positively accept the use of cookies is still ongoing. Much has been…
Three years have gone by since the European Parliament shocked and awed everyone by tweaking the e-privacy directive and introducing the most controversial word in the data protection glossary – consent – in the provision that deals with Internet cookies. The debate that followed immediately afterwards about the meaning of consent and whether it will ever be realistic to get everyone using the web to comprehend, consider and positively accept the use of cookies is still ongoing. Much has been said, written and argued about this subject in the past three years. Opposing views about whether anything has changed have been aired. Passionate arguments about what constitutes consent have been put forward. All of which has contributed to a climate or confusion and myths where legal certainty is surrounded by wishful thinking, so it may be a good idea to shed some light and make some clarifications.
-
Mission: Interoperability
Data Protection Law & Policy
Obama gets it. Viviane Reding gets it. This is indeed a defining moment to get our public policies right in terms of global data protection and privacy. Ignore the human and social implications of the exploitation of personal data and we will lose forever the right to privacy and possibly our freedom. Be too overprotective with one of our greatest assets of our time and we will definitely block progress and prosperity. The stakes are really that high. That was the key underlying message of the…
Obama gets it. Viviane Reding gets it. This is indeed a defining moment to get our public policies right in terms of global data protection and privacy. Ignore the human and social implications of the exploitation of personal data and we will lose forever the right to privacy and possibly our freedom. Be too overprotective with one of our greatest assets of our time and we will definitely block progress and prosperity. The stakes are really that high. That was the key underlying message of the recent EU-U.S. Conference on Privacy and Protection of Personal Data held simultaneously in Brussels and Washington.
-
Time to get to grips with cookies
Data Protection Law & Policy
Without a doubt, figuring out how to comply with the notice and consent requirements affecting the use of cookies in Europe is going to be at the top of the New Year's resolutions of many data protection officers and privacy counsels. Despite being a nearly three year old debate, inaction has so far prevailed amongst European website operators to the frustration of the data protection authorities. A frustration which is only too visible in the latest Working Party Opinion on online…
Without a doubt, figuring out how to comply with the notice and consent requirements affecting the use of cookies in Europe is going to be at the top of the New Year's resolutions of many data protection officers and privacy counsels. Despite being a nearly three year old debate, inaction has so far prevailed amongst European website operators to the frustration of the data protection authorities. A frustration which is only too visible in the latest Working Party Opinion on online behavioural advertising. We are now well past the deadline to implement these requirements and it is time to start doing something other than burying our head in the sand.
-
Deconstructing the privacy macaron
Data Protection Law & Policy
Compact. Self-contained. Multi-layered. Hard to penetrate and rich inside with a mix of flavours and tones. Judging by the commentary surrounding the forthcoming EU data protection framework circulating in the corridors of the IAPP European Data Protection Congress that took place in Paris at the end of November, we could have been describing a typical Parisian macaron instead of a new law. But if the indications of what we are about to see in the regulation being proposed by the European…
Compact. Self-contained. Multi-layered. Hard to penetrate and rich inside with a mix of flavours and tones. Judging by the commentary surrounding the forthcoming EU data protection framework circulating in the corridors of the IAPP European Data Protection Congress that took place in Paris at the end of November, we could have been describing a typical Parisian macaron instead of a new law. But if the indications of what we are about to see in the regulation being proposed by the European Commission are true, complying with the future European privacy regime is going to require fine confectionery skills.
-
Perfect enforcement
Data Protection Law & Policy
One of the key topics at the forthcoming international conference of privacy and data protection commissioners in Mexico City will be the role of enforcement. Given that the conference is organised by the Mexican supervisory authority for data privacy, this is obviously not surprising. However, one of the reasons why this topic features prominently on the agenda right now is that never before have privacy regulators focused so intensely on devising the ideal strategy to achieve their…
One of the key topics at the forthcoming international conference of privacy and data protection commissioners in Mexico City will be the role of enforcement. Given that the conference is organised by the Mexican supervisory authority for data privacy, this is obviously not surprising. However, one of the reasons why this topic features prominently on the agenda right now is that never before have privacy regulators focused so intensely on devising the ideal strategy to achieve their objective. Let’s not forget, enforcement is not an end in itself, but a means to an end – ensuring compliance with the regulatory framework. But it is a hard fact that effective regulation depends entirely on the supervision and enforcement mechanisms in place.
