Articles Tagged with: GDPR
The Transparency in the Procedures to Make Public Decisions and Related Matters Law of 2022

by Nicoletta Epaminonda

The Transparency in the Procedures to Make Public Decisions and Related Matters Law of 2022 (“Law”) was enacted on 17 February 2022 by the Plenary Session of the House of Representatives. The aim of the Law is to establish a framework for the implementation of transparency for public decision-making, in relation to issues that concern the executive or the legislative branches of government, so as to deter circumstances that may allow or facilitate acts of corruption.

The latest available version of the Law’s text (which has not yet been published in the Official Gazette of the Republic) provides, inter alia, for the following:

  • The Independent Authority Against Corruption (IAAC) is the competent authority for exercising the powers and competences referred to in the Law
  • The Law is applicable to any representative of a special interest group that intends to become involved in public-decision making (with some exceptions)
  • A Register is to be kept by the IAAC, containing details of such representatives
    • Such representatives are to submit their details to the IAAC for inclusion on the Register prior to becoming involved in proceedings that involve public decision-making
    • Further details concerning the application for inclusion in the Register are included in Annex I of the Law
    • If an application for inclusion in the Register is rejected, the applicant can re-apply
    • Inclusion in the Register implies compliance with the Code of Conduct to be issued by the IAAC
    • if a person who has an obligation to provide their details for inclusion on the Register does not do so, and becomes involved in public decision-making, this is a criminal offence
  • The Register is to be made freely available on the IAAC’s website (some exceptions apply)
  • Within the first two weeks of every March, and within the first two weeks of every September, every person on the Register must submit to the IAAC a report in relation to any involvement it had in public decision-making which took place during the previous six months
    • This report is to be submitted in a format that the IAAC prescribes (further details are in Annex II of the Law)
    • Non-submission of such a report may be a criminal offence
  • A person included in the Register can be removed if:
    • it applies for removal;
    • it did not have any involvement with public decision-making for two (2) continuous years;
    • it is subject to bankruptcy / liquidation
    • it is convicted by a competent court for a relevant criminal offence
    • the IAAC decides to do so (in accordance with Part II of the Law)
  • Persons included in the Register and persons who are not obliged to submit their details for inclusion in the Register are, inter alia, allowed to:
    • receive information concerning the executive and/or legislative branch of government and relating to the sector or special interest group which they have declared
    • take part in a consultation relating to the sector or special interest group which they have declared
    • request a meeting with a government official who, by virtue of his or her position, has the responsibility to begin or amend the content of a public decision that relates to the sector which they have declared
  • When becoming involved in public decision-making, persons included in the Register and persons who are not obliged to submit their details for inclusion in the Register are, inter alia, obliged to:
    • show a form of identification
    • show proof of authorisation if acting for a legal person and declare the name of the legal person as well as their relationship with it
    • declare the special interest group on behalf of whom they are involved
    • declare the object of their involvement and result which they are hoping to achieve
  • Government officials are obliged to keep records of communications with persons included in the Register and persons who are not obliged to submit their details for inclusion in the Register, and such records are to be signed by both parties involved
    • Such records are to be submitted to the IAAC within two months from the date of the communication
    • Should the person included in the Register and/or person who is not obliged to submit their details for inclusion in the Register refuse to sign the record, the reasons for refusing to do so are to be noted
    • government officials who do not submit such records may be committing a criminal offence
  • Government officials are to declare conflicts of interest in public decision-making, declare them to the IAAC and recuse themselves from the relevant decision-making
    • Such declarations may be posted on the IAAC’s website (without always including the specific reasons)

NOTE: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter. You should not act on the basis of any content included in this article without seeking legal advice.

The new e-Privacy Regulation

by Michalis Fieros

Introduction

Over the past few years, the online environment has been evolving with tremendous speed. Internet users are at the epicentre of a continuous development and evolution. Apart from computers, all sorts of ‘smart’ devices which form part of our daily lives such as smart phones, TV sets and watches perform their various operations through their connection to the internet. Information which includes technical information, personal data and may also indicate personal preferences, is collected from such ‘smart’ devices, and shared with third parties for various purposes in processing operations which lack transparency.

