HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA Ksenia Andreeva Anastasia Dergacheva Vasilisa Strizh Brian Zimbler
|
|
- Augustus Collins
- 6 years ago
- Views:
Transcription
1 HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA Ksenia Andreeva Anastasia Dergacheva Vasilisa Strizh Brian Zimbler November 14, Morgan, Lewis & Bockius
2 Contents Year in review: new laws, initiatives and recent cases in the data privacy field News from the Russian data protection regulator, Roskomnadzor Hottest topics: Consents and other legitimate grounds for personal data processing Transfers of personal data to third parties including cross-border transfers as the new EU regulations (GDPR) become effective Localization of data storage: recent trends 2
3 General Background Federal Law No. 152-FZ On Personal Data (the PD Law ) of 2006: based on the EU Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data personal data is any information directly or indirectly related to an identified or identifiable individual (data subject) no concepts of data controller and data processor concept of data operator, a person that organizes or carries out (alone or together with other persons) the processing of personal data and determines the purposes of processing data processing can be delegated to a third party, who will be acting under the authorization or instruction of the data operator It applies to all data operators and third parties acting under the authorization of data operators. Certain provisions of the PD Law apply to the data operators that have no legal presence in Russia but target Russian customers Federal Service for Supervision of Communications, Information Technology and Mass Media, or Roskomnadzor, is the data protection authority 3
4 SECTION 01 YEAR NEW LAWS, INITIATIVES AND COURT CASES IN THE DATA PRIVACY FIELD
5 Administrative Fines Effective as of 1 July 2017 New version of Article of the Russian Administrative Offences Code is effective from 1 July 2017: Before: 1 violation (generic) with maximum fine of 10,000 Rubles (about US$170) Now: 7 violations with different fines up to 75,000 Rubles for each (about US$1290) Streamlined enforcement procedure Roskomnadzor may directly issue notices of administrative violations and impose fines Roskomnadzor does not need to involve the general prosecutor s office No clarity on how to calculate fines one fine per individual whose rights are violated? one fine per violation, regardless the number of individuals affected? Who is liable data operator or third party processing data under the operator s instruction? What if the data operator or third party processor has no legal presence in Russia? 5
6 New Guidelines from Roskomnadzor Roskomnadzor s Code of Good Practices (available at Roskomnadzor s official website) May 2017: new Guidelines for notifying Roskomnadzor on the commencement of personal data processing (= registration with Roskomnadzor) June 2017: list of countries providing for adequate protection of personal data: + New: Costa Rica, Qatar, Mali, Singapore, South Africa, Gabon, Kazakhstan July 2017: Roskomnadzor published recommendations for drafting personal data policies November 2017: Roskomnadzor offered new interpretation of certain important concepts, during its VIII Annual Conference on Personal Data 6
7 New Legislative Initiatives Draft Law No : introduced to State Duma on November 3, 2017 personal data of minors = special sensitive data category additional complex rules for processing of personal data of minors Draft Law No (amendments to Anti-Money Laundering Law): approved in the 1 st hearing on September 27, 2017 biometric personal data of banks clients will be available in the Unified System of Identification and Authentication further processing of such biometric data by other banks is subject to consent of the data subject signed by simple e-signature Draft Law on Big Data: Roskomnadzor may release the draft by the end of 2017 expected to reflect Roskomnadzor s position on non-traditional personal data, including IP addresses, log files, login details, cookies, or any other information or technology (e.g., website analytics, targeted online advertising) 7
8 Old Initiative (Still on the Table) Draft Law No On Introduction of Changes to Personal Data Law and Article 28.3 of the Russian Administrative Offences Code new definition of data processor express provisions on electronic form of data processing consent additional ground for cross-border transfer to inadequate countries obligation to notify leakage of personal data to Roskomnadzor Status of the Draft Law: introduced to the State Duma in 2013 approved in the 1 st hearing on May 26, 2017 revised draft law for the 2 nd hearing is still pending 8
