GDPR Archives - Page 3 of 10 - SHIP IP LTD

Excavation of the Canal had taken ten years, using forced labor and rudimentary mechanical equipment.

Construction had been opposed by British interests, who feared competition in trade with India. Once the Canal opened and proved successful, British interests acquired a majority ownership.

The Canal was closed to shipping during the Suez Crises of 1956-57 and during the Arab-Israeli Wars of 1967 and 1973. In 2008, over 21,000 ships transited the Canal, earning the Government of Egypt over $5 billion in tolls.

On August 6, 2015, a second lane to the Canal has been completed and placed into service.

Source: maritimecyprus

Responding to the increasing threat of cyber-attacks in the maritime sector, Bureau Veritas (BV), a specialist in testing, inspection, and certification, and insurance consultancy major BESSÉ have announced a partnership to support shipowners to improve their cyber security and cyber insurance.

This partnership will see BESSÉ and BV combine their expertise to help shipping stakeholders manage the risk of cyber-attacks, which has risen in recent years, particularly for shipowners. This will also be key to help them comply with International Maritime Organization (IMO) and International Association of Classification Societies (IACS) requirements.

Bureau Veritas helps shipowners and operators develop and implement an effective cyber security strategy on ships and ashore. To this end, BV has developed a set of rules (NR 659) which make up a framework for assessing maritime cyber security.

This framework enables BV to assess the level of cyber risk for shipowners/operators and to recommend organizational, technical and procedural measures to reduce this risk to an acceptable level. This process includes:

• conducting a complete inventory of equipment, systems and networks connected at sea and on land;
• conducting a cyber risk analysis to identify vulnerable systems and equipment;
• developing and implement a cyber risk management policy;
• ensuring the effective implementation of technical and organizational procedures;
• enabling shipowners/operators to ensure compliance with IMO cyber security requirements.
• validating the management of cyber risk on board through an additional Class Notation.

BESSÉ then responds to the identified risks through insurance solutions, by helping shipowners transfer part of the cyber risk to insurers, according to a statement.

As many insurance companies now require their clients to demonstrate high standards for cyber risk management, BESSÉ builds on the results of the systems optimization achieved though BV’s rules to assist its clients in presenting these risks to insurers.

“Managing cyber risk is still a new challenge for companies in general, and shipowners and operators in particular. This is why we are delighted to partner with Bureau Veritas to offer tailor-made solutions for our clients,” said Gildas Tual, Director of BESSÉ Maritime and Logistique.

This partnership is in line with several initiatives in this field. For several years, shipping companies have been regular targets of intrusions and attempted attacks on their information systems.

Coming together under the Secretariat General de la Mer, several French stakeholders are providing a coordinated response. Working in parallel to IMO’s work on adapting regulation to help shipowners put appropriate protection measures in place, the Cyber Council of the Maritime World (C2M2) was created, of which BESSÉ and BV are members. Moreover, a France Cyber Maritime Association was created at the end of 2020.

Source: container-news

The maritime patrol aircraft market report offers a comprehensive analysis of the strategies adopted by vendors and the trends, drivers, and challenges affecting the market size. The growing marine threats are projected to significantly support market growth during the forecast period. However, the growing adoption of strategic bombers in maritime patrol will hamper the market.

Technavio analyzes the market by Type (maritime patrol fixed-wing aircraft and maritime patrol rotorcraft) and Geography (North America, APAC, Europe, South America, and MEA). This report presents a detailed picture of the market by the way of study, synthesis, and summation of data from multiple sources by an analysis of key parameters.

42% of the maritime patrol aircraft market growth will originate from APAC during the forecast period. China and Japan are the key markets for maritime patrol aircraft in APAC. The maritime patrol aircraft market share growth by the maritime patrol fixed-wing aircraft segment will be significant. From the maritime patrol aircraft market segmentation insights, players can achieve maximum market response by understanding the target consumers.

Companies Mentioned

• Airbus SE
• BAE Systems Plc
• Embraer SA
• Kawasaki Heavy Industries Ltd.
• Leonardo Spa
• Lockheed Martin Corp.
• RUAG Group
• Saab AB
• Thales Group
• The Boeing Co.

Source: prnewswire

Responding to the increasing threat of cyber-attacks in the maritime sector, Bureau Veritas and insurance consultancy major BESSÉ have announced a partnership to support shipowners with tailored solutions to improve their cyber security and cyber insurance.

