With the widespread adoption of “super-apps”, multinational companies operating in China and other emerging economies may be exposed to heightened compliance risks, particularly in light of the recent adoption of a new US Foreign Corrupt Practices Act Corporate Enforcement Policy (FCPA Enforcement Policy) that restricts the use of third-party apps for undocumented business communications.
The fourth edition of Boardroom Brexit explains the key developments in the Brexit negotiations over the last few months and their importance to your business. For a complete analysis by our colleagues, Richard Bonnar, Paul Hardy, and Jeroen Jansen, please click here.
Last month, Jeremy Lustman, who leads the firm’s Israel Country Group, participated as a member of Israeli Prime Minister Benjamin Netanyahu’s business delegation on the premier’s historic visit to India. The trip marked 26 years since the two countries first established diplomatic relations, and came on the heels of Indian Prime Minister Narendra Modi’s visit to Israel just six months prior.
Among a select group of business leaders, Jeremy met with representatives from a diverse cross-section of both Israeli and Indian industries, including cybersecurity, water-tech, healthcare and agriculture. Over the course of the half-week business summit, held in both Delhi and Mumbai, the two countries’ respective delegations developed and discussed key investment and trade strategies, innovation and new technologies, and mutually beneficial economic ventures. Significantly, to implement these objectives, the countries’ officials executed nine agreements and memoranda of understanding in connection with energy, aviation, film co-production, space science, and solar thermal technologies, among others.
Addressing the summit, Prime Minister Netanyahu praised the countries’ bond as a “partnership made in heaven,” inviting each country’s leaders to “[l]et us now consecrate [the partnership] on earth.” He implored the representatives to “[c]ome to Israel [and] invest in Israel,” promising that “Israel will come here as well.”
Just recently, DLA Piper’s Israel Country Group co-hosted its own Israel-India Summit, too. In November 2017, governmental and business representatives from each country met in Herzliya, Israel, for an instructive half-day event focused on opportunities and challenges for the countries’ mutual economic ties.
We look forward to continuing to create unique opportunities for our clients by leveraging our global relationships, including our Israeli and Indian business relationships, and by providing integrated legal solutions and strategies spanning a diverse array of industries and sectors.
Last week, Jeremy Lustman had the honor of introducing a panel discussion entitled, “Are We There Yet? Four Ideas Driving the Revolution in Mobility”, at OurCrowd’s annual Global Investor Summit that took place in Jerusalem. The panel focused on the shifting world of personal transportation that will radically transform how people get from one place to another: autonomous driving, electric vehicles, connectivity, and shared mobility.
In DLA Piper’s latest Technology Sector Alert, our colleague Vincent Man also looks at how cars are quickly becoming an integrated part of the Internet of Things, and how with that evolution comes both risks and opportunities for companies in the car industry in areas such as (i) patents and litigation, (ii) liability from manufacturing defects or design defects, and (iii) liability from breaches of privacy legislation. To read the entire article, please click here.
Our Connected and Self-Driving Car group advises on the full range of business legal issues arising from connected and self-driving cars. Our multidisciplinary global team draws on the firm’s vast global experience in data protection and privacy, intellectual property licensing, environmental, regulatory, government affairs, litigation and tax to help stakeholders mitigate risk and take advantage of new opportunities.
At home, social media dilemmas include being 62 weeks deep in a social media account, and accidentally dropping a dreaded double-tap, “liking” a photo and releasing a notification that reveals your not-so-secret surveillance. It gets worse. What if you were perusing the account of an ex’s new flame?
At work, social media can present even graver issues. As employers adjust to using social media, courts struggle to determine who owns work-related social media accounts: the employer or the former employee?
Employers now need to address ownership to avoid losing valuable social media assets. Continue Reading
Russian foreign exchange regulation and currency control laws have been modified through two sets of amendments. Our colleagues, Steffen Kaufmann, Maria Shevchenko, and Alexi Kolesnikov, compare the current rules to the new rules that will go into effect in early 2018 here.
Our colleague Giulio Coraggio explains how privacy legitimate interest might become difficult to manage in Italy following provisions introduced by means of the Budget Law:
The Italian legislator seems not to like legitimate interest as legal basis of data processing. Indeed, under the current Italian Privacy Code, it required a previous approval from the Italian Data Protection Authority, while a new provision of the Italian Budget Law introduces a regime (to be applicable under the GDPR) which seems a sort of “hidden prior approval“, despite of the fact that the GDPR is based on the accountability principle and requires to adopt a risk based approach.
What provides the Italian law on legitimate interest?
