Data & IT Law Monthly: March 2015

The overview of interesting Data & IT Law articles and news in March 2015!

The use of data in farming and agriculture

Paul Goeringer published an interesting article about the use of data in farming and agriculture. This data includes yield data, the amount of inputs utilized, soil mapping, nutrient levels, etc. “This data gives (…) parties a good idea of what the farm is capable of producing.”

The author recommends what type of clauses are to be included in the farm lease contract. They are:

1. Define what the data is;
2. Layout early on who owns this data; and
3. Specify how data is shared or not shared among landlord and tenant and that data is transferred to the landlord at the end of the lease.

Cookies and EU law

Damian Clifford had published an article in the Journal of Intellectual Property, Information Technology and E-Commerce Law about the cookies and EU Law. In his article “EU Data Protection Law and Targeted Advertising: Consent and the Cookie Monster – Tracking the crumbs of online user behavior” he provides a legal analysis of the use of cookies in Online Behavioural Advertising.

“The article outlines the current difficulties associated with the reliance on this requirement as a condition for the placing and accessing of cookies. Alternatives to this approach are explored, and the implementation of solutions based on the application of the Privacy by Design and Privacy by Default concepts are presented.”

Cross-border transfer of data from China

The article gives an overview of legal issues companies had to deal with, when they decide to store their data in China.

One of them is the plurality of legislation. “(T)here is no single law in China aimed exclusively at protecting personal data.  Instead, provisions of authorities such as the Constitution of the People’s Republic of China, the General Rules of Civil Law and the Tort Liability Law, industry-specific guidelines and local statutes are patched together as a data protection regime.”

Secondly, companies had to deal with state secrets concerns. The article describes 7 categories of protected state secrets. ABC

The first hearing of the Court of Justice of European Union about the legality of Safe Harbor

Following the revelations of Edward Snowden, the Court of Justice of European Union deals with the case about the legality of Safe Harbor framework. Safe Harbor is a US-EU framework, which enables an easier cross-border transfer of data.

The High Court of Ireland had questioned, whether “the adequacy assessment made by the European Commission (‘the Commission’) with regard to data transfers towards third countries in its Decision 2000/520/EC on ‘Safe Harbor’ is binding on Member States’ Data Protection Authorities (DPAs).””

The plaintiff in the original Irish dispute had argued that “‘the general accessibility to the NSA and other US security agencies of the transferred data of the applicant […] constitutes a manifestly disproportionate interference with [the applicant’s] right to privacy and data protection.’ “

The case should be resolved in summer 2015.

Data encryption the most common method

There is no need to mention in a greater detail, that cyber attacks represent a huge risk for the functioning of any business. CipherCloud published a study, in which they looked at the data protection strategies the companies used in more details.

Some of the interesting results:

• “data encryption (81 percent) led tokenization (19 percent) at enterprises with a cloud security deployment. Latin America topped all regions with 100 percent of protection efforts centered on encryption while North America, Europe and Asia-Pacific deployed encryption by 85 percent, 78 percent and 50 percent margins.”
• “Of the top four sectors, only Government (9 percent) favored the use of tokenization over encryption. The reverse was the case for Finance, Healthcare and Telecommunications, which cited the need for function preservation and the ability to search, sort and filter their data. This was particularly the case for Telecommunications companies, which all use encryption as part of their data protection strategy.”