This partnership will see BESSÉ and BV combine their complementary expertise to help shipping stakeholders manage the risk of cyber-attacks, which has risen in recent years, particularly for shipowners. This will also be key to help them comply with IMO and IACS requirements.

To helps shipowners and operators develop and implement an effective cyber security strategy on ships and ashore BV has developed a set of rules (NR 659) which make up a framework for assessing maritime cyber security. This framework enables BV to assess the level of cyber risk and to recommend organizational, technical and procedural measures to reduce this risk to an acceptable level. This process includes:
• conducting a complete inventory of equipment, systems and networks connected at sea and on land
• conducting a cyber risk analysis to identify vulnerable systems and equipment
• developing and implement a cyber risk management policy;
• ensuring the effective implementation of technical and organizational procedures
• enabling shipowners/operators to ensure compliance with IMO cyber security requirements
• validating the management of cyber risk on board through an additional Class Notation.
BESSÉ then responds to the identified risks through insurance solutions, by helping shipowners transfer part of the cyber risk to insurers. As many insurance companies now require their clients to demonstrate high standards for cyber risk management, BESSÉ builds on the results of the systems optimization achieved though BV’s rules to assist its clients in presenting these risks to insurers.

Gildas Tual, Director of BESSÉ Maritime and Logistique, said: “Managing cyber risk is still a new challenge for companies in general, and shipowners and operators in particular. This is why we are delighted to partner with Bureau Veritas to offer tailor-made solutions for our clients.”

Matthieu de Tugny, President of Bureau Veritas Marine & Offshore, said that BV’s “evidence-based picture” assessing the cyber resilience of a ship or a fleet “provides the basis for the insurance industry to meet the new expectations of shipowners and operators.”

Coming together under the Secretariat General de la Mer, several French stakeholders are providing a coordinated response to maritime cyber risk. Working in parallel to IMO’s work on adapting regulation to help shipowners put appropriate protection measures in place, the Cyber Council of the Maritime World (C2M2) was created, of which BESSÉ and BV are members. Moreover, a France Cyber Maritime Association was created at the end of 2020.

Source: shipmanagementinternational

Source: wamu

The Abraham Accords set in motion enhanced maritime security and defense capabilities in the Eastern Mediterranean.

The UAE, Bahrain, the U.S. and Israel cooperated in a five day exercise in the Red Sea to reinforce defense and security relationships in the maritime domain,.

Vice Admiral Brad Cooper, commander of NAVCENT, U.S. 5th Fleet and Combined Maritime Forces, said: “It is exciting to see U.S. forces training with regional partners to enhance our collective maritime security capabilities. Maritime collaboration helps safeguard freedom of navigation and the free flow of trade, which are essential to regional security and stability.”

Last week, Israeli Air Force F-15s escorted two US B-1B strategic heavy bombers and a KC-10 refueler over Israeli airspace on their way to the Gulf.

It was the second such flight in two weeks.

According to an IDF statement, it was “a significant step in maintaining the security of the skies of the State of Israel and the Middle East”.

Last month, the IDF held their Blue Flag exercise with seven other air forces, including the USAF, the RAF and other European partners, which including Egypt, Jordan, Bahrain and Saudi Arabia.

As one source noted: “More joint military exercises among Abraham Accord partners are also anticipated in the future.”

The U.S. Fifth Fleet is headquartered in Bahrain.

During my two visits to Bahrain in 2019, I had a chance to talk about the evolving defense and security capabilities being reshaped in the region and in October 2019 provided a presentation on the final day of the BIDEC 2019 Conference.

One of the subjects which I raised during my presentation was the coming of maritime autonomous systems and the value to Bahrain of such systems,.

Significant investments are being made in Bahrain in science and technology, and applications to he maritime autonomous systems domain make a great deal of sense.

Also, the ISR capabilities which such systems can provide to Bahrain as a pillar for their evolving information base for security and defense also make a great deal of sense as well.

Source: sldinfo

The Coastguard has released jaw-dropping footage of an air rescue, with the crew on board a stricken yacht off Salcombe ‘just minutes from death’.

Abi Wild, the winch paramedic who came to the couple’s rescue, says: “They were the worst conditions I’ve ever faced, and probably the most dangerous rescue I’ve been involved in.”

The couple from Essex were rescued by the Coastguard as their Transworld 41 yacht broke up in bad weather on the rocky Salcombe coastline. Mark Morrow and Deborah Mitchell were sailing to Gibraltar for a trip of a lifetime having recently moved onto their yacht, the 17-ton Lady Rosemary.

