Data & IT Law Monthly: February 2015

The overview of interesting Data & IT Law articles and news in February 2015!

Facebook’s new terms of service under review in Belgium

Belgium’s Privacy Commission requested an analysis of Facebook’s new terms of service, with respect to data protection legislation. Two groups, based in University of Leuven and Free University of Brussels, analysed the updated terms of service and concluded that Facebook is acting unlawfully in Europe.

“Facebook “places too much burden on its users” by requiring them to change a wide array of settings to maximize privacy. The company was also cited for its handling of social ads and for providing people no control over the use of location data or of their appearance in ads.” (more info)

Data protection regulation and Asia: 2015 a turning point?

The authors address the question in their analysis of legislation changes in Asian countries. They say that “2014 was a very eventful year for data privacy regulation in Asia and there are reasons to believe that 2015 will represent a turning point for the region as established privacy regimes are toughened and new regimes enacted in recent years begin to mature.”

European-style privacy laws were enacted in Singapore and Malaysia, China’s consumer protection law includes data privacy principles now and financial penalties were increased in South Korea. The article also gives more detailed information about more countries, such as Hong Kong, Japan, etc.

Cloud computing – is encryption enough?

The article deals with the use of encryption as the method for data protection in the cloud, in particular for health data. It is an important topic, since it is one of the most widely used methods.

The article quotes Prof Steven M. Bellovin, who argues that the decryption key is always present somewhere in RAM. “As a result, the robustness of the database encryption scheme becomes nearly irrelevant and would likely not have posed a substantial barrier to someone with the know-how to circumvent authentication protocols in the first place.”

Finally, the article describes reasonable steps that can be taken to deter all but the most sophisticated hackers (eg.: multifactor authentication).

Data protection regulation and Africa: news in the regulation

The article gives an overview of data protection legislation in African countries. The authors describe an increasing trend in the adoption of this type of legislation.

“Currently, 14 African countries have privacy framework laws and some sort of data protection authorities in place. Once the African Union Convention on Cyber Security and Personal data Protection (Convention) is ratified across the continent, many other nations will likely enact personal data protection laws.”

Countries, which have data protection bills in place, are: Kenya, Madagascar, Mali, Niger, Nigeria, Tanzania, and Uganda. Many analysts assume that the Convention would result in the European style of data protection regime in the whole Africa.

LegalTech 2015: new legal analytics projects

The author describes her experience from the LegalTech 2015 conference. For some reason, she met a lot of founders of new law technology firms, who dealt with documents.

First, she learned about Opus2 Magnum, which “offers “evidence analysis and case collaboration” software.”

Secondly, she talked to the co-founder of Factbox. It “allows litigation teams to gather the relevant facts of a case into a dynamic document and then provides links to the original source of the fact or quote.”

Finally, she met the founder of Allegory. It is an “intuitive software designed to connect all of the relevant information that a litigation team needs to prepare a case for trial.”