Articles

• Gercke, Marco, Content of a Comprehensive Cybersecurity Legal Framework, Structuring the legislative Cybersecurity inventory into minimum standards and optional add-ons, CRI 2014, 33-40
  The importance of addressing Cybersecurity with strategies, policies and legislation is widely recognized. But when it comes to details, especially the content that should be covered in a legal framework, many questions remain unanswered. This is mainly a consequence of the lack of widely accepted international standards. The article firstly summarises (I.). Then, t an overview about selected regional and international standards is provided (II.). Finally, the article presents an inventory of legal areas to be contemplated when crafting suitable national Cybersecurity legislation (III.).

• Schuppert, Stefan, The EU Parliament Vote on the EU General Data Protection Regulation – The Death of Binding Corporate Rules for Processors?, CRI 2014, 40-44
  On March 12, 2014, the European Parliament adopted the draft EU General Data Protection Regulation by a large majority (http://europa.eu/rapid/press-release_MEMO-14-186_en.htm; adopted text available at: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2014-0212+0+DOC+XML+V0//EN&language=EN). The vote affirmed the text suggested and already adopted by the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee" or the “Committee"; http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-%2f%2fEP%2f%2fTEXT%2bREPORT%2bA7-2013-0402%2b0%2bDOC%2bXML%2bV0%2f%2fEN&language=EN). To the great surprise of many privacy professionals, the LIBE Committee deleted the provisions on the newest tool for legitimizing international transfers of personal data: the Binding Corporate Rules for Processors (“P-BCR"). Will the Parliament vote prove to be the final kiss of death for the P-BCR?This article will argue that deleting the provisions on P-BCR would be a bad development for the international privacy world, and that good arguments should push the European legislators to retain the P-BCR in whatever will be the final output of the current EU privacy reform.

• Beardwood, John / Stern, Gabriel M.A., Entry into Force of Canada’s Anti-Spam Law, Getting to Know Canada’s New (and Very Broad) Anti-Spam Regime, CRI 2014, 44-47
  In July 2014 the first part (out of three) of Canada’s new anti-spam regime will enter into force. The new anti-spam regime focusses on the need to obtain the appropriate consent to send commercial electronic messages and to install unsolicited software programs. In effect, the new anti-spam regime is significantly broader in coverage than either of its US or European counterparts. After a brief overview over the entire new anti-spam regime and its explanatory material (I.), the article identifies ten key elements of the anti-spam regime concerning spam (II.) and unsolicited installed software programs (III.). Organizations ought to understand these key elements in order to assist with data protection compliance (IV.).

• CRI 2014, 48-52
• CRI 2014, 52-55
• CRI 2014, 55-58
• CRI 2014, 58-60
• CRI 2014, 61

Updates

• Rumyantsev, Andrey, Russia: Protection Against Anonymous Internet Defamation, CRI 2014, 62-63
• Lloyd, Ian, UK: NHS Data Woes, CRI 2014, 63
• Mahler, Tobias, Norway: Obituary for Professor Jon Bing, CRI 2014, 63-64

About the Authors

• About the Authors, CRI 2014, 64