Source: marineindustrynews

London.UK. At least seven workers lost their lives while scrapping vessels on the beach of Chattogram in what is the worst quarter in terms of number of accidents in Bangladeshi shipbreaking history, NGO Shipbreaking Platform today reported.

“Few weeks ago, seven separate accidents that killed five workers were reported by the Platform. Since then, two more fatalities occurred. On September 18, Liton Paul, 26 years old, fell from the ORO SINGA (IMO 9171838) during cutting operations at SN Corporation yard. On September 29, a falling iron plate took the life of Taslim, 36 years old, on the MEDAN (IMO 9002207) at a yard owned by Kabir Steel group.

The ORO SINGA was sold by Indonesian company Selebes Sarana for more than $9m in Batam, Indonesia. Before reaching the shores of Sitakunda, the vessel was reflagged to Comoros and renamed SINGAPURA. It was said to have around 400 tonnes of sludge on board that needed to be removed prior recycling. According to shipping databases, the cash buyer involved in the sale was GMS, one of the most well-known dealers of end-of-life ships. GMS, which is behind a significant share of the total tonnage beached in the Indian subcontinent every year, praises itself as a sustainable leader of the sector. Yet, it keeps dealing with the worst shipbreaking destinations on the planet. Twelve accidents, causing nine deaths and twelve injures, have been registered at SN Corporation since 2009. In 2021 alone, two workers died and five suffered severe burns at the yard. GMS has also been linked by media and civil society to several toxic trade scandals, at least three of which are currently being criminally investigated by enforcement authorities in the UK and Iceland”

Source: humanrightsatsea

On August 20, 2021, the National People’s Congress Standing Committee finally passed the Personal Information Protection Law, which aims to establish a personal information protection system with Chinese features and, meanwhile, in line with international standards. It provides a variety of rights for personal information subjects to strengthen their control of personal information, while imposing strict obligations to personal information handlers. The law shall enter into force on November 1, 2021, leaving companies less than three months to prepare for their compliance obligations. Therefore, we would introduce the law in comparison to the EU General Data Protection Regulation to help companies better understand the key points and provide companies with preliminary guidance.

The publication of the EU General Data Protection Regulation (“GDPR”) in April 2016 (effective May 2018) may be regarded as the beginning of a wave of data privacy rules across the globe. Following the trend, China passed its first comprehensive law regulating personal information protection on August 20, 2021, namely the Personal Information Protection Law^[1] (“PIPL”), which will come into effect on November 1, 2021.

As a law dedicated to personal information protection, the PIPL tracks the GDPR in many perspectives. For example, both laws enjoy extraterritorial reach, provide various rights for personal information subjects, impose high administrative fines (PIPL sets a fine up to RMB 50 million or 5% of annual revenue) for infringements, and set joint liability upon the entities who jointly conduct data processing activities. However, the PIPL retains unique Chinese features, reflecting the government’s regulatory approach toward personal information, especially from the perspectives of cross-border personal information transfer and the public interest litigation system. In short, in addition to protecting the rights and interests of personal information subjects, the PIPL also aims to safeguard national security and public interests.

Considering the PIPL would significantly impact the Chinese data protection legal framework, companies need to heed China’s “GDPR.”  To better understand the regulations of the PIPL, we would compare it with the GDPR in the following aspects:

TERRITORIAL SCOPE

According to PIPL Article 3, the law primarily regulates how personal information^[2] is handled within the territory of the People’s Public of China (“PRC”), regardless of whether the entity that conducts handling activities has an establishment within the PRC.

As cross-border data transfers are essential in a globalized world, entities outside of China routinely may come into the possession or control of personal information relating to natural persons in China. The possession or control of this data adds both the risks for personal information infringement and the difficulty of personal information protection. It is thus important to include clauses for extraterritorial reach in the data protection legislation to better protect the interests of individuals, as well as maintain social stability and national security.

Therefore, it is not surprising to see that both the GDPR and the PIPL provide provisions regarding extraterritorial effects. PIPL Art. 3 states that it shall also apply to handling activities outside the territory of the PRC regarding the personal information of natural persons inside the territory of the PRC under certain circumstances. Examples include the provision of products or services from outside of the PRC to natural persons within the PRC. Other instances include where an entity outside of the PRC analyzes or assesses activities of natural persons within the PRC.