-
In defence of the cloud
Data Protection Law & Policy
What should we make of recent reports about the banning by the Dutch government of non EU-based cloud services and the launch by leading providers of EU-only clouds? Is this fierce European protectionism or sensible data protection? If anything, these developments show a trend towards restricting cloud computing services geographically, so that the fuzzy Internet cloud becomes a series of neatly divided gas bubbles. However, instead of a technological uproar against such an aberration, there…
What should we make of recent reports about the banning by the Dutch government of non EU-based cloud services and the launch by leading providers of EU-only clouds? Is this fierce European protectionism or sensible data protection? If anything, these developments show a trend towards restricting cloud computing services geographically, so that the fuzzy Internet cloud becomes a series of neatly divided gas bubbles. However, instead of a technological uproar against such an aberration, there seems to be a quiet acceptance based on legal constraints and half baked security arguments. Is data protection being cited once again as the justification for stifling technological progress? That would not be surprising, but it is somewhat unfair and clearly unnecessary.
-
The guessing game
Data Protection Law & Policy
It has been a busy year for the European Commission’s Data Protection Unit so far. Day after day, week after week, month after month, a multicultural team of officials based in an unassuming Brussels building have been brainstorming ideas, pouring over written submissions and listening patiently to the wishes, concerns and ideas of those who hope to have a say in the future European data protection framework. Despite all this hard work, it seems that we may not see a formal proposal until the…
It has been a busy year for the European Commission’s Data Protection Unit so far. Day after day, week after week, month after month, a multicultural team of officials based in an unassuming Brussels building have been brainstorming ideas, pouring over written submissions and listening patiently to the wishes, concerns and ideas of those who hope to have a say in the future European data protection framework. Despite all this hard work, it seems that we may not see a formal proposal until the end of the year. The reason for this - in addition to the massive pressure to get the first draft right – is that the Commission would like to feed into the proposal the outcomes of the current public consultations on cloud computing and data breach notification. That is understandable but in the meantime and to temper our anxiety, we can make an informed guess of what we will be presented with.
-
The gold standard for consent
Data Protection Law & Policy
Irrespective of whether one agrees or disagrees with the Article 29 Working Party’s Opinion on the definition of consent, the Working Party should at least be praised for taking a clear cut line on this issue. Never before has the group of EU data protection authorities carried out such a detailed assessment of one of the legal grounds for the use of personal information. If there was ever any doubt as to where the regulators stood in terms of the conditions for obtaining individuals’…
Irrespective of whether one agrees or disagrees with the Article 29 Working Party’s Opinion on the definition of consent, the Working Party should at least be praised for taking a clear cut line on this issue. Never before has the group of EU data protection authorities carried out such a detailed assessment of one of the legal grounds for the use of personal information. If there was ever any doubt as to where the regulators stood in terms of the conditions for obtaining individuals’ consent, that is no longer the case. Whether their assessment is entirely correct is a different matter and deserving of debate.
-
Moving away from model clauses
Data Protection Law & Policy
Anyone caught up in the murky world of international data transfers tends to regard the standard contractual clauses approved by the European Commission as the most popular solution to legitimise those transfers. For starters, they are freely available and have the blessing of the Commission and the regulators. Surely, those two factors alone must provide considerable comfort to finance directors and general counsels who will think that one cannot go too wrong with them. Also, from a resources…
Anyone caught up in the murky world of international data transfers tends to regard the standard contractual clauses approved by the European Commission as the most popular solution to legitimise those transfers. For starters, they are freely available and have the blessing of the Commission and the regulators. Surely, those two factors alone must provide considerable comfort to finance directors and general counsels who will think that one cannot go too wrong with them. Also, from a resources perspective, drafting and entering into a set of model clauses should not be very time-consuming as it is just a matter of signing on the dotted line. So, are we wasting our time looking for alternatives? Or arenât we...?
-
Geolocation in the spotlight
Data Protection Law & Policy
No avid reader of Article 29 Working Party opinions would be surprised to see statements such as "location data from smart mobile devices are personal data" or "the combination of the unique MAC address and the calculated location of a WiFi access point should be treated as personal data". However, when those statements appear alongside references to the night table next to someone's bed, or the fact that specific locations reveal data about someone's sex life, one can't stop wondering whether…
No avid reader of Article 29 Working Party opinions would be surprised to see statements such as "location data from smart mobile devices are personal data" or "the combination of the unique MAC address and the calculated location of a WiFi access point should be treated as personal data". However, when those statements appear alongside references to the night table next to someone's bed, or the fact that specific locations reveal data about someone's sex life, one can't stop wondering whether an intended clarification of the applicable legal framework to geolocation services available on smart mobile devices is getting a bit sensationalistic.