The Budget Law provides that data controllers which process personal data through automated means or “new technologies” on the basis of legitimate interest shall:
- send a prior notification to the Italian data protection authority (DPA), attaching an information notice (a privacy information notice or just a template to provide details on the data processing activity not to be incorporated in the privacy information notice, it is not clear!) to be drafted according to a template and guidelines that the Italian DPA shall issue; and
- wait for the approval from the Italian DPA, but
- will be able to start the data processing activity 15 days after the delivery of the material referred above
- which will not trigger a silent approval since the Italian DPA shall start in any case an investigation on the matter and might require to suspend and in most relevant cases terminate the data processing activity.
What issues I can see?
We will have to see how the matter will be regulated in the procedure and guidelines to be issued by the Italian DPA, but my first comments are:
- since the provision applies to data processing activities based on legitimate interest and performed through automated means and new technologies (which are not clarified) and we are in 2018 when any type of data processing activity is performed in a digital format, this means that any data processing activity based on legitimate interest risks to be caught by the requirements above;
- the most diligent companies that have been working for months on their GDPR compliance program, also already adopting a privacy information notice compliant with both the current privacy regime and the GDPR in order to avoid the notification of a new privacy information notice on the 25th of May 2018 and to collect GDPR compliant privacy consents, could lose part of the work already done since they might need to notify again a new version of the privacy information notice (if the information notice referred in the law is meant as a privacy information notice) because
- the template of privacy information notice and the approval procedure provided to be issued by the Italian DPA is not yet in place; and
- the template to be issued by the Italian DPA might be, even merely formally, differ from the GDPR compliant privacy information notice already adopted; and
- it is not clear what happens to data processing activities based on legitimate interested that have been started 15 days after the notification to the Italian DPA and are subsequently challenged by the Italian DPA. Indeed, this scenario risks to put companies in a difficult position of uncertainty.
Is the provision compliant with the GDPR?
The last issue that came to my mind is whether this provision falls within the scope of discretionality granted to EU Member States by the GDPR. Indeed,
- the GDPR does not provide that Member States can introduce conditions to the exercise of the legitimate interest whose terms have already been subject of the guidelines of the Article 29 Working Party;
- the procedure above and even the template of privacy information notice introduce a sort of “prior check” which is in contrast with the GDPR principle of accountability; and
- the Italian guidelines on legitimate interest cannot be inconsistent with those adopted by the Article 29 Working Party and
- if a similar procedure was introduced by Italy and, following the Italian approach, by other EU Member States the risk is to create a much higher level of uncertainty on privacy laws across the EU, which was meant to be avoided through the GDPR. This is true also because the GDPR does not provide for the so called “principle of establishment“. Therefore multinatinational companies operating from their headquarter in an EU country across the whole EU risk to comply with 27 slightly different privacy laws.
Our hope is that the Italian DPA will not issue any template of privacy information notice, but just require a notification according to a template to be issued by them or better convince the Government that such provision is not compliant with the GDPR.
On January 17, 2018, we hosted our fourth Win Israel GC Confidential Dinner entitled, “To Consent or Not to Consent: That is the Question!” This exclusive dinner, which took place at Lumina Restaurant in Tel Aviv, included General Counsel and in-house legal counsel from Amdocs, Wix, SodaStream, Gett, SimilarWeb, and Stratasys, among other companies. Patrick Van Eecke, Global Co-Chair of our Data Protection, Privacy and Security Practice, spoke to the audience about the many complex issues associated with the new consent requirements under the GDPR, including the 10 principles and 6 legal grounds of processing data. It was a truly enjoyable and educational evening, please keep a lookout for information on our upcoming WIN Israel GC Confidential Dinners.
Although the U.S. Congress was not successful in its attempt to repeal and replace the Affordable Care Act (ACA) in full by the end of 2017, President Trump took another route in October 2017 and released an Executive Order aimed at essentially weakening the law at its most critical points. The EO directed officials in the Department of Health and Human Services (HHS), alongside both the Departments of Labor and Treasury, to move forward in promulgating certain regulatory changes that began impacting the health insurance markets in 2017. This ongoing evolution will certainly continue on through 2018 and beyond.
In the latest issue of DLA Piper’s Financial Report Series, which offers financial news from the Americas, Asia Pacific and Europe, our colleagues discuss and analyze:
- News from the Americas
- US Securities and Exchange Commission Developments
- US Commodity Futures Trading Commission Developments
- US Banking and Treasury Department Developments
- US Exchanges and Self-Regulatory Organizations
- News from Asia and the Pacific
- News from Europe
- Global Regulators
Read the entire issue here.