9 Court Practice: Vkontakte v. Double Data January 2017: Vkontakte filed a lawsuit against Double Data and National Bureau of Credit Histories for the alleged violation of IP rights of the manufacturer of the social network users database unauthorized commercial use of users personal data August 2017: Settlement agreement with National Bureau of Credit Histories concept of publicly available data and limits of its collection/use October 2017: Moscow City Arbitrazh Court ruled in favor of Double Data respondent s software retrieves only public data of users and cannot access private profiles owners of information contained in the users profiles are users themselves, not the database owner legal grounds for personal data processing have not been assessed by the court 9
10 SECTION 02 NEWS FROM ROSKOMNADZOR
11 News from Roskomnadzor Roskomnadzor encourages companies that process large volumes of personal data to have their strategy on data processing approved by the regulator As a part of systematic monitoring of the market, Roskomnadzor determines companies that are not yet registered with Roskomnadzor and requests explanations on the grounds of data processing (approximately 12,000 requests circulated in Y2017) Scheduled inspections list for Y2018 will be published at the beginning of December 2017 Unscheduled inspections 3 working days notice + possible extension, at the request of the operator In Y2018 most of the inspections are expected to be documentary and on-site 11
12 Roskomnadzor Inspections: From July 2017 to date Administrative violations under new Article of Russian Administrative Offences Code 13% 5% Processing of personal data without legal grounds or in a manner that is incompatible with the purposes of their collection Failure to comply with the requirements for obtaining written consent of individuals 21% 10% 51% Failure to publish or otherwise make publicly available the personal data processing policy Failure to amend, block access to or destroy personal data at the legitimate request of a data subject or competent authority Breach of the secure storage rules for tangible media objects 12
13 SECTION 03 CONSENT ON DATA PROCESSING AND OTHER LEGITIMATE GROUNDS FOR PERSONAL DATA PROCESSING
14 Individual s Consent on Data Processing Data subject s consent on his/her data processing informative and explicit (no implied consent concept) forms: simple, written and electronic what are the differences? Term (consents must specify the period they are given for) retroactive consents are they possible? consents to process data indefinitely are they allowed? Purposes of data processing clear and specified, no broad or generic language is allowed separate consent for each processing purpose separate consent for direct marketing activities Roskomnadzor s advice on the best practices for obtaining consents on paper in electronic form 14
15 Other Legitimate Grounds for Data Processing Limited grounds for legitimate data processing without individual s consent (Article 6 of the PD Law): for performance of a contract to which the data subject is a party to, or where the data subject is the beneficiary or guarantor to protect data operator s or third parties rights and interests, or for public purposes, provided there are no violations of rights and freedoms of the individuals if the data processing purposes are explicitly defined by an international treaty for certain judicial purposes to protect life, health or other vital interests of the individual as a part of professional journalistic, media, scientific, literary or other creative activities for statistical or other scientific purposes (provided the relevant personal data has been made anonymous) if data has been made publicly available by the individual or at his request (caution: not all publicly available data will qualify) if data includes data which must be made publicly available or disclosed under Russian law 15
16 SECTION 04 TRANSFERS OF PERSONAL DATA TO THIRD PARTIES
17 Transfers of Personal Data to Third Parties All countries that are signatories to the Strasbourg Convention are considered to be jurisdictions that provide adequate protection of the rights and interests of data subjects Transfers to the countries that do not provide adequate protection require written consent of individual, unless one of the exemptions applies Transfers from Russia to any third party whether in Russia or outside Russia are allowed based on the instruction from data operator (= data transfer agreement) Roskomnadzor s advice on the best practices on the scope of instruction (= data transfer agreement): clear and detailed rules on data processing by a third party purposes of processing organizational measures security measures regular audits by the data operator additional grounds for liability No recommended form from Roskomnadzor 17