The Current EU Regulatory Framework

Apart from the General Data Protection Regulation (GDPR), the protection of privacy in the sphere of electronic communications is currently regulated by the Privacy and Electronic Communications Directive (PECD) (also known as the ‘‘Cookie Directive’’), a Directive which entered into force in 2002.

 The new e-Privacy Regulation 

The EU’s initial aim was to enact the GDPR along with the new e-Privacy Regulation, which would repeal the PECD and reinforce trust and security within the EU digital market. Unfortunately, unlike the GDPR, the new e-Privacy Regulation is not yet finalized; however, indicative draft proposals are available.

The European Commission approved a first draft of the e-Privacy Regulation in January 2017, and this draft is still under discussion. Despite not having a final text yet, the numerous drafts contain important elements which give us some indications of the direction that the upcoming regulatory framework is taking.

Territorial Scope

The territorial scope of the latest draft mirrors the respective provisions of the GDPR. Under the latest draft (January 2021), the territorial scope of the e-Privacy Regulation is extended to entities located outside the European Union when dealing with end-users located within the EU.

Scope of Regulation

According to the latest draft, the e-Privacy Regulation applies to:

  • processing of electronic communications content and electronic communications metadata during the provision of electronic communications services;
  • the end-user’s terminal equipment information;
  • direct marketing communications to end-users;
  • provision of publicly accessible directories of users of electronic communications.

Consent

Under the available drafts, the elements of a valid consent under the GDPR are retained (informed, specific and freely given); however, a provision is included which allows for such a consent to be expressed via “appropriate technical settings”.

Apart from consent, under the latest draft the collection of information from an end-user’s terminal equipment is permissible where it is necessary:

  • for carrying out the transmission of an electronic communication over an electronic communications network;
  • for providing a service specifically requested by the end-user;
  • for web audience measurement;
  • for purposes of software updates, security, fraud prevention, the detection of technical faults as well as the location of technical equipment in cases of emergency .

Remedies and Administrative Fines

As in the case of the territorial scope, the latest draft of the upcoming e-Privacy Regulation mirrors the penalty regime of the GDPR. Organizations violating the e-Privacy Regulation may be handed down administrative fines of up to €20 million or 4% of their annual global turnover.

Persons who suffer “material or non-material damage” due to infringements of the e-Privacy Regulation will have the right to receive compensation from the infringer.

Lastly, natural or legal persons other than end-users adversely affected by violations of the e-Privacy Regulation shall have the right to bring legal proceedings in respect of such infringements.

Conclusion

We look forward to the finalised version of the text, so as to be able to advise clients on compliance.

NOTE: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter. You should not act on the basis of any content included in this article without seeking legal advice.

Presentation to IDEA

On 5 March 2020, George Taoushanis gave a presentation to the participants of the new (5th) IDEA cycle. In light of the coronavirus, the presentation was given via electronic means. Stay healthy and keep innovating! #startups #innovate

Online Management of Personal Data

On 7 February 2020, Achilleas Demetriades was a keynote speaker at an event on the “Online Management of Personal Data” organised by the Office of the Commissioner for Personal Data in collaboration with the Press and Information Office (PIO) and the Cyprus Online Publishers Association (COPA). The presentation can be accessed here. Photo reproduced with the PIO’s kind permission.

IP and Data Protection presentation in Nicosia

On 12 December 2019, Achilleas Demetriades, Nicoletta Epaminonda and Michalis Fieros gave a presentation on IP and Data Protection to the Press and Information Office. All photographs are sourced from the website of the Press Information Office and can be accessed here.

IP and Data Protection presentation in Limassol

On 11 December 2019, Achilleas Demetriades, Nicoletta Epaminonda and Michalis Fieros gave a presentation on IP and Data Protection in relation to photographs. The event was co-organised by the Cyprus University of Technology and the Association of Photographers. All photographs are sourced from the Facebook page of the Association of Photographers and are reproduced with permission.

 

Digital Agenda CY

On 15/16 October 2019, Michalis Fieros and George Taoushanis of our office attended this year’s Digital Agenda CY, one of the biggest tech conferences in the Mediterranean.