-
Unlocking the value of data
Data Protection Law & Policy
According to the World Economic Forum, personal data will continue to increase dramatically in both quantity and diversity, and has the potential to unlock significant economic and societal value for end users, private firms and public organisations alike. This statement by the Swiss organisation behind the prestigious annual Davos meeting summarises its stance on the issue of personal information as an asset. Let's forget for a second the idea of data protection as a fundamental right and look…
According to the World Economic Forum, personal data will continue to increase dramatically in both quantity and diversity, and has the potential to unlock significant economic and societal value for end users, private firms and public organisations alike. This statement by the Swiss organisation behind the prestigious annual Davos meeting summarises its stance on the issue of personal information as an asset. Let's forget for a second the idea of data protection as a fundamental right and look at it as a tool to maximise the economic and societal value of data. Perhaps the big thinkers at the Forum are up to something.
-
Cookie madness
Data Protection Law & Policy
The official deadline for the implementation of the revised e-privacy directive across the EU is only a few weeks away and there is a clear sense of panic in the air. National governments seem to be struggling to find a rational way of formulating the controversial cookie consent rule, which essentially requires the consent of the user in order to place a humble cookie in that user's equipment or access a cookie that is already there. Meanwhile, data protection authorities are insisting that…
The official deadline for the implementation of the revised e-privacy directive across the EU is only a few weeks away and there is a clear sense of panic in the air. National governments seem to be struggling to find a rational way of formulating the controversial cookie consent rule, which essentially requires the consent of the user in order to place a humble cookie in that user's equipment or access a cookie that is already there. Meanwhile, data protection authorities are insisting that obtaining consent must not be a farce and Internet businesses are waiting for a silver bullet that will end this surreal nightmare. Here is the story so far and some thoughts on how the new obligation can be complied with in practice.
-
Does EU data protection law apply to me?
Data Protection Law & Policy
Possibly the most commonly asked privacy-related question by any organisation looking to expand into Europe is whether EU data protection law applies to it. That is in fact a question that the creators of the original EU data protection directive considered very carefully and tried to address in the black letter of the law to avoid uncertainties. However, as a result of the tension between the two parallel objectives of the directive - to protect the fundamental rights and freedoms of…
Possibly the most commonly asked privacy-related question by any organisation looking to expand into Europe is whether EU data protection law applies to it. That is in fact a question that the creators of the original EU data protection directive considered very carefully and tried to address in the black letter of the law to avoid uncertainties. However, as a result of the tension between the two parallel objectives of the directive - to protect the fundamental rights and freedoms of individuals, and to facilitate the free flow of personal data between Member States - the rules that determine the applicability of EU data protection law are far from clear cut. Fortunately, European regulators are well aware of this and even they scratch their heads when trying to reconcile the words of the applicability of the law criteria with their supervisory duties.
-
2011 - The year without holidays
Data Protection Law & Policy
Legislators, regulators and privacy professionals are set for a very busy year ahead. Serious legislative developments are always likely to bring with them some uncertainty and turmoil. But when these changes are directly affected by an ongoing technological transformation and complemented by the relentless actions of keen regulators, we know we face something just short of a revolution. That’s precisely what the year ahead looks like, so here’s a brief guide to 2011 – the year without holidays.
-
Forget me not
Data Protection Law & Policy
At any given time, each of the 37 legislative changes currently being considered by the European Commission as part of the reform of the EU data protection directive would qualify as a major development. As a whole, the proposed reform package is awesome. From greater transparency to full harmonisation across Member States, the Commission’s strategy is ambitious and far-reaching. In some areas, the Commission appears willing to test the boundaries of what regulation can practically achieve and…
At any given time, each of the 37 legislative changes currently being considered by the European Commission as part of the reform of the EU data protection directive would qualify as a major development. As a whole, the proposed reform package is awesome. From greater transparency to full harmonisation across Member States, the Commission’s strategy is ambitious and far-reaching. In some areas, the Commission appears willing to test the boundaries of what regulation can practically achieve and Viviane Reding herself, the Commissioner leading this process, is not afraid to speak up. The enhancement of people’s data privacy rights is top of her priorities and the introduction of the ‘right to be forgotten’ is spearheading this quest.