18 GDPR regulations Impact on Data Transfers According to Roskomnadzor, GDPR requirements will not be applicable to data processing conducted in Russia, except for the limited cases of specifically targeting EU customers Registration as a data operator approach of EU regulations v. Roskomnadzor practice Russian law requirements generally applicable to any transfers to the EU operator s instruction / data transfer agreement no special rules on transfers between group companies (means the general rules apply) 18
19 SECTION 05 LOCALIZATION OF DATA STORAGE: RECENT TRENDS
20 Main Compliance Strategies Companies that process significant amount of personal data transfer all data of Russian citizens into a local data center: rent space in existing data center or create own data center hire third party vendor providing localization services Other businesses create a database containing employees personal data on the local computer (e.g. in HR department); and formalize transfer of data to other companies of the group by entering into a data transfer agreement; and include protective language into contracts with IT vendors re compliance with personal data laws, including localization requirements. 20
21 Follow Us! Morgan Lewis s Tech & Morgan Lewis blog highlights the latest developments and trends affecting technology, outsourcing, and other commercial transactions. ML on and #MLGlobalTech November 17: Hot Topics in Data Privacy Regulation in Russia in Russian 21
22 Biography Ksenia Andreeva Moscow T E ksenia.andreeva@morganlewis.com Ksenia Andreeva specializes in intellectual property (IP) matters. She advises on a wide range of transactional, regulatory, and commercial IP matters as well as disputes and enforcement of IP rights. Ksenia is a registered trademark lawyer and is admitted to represent clients before the Russian Patent and Trademark Office (Rospatent). She also has experience with IP disputes in the Chamber for Patent and Disputes and the Russian commercial courts. Her clients include companies in media, technology, telecommunications, and many other industries. 22
23 Biography Anastasia Dergacheva counsels diverse clients on a variety of matters relating to intellectual property, regulatory, and antitrust matters. Anastasia represents major Russian and multinational companies in a broad spectrum of industries, including entertainment, engineering, information technologies and telecommunications industries. Anastasia Dergacheva Moscow T E anastasia.dergacheva@morganlewis.com 23
24 Biography Vasilisa Strizh Moscow T E vasilisa.strizh@morganlewis.com Vasilisa Strizh represents global and domestic strategic and financial investors across multiple industries, including financial services, mass media and telecommunications, energy, and pharmaceuticals and life sciences. Vasilisa s practice focuses on cross-border investment, joint venture, and merger and acquisition transactions. Vasilisa also counsels on corporate governance and compliance. She has served as lead lawyer on complex corporate projects, including acquisitions, divestitures and joint ventures, public and private equity offerings, financing, and structured settlements. 24
25 Biography Brian Zimbler Moscow/Washington DC T Brian L. Zimbler advises on cross-border investment and financial matters, primarily in emerging markets. He has more than 25 years of experience with transactions involving Russia, Kazakhstan, and other countries in the former Soviet Union. Brian serves as the Managing Partner of the Moscow office, and has advised on some of the largest foreign investments in the region. Brian represents clients in a wide range of industries, including energy, manufacturing, media, pharmaceuticals and life sciences, real property, retail, and technology. T E brian.zimbler@morganlewis.com 25
26 Our Global Reach Our Locations Africa Asia Pacific Europe Latin America Middle East North America Almaty Astana Beijing* Boston Brussels Century City Chicago Dallas Dubai Frankfurt Hartford Hong Kong* Houston London Los Angeles Miami Moscow New York Orange County Paris Philadelphia Pittsburgh Princeton San Francisco Shanghai* Silicon Valley Singapore Tokyo Washington, DC Wilmington *Our Beijing and Shanghai offices operate as representative offices of Morgan, Lewis & Bockius LLP. In Hong Kong, Morgan Lewis operates through Morgan, Lewis & Bockius, which is a separate Hong Kong general partnership registered with The Law Society of Hong Kong as a registered foreign law firm operating in Association with Luk & Partners. 26
27 2017 Morgan, Lewis & Bockius LLP 2017 Morgan Lewis Stamford LLC 2017 Morgan, Lewis & Bockius UK LLP Morgan, Lewis & Bockius UK LLP is a limited liability partnership registered in England and Wales under number OC and is a law firm authorised and regulated by the Solicitors Regulation Authority. The SRA authorisation number is Our Beijing and Shanghai offices operate as representative offices of Morgan, Lewis & Bockius LLP. In Hong Kong, Morgan Lewis operates through Morgan, Lewis & Bockius, which is a separate Hong Kong general partnership registered with The Law Society of Hong Kong as a registered foreign law firm operating in Association with Luk & Partners. This material is provided for your convenience and does not constitute legal advice or create an attorney-client relationship. Prior results do not guarantee similar outcomes. Attorney Advertising. 27
HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA
HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA Ksenia Andreeva Anastasia Dergacheva Vasilisa Strizh November 27, 2018 2018 Morgan, Lewis & Bockius 2017 Morgan, Lewis & Bockius Contents News from the Russian
More information2018 Morgan, Lewis & Bockius LLP
CYBERSECURITY, PERSONAL DATA PROTECTION, AND INTERNET REGULATION IN RUSSIA Ksenia Andreeva, Anastasia Dergacheva, Vasilisa Strizh, Brian Zimbler May 22, 2018 2018 Morgan, Lewis & Bockius LLP Content Data
More informationGDPR and digital advertising: Strategies and best practices for implementing GDPR compliance
IP, Tech & Data GDPR and digital advertising: Strategies and best practices for implementing GDPR compliance Presented by: Gerard M. Stegmaier, Partner, Washington, D.C. October 17, 2018 What is GDPR,
More informationThird-Party Cyber Risk Management Webinar May 23, 2017
Third-Party Cyber Risk Management Webinar May 23, 2017 Today s speakers Nikole Davenport Senior Manager Deloitte & Touche LLP Nikole is a senior manager in Deloitte s Cyber Risk Services practice, specializing
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationWHAT SECTION 215A OF THE FEDERAL POWER ACT MEANS FOR ELECTRIC UTILITIES. Stephen M. Spina J. Daniel Skees Arjun P. Ramadevanahalli December 17, 2015
WHAT SECTION 215A OF THE FEDERAL POWER ACT MEANS FOR ELECTRIC UTILITIES Stephen M. Spina J. Daniel Skees Arjun P. Ramadevanahalli December 17, 2015 2015 Morgan, Lewis & Bockius LLP Agenda Introduction:
More informationDevelopments in Global Data Protection & Transfer: How They Impact Third-Party Contracts
Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com
More informationAssociation of Corporate Counsel
Type in document reference # if needed Privacy protection in a Globalized World Association of Corporate Counsel New York, 24 March 2015 1 The plan Bringing out the main cross-border privacy issues for
More informationEU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationDealing with Security and Security Breaches
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Dealing with Security and Security Breaches
More informationContributed by Djingov, Gouginski, Kyutchukov & Velichkov
Contributed by Djingov, Gouginski, Kyutchukov & Velichkov General I Data Protection Laws National Legislation General data protection laws The Personal Data Protection Act implemented the Data Protection
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationSCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationData Privacy and Cybersecurity
Data Privacy and Cybersecurity Key Contacts Timothy C. Blank Boston +1 617 728 7154 Dr. Olaf Fasshauer National Munich +49 89 21 21 63 28 Joshua H. Rawson New York +1 212 698 3862 Translate Page In an
More informationHF Markets SA (Pty) Ltd Protection of Personal Information Policy
Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and
More informationMark Your Calendars: NY Cybersecurity Regulations to Go into Effect
Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect CLIENT ALERT January 25, 2017 Angelo A. Stio III stioa@pepperlaw.com Sharon R. Klein kleins@pepperlaw.com Christopher P. Soper soperc@pepperlaw.com
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationGDPR is coming in less than 2 months Are you ready?
GDPR is coming in less than 2 months Are you ready? Charles-Albert Helleputte Partner, Brussels +32 2 551 5982 chelleputte@mayerbrown.com 30 March 2018 2 GDPR is everywhere... You were invited by UNICEO
More informationBig Data, Big Issues: Global Challenges and Effective Solutions
Big Data, Big Issues: Global Challenges and Effective Solutions Thomas Obermaier and Jonathan Armstrong SCCE Annual Compliance & Ethics Institute October 7, 2015 Las Vegas What is big data? Big data is
More informationPRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber
More informationConnected & Autonomous Vehicles
Connected & Autonomous Vehicles SAFETY CYBERSECURITY & DATA PRIVACY CORPORATE/ FINANCE TECHNOLOGY TRANSACTIONS Safety. Seasoned lawyers with decades of hands-on experience in vehicle safety compliance,
More informationPOMONA EUROPE ADVISORS LIMITED
POMONA EUROPE ADVISORS LIMITED Personal Information Notice Pomona Europe Advisors Limited (Pomona, we/us/our) wants you to be familiar with how we collect, use and disclose personal information. This Personal
More informationSANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018
SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationCyber Security Law --- Are you ready?
Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017 1 / B_LIVE_APAC1:2207856v1 Content Overview of Cyber Security Law Legislative Development Key Issues in
More informationGetting to Data Nirvana Data lakes and GDPR
Getting to Data Nirvana Data lakes and GDPR A User's guide 1 Hogan Lovells Data lakes and GDPR: A User's guide 3 Copyright 2018. This report is the property of Hogan Lovells and may not be published or
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationVistra International Expansion Limited PRIVACY NOTICE
Effective Date: from 25 May 2018 Vistra International Expansion Limited PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal
More informationThe Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches
The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches Edward McNicholas Global Co-Leader, Privacy, Data Security and Information Law Sidley Austin LLP The cyber threat is one of the most
More informationGLOBAL DATA PROTECTION POLICY
GLOBAL DATA PROTECTION POLICY BRS UK Version 1.0 TABLE OF CONTENTS SCOPE 2 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 2 Compliance with the European data protection law and any additional applicable
More informationPrivacy Notice. Lonsdale & Marsh Privacy Notice Version July
Privacy Notice Lonsdale & Marsh understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will
More informationNew York DFS Cybersecurity Regulation:
New York DFS Cybersecurity Regulation: Countdown to the August 28 Compliance Deadline Presented by: Craig Hoffman, Melinda McLellan & Jonathan Forman Moderated by: Carol Van Cleef July 27, 2017 Craig A.
More informationStarflow Token Sale Privacy Policy
Starflow Token Sale Privacy Policy Last Updated: 23 March 2018 Please read this Privacy Policy carefully. By registering your interest to participate in the sale of STAR tokens (the Token Sale ) through
More informationBIOEVENTS PRIVACY POLICY
BIOEVENTS PRIVACY POLICY At Bioevents, your privacy is important. Below you will find our privacy policy, which covers all personally identifiable data shared through Bioevents websites. Our privacy policy
More informationSection I. GENERAL PROVISIONS
LAW OF THE RUSSIAN FEDERATION NO. 5151-1 OF JUNE 10, 1993 ON CERTIFICATION OF PRODUCTS AND SERVICES (with the Additions and Amendments of December 27, 1995, March 2, July 31, 1998) Federal Law No. 154-FZ
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationLegal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
More informationProhire Software Systems Limited ("Prohire")
Prohire Software Systems Limited ("Prohire") White paper on Prohire GDPR compliance measures 11 th May 2018 Contents 1. Overview 2. Legal Background 3. How Prohire complies 4. Wedlake Bell 5. Conclusion
More informationVISTRA (CYPRUS) LTD. PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA (CYPRUS) LTD. PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights
More informationPPR TOKENS SALE PRIVACY POLICY. Last updated:
PPR TOKENS SALE PRIVACY POLICY Last updated: 05.03.2018 STATUS AND ACCEPTANCE OF PRIVACY POLICY 1. This Privacy Policy (hereinafter referred to as the Policy ) sets forth the general rules of Participant
More informationRadio Research and Development Institute (NIIR) Moscow, Russian Federation
Radio Research and Development Institute (NIIR) Moscow, Russian Federation Proposals to ITU CWG-Internet open consultations on "Public Policy considerations for OTTs" September, 2017 In accordance with
More informationToken Sale Privacy Policy
Token Sale Privacy Policy PRIVACY POLICY LAST UPDATED ON: [11 SEP 2018] A. OVERVIEW You must read the entirety of this Privacy Policy carefully before making any decision to purchase Tokens. You must also
More information1. Right of access. Last Approval Date: May 2018
Page 1 of 5 I. PURPOSE The European Union s General Data Protection Regulation (GDPR) provides greater data protection for individuals in the European Union (EU). This comprehensive regulation, effective
More informationVISTRA MONACO PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA MONACO PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights in
More informationPrivacy Law Doing Business In Canada
Privacy Law Doing Business In Canada Does Canada Have Privacy Legislation? Federal Legislation Canada has a comprehensive legal framework that governs the collection, retention, use and disclosure of the
More informationGDPR compliance: some basics & practical to do list
GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations
More informationData Processing Agreement
Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT
More informationOnlineNIC PRIVACY Policy
OnlineNIC PRIVACY Policy ONLINENIC INC (ONLINENIC) TAKES YOUR PRIVACY SERIOUSLY. Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data.
More informationNHTSA/FTC Joint Workshop
NHTSA/FTC Joint Workshop July 2017 Connected cars were a topic of active discussion in Washington DC at the end of June 2017. Congress held hearings on a range of proposed legislation designed to address
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationIIB s Risk Management and Regulatory Examination / Compliance Seminar
IIB s Risk Management and Regulatory Examination / Compliance Seminar Cybersecurity: Regulatory Developments and Industry Practices Presented at: CUNY Graduate Center October 25, 2016 9:00 a.m. 10:15 a.m.
