As the economy becomes increasingly data focused, telecoms markets across the Middle East are changing considerably. The policy framework has not always kept pace with this rapid change, and aspects of telecoms regulations are now outdated. However, personal data protection and public-private partnership (PPP) laws are starting to affect telecoms contracts and investments. Specifically, PPP laws are enabling recourse to alternative dispute resolution methods, including arbitration.
The Irish media merger regime has a long history and remains a complex part of Irish regulatory law and politics. Given the recent sharp increase in mergers of Irish and global media businesses – reflecting dramatic levels of decline in 'traditional' media consumption and 'e-substitution' leading to pressure to consolidate – the Irish media merger regime is affecting all corners of the global industry.
The Israeli Securities Authority (ISA) recently published a position statement, according to which, in cases of significant cyberattack, public companies must examine the need to issue an immediate report to their investors notifying them of the attack. While the position statement was meant only to clarify the ISA's view regarding the law and not to change the legal situation, it highlights the challenges involved in dealing with cyber events.
Following the General Data Protection Regulation's (GDPR's) entry into force, the legislature asked the Data Protection Authority to review and update the so-called 'general authorisations' that it issued to allow the processing of sensitive data in the absence of the data subject's consent. Drawing on Article 9 of the GDPR, the Data Protection Authority subsequently issued Provision 146/2019, which sets out the requirements for processing special categories of data in employment relationships.
With a view to balancing private sector interests and the protection of individual rights, in 2015 the legislature decided that personal data collected through the remote monitoring of employees can be used for disciplinary purposes if employers provide employees with information regarding the scope and purpose of said processing. A recent case established what type of remote monitoring is permitted in the absence of providing the required data protection information.
The Court of Cassation recently rejected a bank's appeal and found that its employee had been entitled to access evaluation documents which had led to disciplinary measures being taken against him. Although the case concerned the regulation of access to personal data under the now rescinded Privacy Code, the decision sets out principles which remain valid under the EU General Data Protection Regulation and further strengthen the rights of data subjects with regard to how their data is processed.
The Criminal Court of Cassation recently confirmed a Milan Court of Appeal judgment which found that an employee who had emailed confidential data to a colleague who was not authorised to access said information had committed the crime of unauthorised access to a computer system under Article 615ter of the Criminal Code. The decision confirms that employers, as data controllers, must take appropriate security measures to ensure the integrity of information systems and data.
The Unfair Competition Prevention Act was recently amended to afford new legal protection to Big Data. Although this new legal protection is expected to increase data use, in order to qualify as protected data, data must be managed accordingly. Thus, all parties which use Big Data in their business should review their management systems, internal rules and agreements regarding the handling of data in order to ensure that such data can fall under the definition of protected data set out in the act.
The widely publicised amendments to the Act on the Protection of Personal Information recently came into force. In addition to changing how companies must handle personal information, the amendments reflect a significant shift in how such obligations are regulated and enforced. They also mark the establishment of the Personal Information Protection Commission, which will be the regulatory body responsible for managing and ensuring compliance with the amended act.