-
Shaping the future of privacy
Data Protection Law & Policy
After months of anticipation, weeks of gossip and leaked strategy documents, the European Commission has finally and publicly come out of the legislative policy closet. The publication of the Commission’s approach for modernising the EU legal system for the protection of personal data is a crucial milestone. In fact, the potential impact of the Commission’s official communication should not be underestimated. If it gets it right, this will shape the future of privacy - a must-have value for the…
After months of anticipation, weeks of gossip and leaked strategy documents, the European Commission has finally and publicly come out of the legislative policy closet. The publication of the Commission’s approach for modernising the EU legal system for the protection of personal data is a crucial milestone. In fact, the potential impact of the Commission’s official communication should not be underestimated. If it gets it right, this will shape the future of privacy - a must-have value for the information society. If it gets it wrong, not only will legal compliance be compromised, but a fundamental right will end up being very badly damaged.
-
The evolution of consent
Data Protection Law & Policy
Is individual choice still the essence of data privacy law? In the early days of data protection as a regulated activity, putting people in control of their information was thought to be what mattered the most. From the 1980 OECD Guidelines to the latest version of the EU e-privacy directive, consent has been a cornerstone across legal regimes and jurisdictions. European data protection law is based on the principle that an individual’s consent is the most legitimate of all legitimate…
Is individual choice still the essence of data privacy law? In the early days of data protection as a regulated activity, putting people in control of their information was thought to be what mattered the most. From the 1980 OECD Guidelines to the latest version of the EU e-privacy directive, consent has been a cornerstone across legal regimes and jurisdictions. European data protection law is based on the principle that an individual’s consent is the most legitimate of all legitimate grounds to use information about people. But does this approach still hold true? Can we – as individuals – attempt to have a meaningful degree of control over the vast amount of information we generate as we go about our lives?
More activity by Eduardo
-
As the new 🇬🇧Government put their head down and get on with the business of running the country, the approach to data protection and #AI regulation…
As the new 🇬🇧Government put their head down and get on with the business of running the country, the approach to data protection and #AI regulation…
Shared by Eduardo Ustaran
-
In the final week of UK election madness, it was a joy to chair a session at the Privacy Laws & Business 37th International Conference, discussing…
In the final week of UK election madness, it was a joy to chair a session at the Privacy Laws & Business 37th International Conference, discussing…
Liked by Eduardo Ustaran
-
I’m thrilled to announce that I've joined @Tools for Humanity as Chief Privacy Officer. Throughout my career, I’ve been drawn to revolutionary…
I’m thrilled to announce that I've joined @Tools for Humanity as Chief Privacy Officer. Throughout my career, I’ve been drawn to revolutionary…
Liked by Eduardo Ustaran
-
Thank you IAPP - International Association of Privacy Professionals, J. Trevor Hughes Caitlin Fennessy, Joe Jones and team for inviting me to be part…
Thank you IAPP - International Association of Privacy Professionals, J. Trevor Hughes Caitlin Fennessy, Joe Jones and team for inviting me to be part…
Liked by Eduardo Ustaran
-
*Caption this* @ IAPP leadership retreat. w Simon McDougall, Daniel Weitzner, Peter Lefkowitz, Travis LeBlanc
*Caption this* @ IAPP leadership retreat. w Simon McDougall, Daniel Weitzner, Peter Lefkowitz, Travis LeBlanc
Liked by Eduardo Ustaran
-
Unlock Your Potential in Data Privacy at Hogan Lovells! Are you passionate about Data Protection, Data Privacy, and AI? Join Hogan Lovells' Global…
Unlock Your Potential in Data Privacy at Hogan Lovells! Are you passionate about Data Protection, Data Privacy, and AI? Join Hogan Lovells' Global…
Liked by Eduardo Ustaran
-
Privacy, AI and Digital Governance! Saying goodbye to Portsmouth NH and the 2024 IAPP Leadership Retreat. From the opening keynote with Daniel…
Privacy, AI and Digital Governance! Saying goodbye to Portsmouth NH and the 2024 IAPP Leadership Retreat. From the opening keynote with Daniel…
Liked by Eduardo Ustaran
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Eduardo Ustaran
-
Eduardo Camacho Ustaran
Gerente Comercial de Zona en AISLOPUERTAS SAdeCV
-
Eduardo Camacho Ustaran
Administrador de Empresas con especialidad en Mercadotecnia y Comercialización
-
Luis Eduardo Camacho Ustaran
Administrador de empresas con 15 años de experiencia en el área comercial, operativa y ventas
3 others named Eduardo Ustaran are on LinkedIn
See others named Eduardo Ustaran