More informationVIACOM INC. PRIVACY SHIELD PRIVACY POLICY
VIACOM INC. PRIVACY SHIELD PRIVACY POLICY Last Modified and Effective as of October 23, 2017 Viacom respects individuals privacy, and strives to collect, use and disclose personal information in a manner
More informationNIPPON VALUE INVESTORS DATA PROTECTION POLICY
NIPPON VALUE INVESTORS DATA PROTECTION POLICY INTRODUCTION Nippon Value Investors KK and Nippon Value Investors, Inc. (together NVI ) are committed to protecting the privacy of individuals whose data they
More informationencrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationPERSONAL DATA PROTECTION IN RUSSIA
PERSONAL DATA PROTECTION IN RUSSIA 1. Legislative Framework and Regulatory Authorities... 2 2. Terms and Definition... 2 3. Key Principles of Data Processing... 3 4. Rights of Data Subjects... 4 5. Formalities
More informationGDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018
GDPR Privacy Webinar Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018 Prioritizing Your Path to GDPR Compliance Presented by Half-Day Workshops Online
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationAs set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.
As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above. B (1)B (2) * In the case of a non-hong Kong ID cardholder, state the passport number or any identification
More informationData Leak Protection legal framework and managing the challenges of a security breach
Data Leak Protection legal framework and managing the challenges of a security breach ACC Europe's Annual Conference 2009 June 7-9, 2009 Geneva Alexander Duisberg Partner, Bird & Bird LLP About Bird &
More informationLiechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.
Contributed by Wanger Advokaturbüro General I Data Protection Laws National Legislation General data protection laws The Data Protection Act (the DPA ) dated 14 March 2002 and the relevant Ordinance on
More informationFive Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification
July 2016 Follow @Paul_Hastings Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification By Paul Hastings Global Privacy and Cybersecurity
More informationBe-novative Privacy Policy
Be-novative Privacy Policy 1. Data handling principles and procedures 1.1. The Objective of Data Management The objective of the present Guide is to establish the data protection and data management policy
More informationBHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD
BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities
More informationVISTRA ZURICH AG - PRIVACY NOTICE
Effective Date: from 25 May 2018 VISTRA ZURICH AG - PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights
More informationLAW OF THE REPUBLIC OF KAZAKSTAN «ON CERTIFICATION»
April 27\ 99 Draft LAW OF THE REPUBLIC OF KAZAKSTAN «ON CERTIFICATION» This Law shall establish legal basis of certification of products, quality systems and production, (further processes), works and
More informationDATA PROTECTION LAWS OF THE WORLD. Bahrain
DATA PROTECTION LAWS OF THE WORLD Bahrain Downloaded: 7 April 2018 BAHRAIN Last modified 25 January 2017 LAW There is currently no standalone data protection law in Bahrain. A draft is being reviewed before
More informationTerms of Use. Changes. General Use.
Terms of Use THESE TERMS AND CONDITIONS (THE TERMS ) ARE A LEGAL CONTRACT BETWEEN YOU AND SPIN TRANSFER TECHNOLOGIES ( SPIN TRANSFER TECHNOLOGIES, STT, WE OR US ). THE TERMS EXPLAIN HOW YOU ARE PERMITTED
More informationDigital Signatures Act 1
Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,
More information11, 2018 PRIVACY POLICY
Last Updated: March 11, 2018 PRIVACY POLICY BY USING OR ACCESSING THE WEBSITES, SYSTEMS OR SERVICES OF THE COMPANY AND (OR) ANY OF ITS AFFILIATES YOU SIGNIFY YOUR ACKNOWLEDGMENT AND ASSENT TO THE PRIVACY
More informationImpacts of the GDPR in Afnic - Registrar relations: FAQ
Impacts of the GDPR in Afnic - Registrar relations: FAQ Background The adoption of Regulation (Eu) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural
More informationFTC Issues Final Rule Under CAN-SPAM Act Defining Commercial Primary-Purpose s: What it Means for Associations
February 2005 Bulletin 05-05 If you have questions or would like additional information on the material covered in this Bulletin, please contact one of the authors: Henry A. Hart 202.414.9225 hhart@reedsmith.com
More information2014 Luxury & Fashion Industry Conference for Multinationals
2014 Luxury & Fashion Industry Conference for Multinationals Privacy, Data Protection, and the Impact of Social Media and Online Behavioral Advertising on the Industry Anna Gamvros, Hong Kong Francesca
More informationLatham & Watkins Environment, Land & Resources Department
Number 1218 July 21, 2011 Client Alert Latham & Watkins Environment, Land & Resources Department The City of Malibu and the Regional Water Board Reach an Agreement on a Possible Malibu Sewer System The
