Tag: International

Singapore Addresses Confidentiality of Electronic Patient Records in New Healthcare Services Bill

Share

Singapore’s Ministry of Health (MOH) recently drafted a new Healthcare Services (HCS) Bill aimed to bridge the gap between the country’s changing healthcare needs and technological advances.  According to the MOH, the healthcare landscape in Singapore is undergoing significant changes, including an ageing population, increased chronic disease prevalence, and advancements in medicine and health technologies.  The HCS Bill will “better safeguard the safety and well-being of patients, while enabling new and innovative services that benefit patients to be developed, in the changing healthcare environment.”

Currently, healthcare providers in Singapore are licensed and regulated under the Private Hospitals and Medical Clinics Act (PHMCA), which was designed to protect patient safety through the licensing of physical healthcare premises.  But, brick and mortar locations are quickly becoming a thing of the past as more and more healthcare services are delivered through mobile and online channels.  MOH intends to respond to this shift by repealing the PHMCA and replacing it with this new HCS Bill.

Continue reading “Singapore Addresses Confidentiality of Electronic Patient Records in New Healthcare Services Bill”

Article 29 Working Party Releases Guideline WP260 on Transparency under the GDPR

Share

The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency.  Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP 29 working party will issue final guidance. WP29 is an independent European advisory body on data protection and privacy.

This blog post focuses on WP260, the guideline on transparency. Our companion post on WP259, the guideline on consent can be read here.

Transparency has long been a fundamental feature of EU privacy law and is an overarching obligation under the GDPR. The draft guideline notes that a central consideration of the principle of transparency is that the data subject should be able to determine in advance what the scope and consequences of the processing entails. Transparency applies in three central areas:

  • The provision of information to data subjects related to the fair processing of their personal data.
  • How data controllers communicate with data subjects in relation to their rights under the GDPR.
  • How data controllers facilitate the exercise by data subjects of their rights.

Continue reading “Article 29 Working Party Releases Guideline WP260 on Transparency under the GDPR”

Article 29 Working Party Releases Guideline WP259 on Consent under the GDPR

Share

The Article 29 Working Party (WP29) released two guideline documents, WP259 and WP260, on the General Data Protection Regulation (GDPR) concepts of consent and transparency in November.  Comments on both documents will be accepted by the Working Party through January 23, 2018 after which the WP29 will issue final guidance.   WP29 is an independent European advisory body on data protection and privacy.

This blog post focuses on WP259, which is the guideline on consent. We have also written a companion blog on WP260, the guideline on transparency.

Guideline on Consent

The guideline provides a thorough analysis of the notion of consent, which is one of the six lawful bases to process personal data under the GDPR. Article 4(11) stipulates that consent of the data subject must be:

  • Freely given.
  • Specific.
  • Informed.
  • Unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Continue reading “Article 29 Working Party Releases Guideline WP259 on Consent under the GDPR”

Human Rights Watch Denounces China’s Big Data Policing

Share

An international human rights organization is urging the Chinese government to stop building big data policing technologies that aggregate and analyze citizens’ personal information.  Though governments collecting information about its citizens is not new, China has begun pursuing newer and ambitious technologies, such as big data analytics, facial recognition, and cloud computing, to better and more quickly aggregate, mine, and leverage personal information.
Continue reading “Human Rights Watch Denounces China’s Big Data Policing”

First Annual Review of the Privacy Shield Framework

Share

The European Commission published its first annual report on the functioning of the EU-U.S. Privacy Shield, which protects the personal data transferred from the EU to companies in the U.S. for commercial purposes. The report was released on October 18, 2017.

The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the U.S. from the EU in a way that is consistent with EU law.  The framework is based on a certification system by which U.S. companies commit to adhere to a set of Privacy Shield Principles.   To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the   Principles. A company’s failure to comply with the Principles is enforceable under Section 5 of the FTC Act, which prohibits unfair or deceptive acts.   The key requirements for participating companies include:

  • Informing individuals about data processing
  • Providing free and accessible dispute resolution
  • Cooperating with the Department of Commerce
  • Maintaining data integrity and purpose limitations
  • Ensuring accountability for data transferred to third parties
  • Transparency related to enforcement actions
  • Ensuring commitments are kept as long as data is held

Continue reading “First Annual Review of the Privacy Shield Framework”

Connected Car Resolution adopted by the International Conference of Data Protection and Privacy Commissioners

Share

Connected car data protection generated significant discussion amongst people at the International Conference of Data Protection and Privacy Commissioners. The 39th annual conference brought together privacy and data protection authorities (DPAs) from around the world in Hong Kong in September.  Consistent with prior tradition, the “closed sessions” produced three separate nonbinding resolutions.

Continue reading “Connected Car Resolution adopted by the International Conference of Data Protection and Privacy Commissioners”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy