Global Privacy and Security Law treatise, Supplement #12

Posted by fgilbert on October 4th, 2013

Supplement #12 to our two-volume treatise Global Privacy and Security Law has been shipped to our subscribers!!

29 chapters have been updated. The most significant changes are described below.


  • Chapter 17 – Canada: The Federal Privacy Commissioner of Canada has issued several reports, including reports requesting amendments to PIPEDAs. The update also provides information regarding several court cases and decisions that affect data privacy and security.
  • Chapter 24 – Dominican Republic: In the Dominican Republic, the Constitutional Court has issued a decision on the publication of criminal records in public access registers.
  • Chapter 65 – United States of America: The United States chapter has been significantly reorganized and supplemented to take into account the evolution of the American legal and regulatory landscape since the first publication of the Global Privacy and Security Law treatise in 2009, the driving role played by the Federal Trade Commission, and the recent interest in the laws that regulate US government access to data. In addition, the chapter includes an analysis of the new Health Information Rules (developed under HIPAA and the HITECH Act), which came into force at the end of September 2013, and the new Children’s Online Information Protection Rule (developed under COPPA), which came into effect on July 1, 2013.


  • Chapter 19 – China: In March 2012, China’s Ministry of Industry and Information Technology issued “Several Provisions” that regulate the telecommunications market, these provisions supersede the Administrative Provisions on Internet Information Services for soliciting public opinions (issued on July 2011). The chapter has been updated with information regarding definitions, rules, and regulations for ISP’s under “Several Provisions.”
  • Chapter 38 – Japan: The update provides a status of the enforcement of the Data Protection Law.
  • Chapter 10 – APEC: Asia continues its progress in the development of a privacy framework that is less stringent than the one currently in effect in the European Union. In the recent months, the Crossborder Privacy Rules, an initiative intended to reduce barriers to information flows, has made progress. The United States has already been approved to participate in the CBPR System, and the Federal Trade Commission as its first enforcement authority. Mexico recently obtained its approval and in June 2013, Japan applied to participate.


  • Chapter 26 – Estonia: In Estonia, the Employee Information section has been updated to include information on recording telephone calls. Clarification has also been provided regarding the rules for employee consent.
  • Chapter 28 – France: This update provides a brief summary of the CNIL 33rd activity report for 2012. The section on video surveillance is supplemented with information about a recent case in Paris. A new section has also been added regarding Illegal Downloading, which describes the requirements for employers to monitor Internet usage of their employees.
  • Chapter 32 – Hungary: The update describes the recent recommendation by the Hungarian Data Protection and Freedom of Information Agency on video surveillance in the workplace and other developments regarding data processors ability to subcontract work to other processors.  The Agency has also been vested with a new function, that of auditor for data controllers.
  • Chapter 33 – Iceland: Two new sections have been added regarding International Treaties and Agreements to which Iceland is party and about data protection guaranties found in the Constitution of the Republic of Iceland. The chapter has also been supplemented with information regarding the status of implementation of Article 5(3) of the 2009 Directive regarding the use of cookies.
  • Chapter 40 – Liechtenstein: The update includes information regarding International Treaties and Agreements to which Liechtenstein is party and information regarding data protection in the country’s Constitution. The update also provides information regarding the status of implementation of Article 5(3) of the 2009 Directive.
  • Chapter 41 – Lithuania: Two new subsections on the exchange of personal data for evaluation of solvency and debt management and on video surveillance have been added to the Data Protection Law section.
  • Chapter 46 – Netherlands: The update to the Netherlands chapter provides an overview of the Article 29 opinion on the definition of “personal information,” “purpose limitation” and “use limitation.” The chapter also describes the status of the 2009 cookie directive implementation. Netherlands appears to be leaning towards a less strict interpretation of the 2009 provisions. The Netherlands Data Protection Commissioner has published guidelines for the security of personal data, which provides a checklist of appropriate measures. Finally, the chapter provides an in depth analysis of the whistle blowing provisions that apply to civil servants.
  • Chapter 47 – Norway: The 2009 Directive has not yet been implemented but the Norwegian Parliament has submitted a plan on its implementation. A new section on health information has been added, and the section on electronic communications has been supplemented with information regarding traffic data. Also described in this updated is the Supreme Court’s ruling on a case involving the collection of employee GPS location data by a waste company.
  • Chapter 50 – Portugal: An update on the implementation of the 2009 Directive with respect to cookies and security breach disclosure requirements is included in this supplement.
  • Chapter 51 – Romania: The update to the Romania chapter focuses on the implementation of the 2009 amendment to the 2002 e-Privacy Directive into the Data Protection Law regarding the use of cookies.
  • Chapter 54 – Slovakia: The chapter describes recent reports of the Office for Personal Data Protection regarding the processing of biometric data, its investigation of e-shops, and the requirements to notify data subjects when performing video surveillance.
  • Chapter 55 – Slovenia: The Electronic Communications Act came into force, implementing Article 5(3) of the 2009 amendment to the 2002 ePrivacy Directive.
  • Chapter 59 – Sweden: The update to the Sweden chapter describes a 2012 case involving surveillance cameras in a high school. An update on the ePhone case is also included.
  • Croatia: In addition to the above, to take into account the arrival of Croatia in the European Union as its 28th member state, several chapters have been slightly modified.  Supplement # 13 to the Global Privacy and Security Law treatise will contain a new chapter, which will analyze Croatia’s data protection laws in the same way as the other laws of other countries have been described and analyzed.

Middle East – Africa

If you are a subscriber, and you have not yet received your copy please let me know.


Similar Posts
Posted in International

Comments are closed.