More informationEmsi Privacy Shield Policy
Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (
More informationPriv ac y Policy. Last upda ted:
Priv ac y Policy Last upda ted: 05.2014 This Privacy Policy describes the policies and procedures of ZET / Adrian Zingg / ZetApps and any subsidiaries and affiliated entities (together, Company, we or
More informationCyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology
Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016 The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1 World Internet
More informationGDPR and the Privacy Shield
GDPR and the Privacy Shield Mark Prinsley Partner +44 20 3130 3900 mprinsley@mayerbrown.com Kendall Burman Counsel + 202 263 3210 kburman@mayerbrown.com Speakers Kendall Burman Counsel Washington DC Mark
More informationEU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know
EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive
More informationPrivacy Notice - General Data Protection Regulation ( GDPR )
THIS PRIVACY NOTICE APPLIES TO ANY PERSON WHO INSTRUCTS AN INDIVIDUAL BARRISTER AT 12 OLD SQUARE CHAMBERS EITHER DIRECTLY OR THROUGH A SOLICITOR OR WHO ASKS THE INDIVIDUAL BARRISTER FOR A REFERENCE Privacy
More informationPrivacy Policy. Effective as of October 5, 2017
Effective as of October 5, 2017 Privacy Policy ClassApps LLC ( ClassApps, we, us, or the Company ) is committed to protecting the privacy of individuals who visit the Company s Web sites ( Visitors ),
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationDeveloping and Implementing Data Protection Law: Malaysia and Beyond
Developing and Implementing Data Protection Law: Malaysia and Beyond Professor Abu Bakar Munir Faculty of Law, University of Malaya Malaysia K&K Advocates - Expert Panel Discussion on Data Protection Jakarta,
More informationGetting Your Privacy House in Order
Getting Your Privacy House in Order Lisa J. Sotto Ewa Abrams Victoria King Partner Associate General Counsel Global Privacy Officer Hunton & Williams LLP Tiffany & Co. UPS (212) 309-1223 (212) 230-5351
More informationCIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification
CIPP/E CIPT Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification The CIPP/E + CIPT credentials shows you ve got the knowledge to build your organization s privacy
More informationThis website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups.
Privacy Policy This website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups. Your privacy is important to us and this Privacy Policy ( Policy ) provides information
More informationGLOBAL DATA PROTECTION POLICY
GLOBAL DATA PROTECTION POLICY Last update: April 2nd, 2018 SCOPE 3 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 3 Compliance with the European Data Protection Law and any additional applicable data
More informationFinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.
FinFit Web Privacy Policy General: This Privacy Policy ( Policy ) describes the ways FinFit, LLC ( FinFit, we, us) collects, stores, uses and protects information we receive from you or that you may provide
More informationCanada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask
Canada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask Author: Jennifer Babe, LL.M, ICD.D Why Should I Read This Alert? a) despite its name, this Act covers much more
More informationData Use and Reciprocal Support Agreement (DURSA) Overview
Data Use and Reciprocal Support Agreement (DURSA) Overview 1 Steve Gravely, Troutman Sanders LLP Jennifer Rosas, ehealth Exchange Director January 12, 2017 Introduction Steve Gravely Partner and Healthcare
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationCatalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1
Catalent, Inc. Privacy Policy, effective May 25, 2018 1. This Policy This Privacy Policy (this Policy ) is issued by Catalent, Inc. on behalf of itself and its domestic and international subsidiaries and
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationVERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT
VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT 84095-9998 SNOWFLY PRIVACY POLICY This Privacy Policy describes Snowfly s practices regarding the
More informationProposed WEEE Directive A Step-by-Step Analysis
Proposed WEEE Directive A Step-by-Step Analysis NEMI Product Take-Back and Recycling Workshop October 10-11 Louisville, Colorado Jean-Philippe Brisson, attorney jp.brisson@allenovery.com Outline Section
More informationDepartment of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY
Department of Veterans Affairs VA DIRECTIVE 6502.3 Washington, DC 20420 Transmittal Sheet WEB PAGE PRIVACY POLICY 1. REASON FOR ISSUE: To establish policy for the Department of Veterans Affairs (VA) for
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More information