Skip to content

Information Matters: Data & Privacy roundup - GDPR text progresses, 'Panama Papers' leak, WhatsApp gets encrypted



1. General Data Protection Regulation adopted by the European Council and Parliament 

On 6 April 2016, the European Council published a new text (available here) of the General Data Protection Regulation ("GDPR"). This has been revised somewhat since the text that was published on 15 December 2015, although the changes are largely aesthetic (for example, reordering of certain sentences to improve their readability, adjusting the numbering of recitals (preamble text) and articles where the previous text had added or removed whole provisions – so "Article 17a" is now "Article 18", and so on). While there are some clarifications in the Council's text which may affect the GDPR's interpretation (for example, references to "individuals" are replaced throughout by references to "natural persons"), these are not, we think, substantive from a legal perspective.

Following the Council’s changes, the revised GDPR text has now also been formally adopted by the European Parliament – as confirmed in a statement from the European Commission released yesterday (14 April 2016). Once translated, the GDPR will be published in the Official Journal of the European Union, and will come into force exactly two years later (i.e. in Summer 2018).

2. The 'Panama Papers': what are the implications of Panamania?

"Model citizen, zero discipline" screamed David Lee Roth on track number three – "Panama" – of Van Halen's best-selling album, "1984".  However, he was not singing about those who make use of Panama's financial or legal services industries but rather the driver of a rather fast and recklessly driven car named 'Panama' (probably).  32 years after that song was released, it races around my head as I read story after story concerning the 'Panama Papers', which earlier this month made headline news around the world.  This concerns a vast leak of c. 11.5 million documents from Mossack Fonseca, a Panamanian law firm which apparently represents some very wealthy people who sought to move their assets away from the countries where they are resident (including British Prime Minister David Cameron's late father, Ian, which in turn has reopened a national debate about tax avoidance (which is legal) and tax evasion (which is illegal) in the UK – and has resulted in some minor skirmishes in Parliament).

While the national (and international) conversation concerning taxation and 'offshoring' of wealth will no doubt charge on, what implications (if any) are there for lawyers and others with an interest in information law?  It seems to me that some of the things to think about include: client confidentiality and whether law firms the world over can and should be doing more to protect their clients' information both from external 'hackers' and internal 'leakers' (for example, perhaps, using the kind of protocols and technologies that are used in some banks to monitor employees' access to confidential and inside information – noting this recent FCA report) and, indeed, what action law firms may need to take to review anti-money laundering and 'know your client' procedures, which seems to be a priority for the Solicitors Regulation Authority, which has written to several UK law firms named in the 'Panama Papers' in order to "ask for assurances they have looked into the matter and have acted appropriately" and is "liaising with other authorities with an interest" (including the FCA).

Finally, here's a fascinating (and short) piece from the Nieman Foundation at Harvard which explains how the 'Panama Papers' leak came about, involving a coordinated effort of hundreds of journalists from the International Consortium of Investigative Journalists over two years, liaising with an unknown source who contacted German newspaper Süddeutsche Zeitung using an encrypted chat service.  If that isn't worthy of Hollywood making a 'Panama Papers' film, I don't know what is – and of course Van Halen have already written the soundtrack.

3. WhatsApp follows Apple's lead by adopting end-to-end encryption

Finally, instant messaging service WhatsApp (owned by Facebook since February 2014 and used by more than a billion people worldwide) has announced on its blog (and indeed already rolled out) "full end-to-end encryption" for its apps, meaning that messages are scrambled as they leave the sender's device and can only be decrypted by the recipient's device. This encryption will be applied to all messages sent through WhatsApp messaging services, including text messages, photos, videos and even voice messages. Encryption is now applied by default and makes any messages or files being transferred through WhatsApp's servers unreadable for potentially prying eyes, including governments, hackers and even WhatsApp itself as the service provider. This move sees WhatsApp stand shoulder-to-shoulder with Apple, which openly defied US law enforcement recently by refusing to allow the US government a 'back-door key' to the operating system of the iPhone.

It will certainly be interesting to see how governments around the world respond to this development and indeed whether any other major technology companies follow suit by introducing encryption technologies in their own products and services (our prediction is they most certainly will).  However, my view is that those who wish to carry out criminal activity without attracting the attention of the authorities have almost always used 'non mainstream' (and fully encrypted) means of communication; WhatsApp has simply given such people the ability to do so without downloading more apps.

If you require further information on anything covered in this briefing please contact Alan Baker ([email protected]; 020 3375 7441)  or your usual contact at the firm on 020 3375 7000.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP,  April 2016

Want to know more?

Contact us

About the authors


Alan Baker


Alan advises on all aspects of data protection law, commercial contracts and the use of information and intellectual property assets, as well as commercial regulatory issues. He helps clients to balance the sometimes competing objectives of minimising compliance risks and maximising commercial rewards.

Alan advises on all aspects of data protection law, commercial contracts and the use of information and intellectual property assets, as well as commercial regulatory issues. He helps clients to balance the sometimes competing objectives of minimising compliance risks and maximising commercial rewards.

Email Alan +44 (0)20 3375 7441
Back to top