These concepts within the PIPL are not unfamiliar. The GDPR also applies to the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to the offering of goods or services to such data subjects in the EU or the monitoring of their behavior takes place within the EU. To confirm whether the processing activities are related to the offering of goods or services, the GDPR further clarifies that, factors such as the use of a generally used language or currency in the States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the EU may be considered, which to some extent helps us better understand the provision in the PIPL.

RIGHTS OF THE PERSONAL INFORMATION SUBJECTS

The PIPL provides abundant rights for personal information subjects, such as the right to know, the right to decide on, and the right to limit or refuse the handling of their personal information by others. Individuals also enjoy the right to access and copy their personal information from personal information handlers,^[3] the right to request correction or completion of their personal information, the right to withdraw consent, and the right to request that personal information handlers explain the handling rules. Under certain circumstances, the PIPL grants individuals the right to delete, such as when the handling purpose has been achieved, is impossible to achieve, or is no longer necessary to achieve.

Although adopting different terms, the data subjects enjoy similar rights under the GDPR, such as the right of access, the right to rectification, the right to be forgotten, the right to object, etc. It is worth noting that the PIPL imposes higher obligations on the personal information handlers regarding the individual’s right to know. For example, when providing personal information to other parties, regarding the scope of notification of the recipients’ information, while the PIPL requires personal information handlers to notify individuals about the name/personal name and contact method of the receiving party, the data controller only needs to notify the data subjects about the categories of recipients under the GDPR.

In addition, the GDPR provides individuals with the right to data portability, which also appears in the PIPL after its third review. PIPL Art. 45 states that where individuals request that their personal information be transferred to a personal information handler they designate, if such request meets conditions set up by State cyberspace administrations, personal information handlers shall provide a channel to transfer it. The GDPR provides more clear regulations regarding this right, stating that the data shall be transferred in a structured, commonly used and machine-readable format, and the data subject shall only exercise the right under certain circumstances, i.e., when the lawful basis for processing the data is consent or for the performance of a contract, and the processing is carried out by automated means. It is recognized that the right to data portability better enables the individual’s control of personal information and to some extent promotes the data flow between different platforms. However, it may generate technical difficulties for small-scale businesses as well as aggravate unfair competition between companies for data assets. Considering PIPL Art. 45 emphasizes that the right to data portability shall be exercised subject to the conditions set by the State cyberspace administrations, we can anticipate that the administrations will release further regulations to better implement the rule.

PERSONAL INFORMATION EXPORT MECHANISMS

The PIPL imposes clear obligations on the provision of personal information to any foreign parties. PIPL Art. 38 provides three mechanisms for exporting personal information out of the PRC, depending on the type of personal information handlers who need to provide personal information outside the PRC for business or other such purposes.

Critical information infrastructure operators^[4] and personal information handlers processing personal information reaching certain volumes shall store personal information collected and produced within the PRC domestically. Where such personal information must be provided across borders, the PIPL requires that such cross-border provision pass a security assessment administered by the State cyberspace administrations. Unfortunately, there is a lack of clear guidance on assessment procedures and standards at the current stage.

As for other personal information handlers, the PIPL provides two additional mechanisms for their cross-border personal information provision needs, namely 1) obtaining personal information protection certification; or 2) concluding a standard contract formulated by the State cyberspace administrations with the foreign receiving party.

The two export mechanisms can also be found in the GDPR. GDPR Art. 46 stipulates that a controller or processor may (in the absence of an adequacy decision) transfer personal data to a third country or an international organization only if the controller or processor has provided appropriate safeguards, and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available. GDPR recognizes, inter alia, both standard contractual clauses and approved certification mechanisms as “appropriate safeguards.”

However, the PIPL also provides exemptions for the above mechanisms that the provision of personal information abroad can be conducted in the ways stipulated in the treaties or international agreements concluded or acceded to by the Chinese government.

Overall, the PIPL imposes more restrictions on the cross-border provision of personal information than the GDPR does. The PIPL provides fewer legal bases for the export of personal information. Additionally, to provide personal information abroad, personal information handlers shall conduct a personal information protection impact assessment in advance, fulfill its notification obligations to the individual, and obtain the individual’s separate consent, as well as adopt necessary measures to ensure that foreign receiving parties’ personal information handling activities reach the standard of protection provided in the PIPL.

LEGAL LIABILITIES

Many companies are quite concerned about the GDPR due to its tough fines, which could be up to €20 million, or 4% of a company’s worldwide annual revenue from the preceding financial year, whichever amount is higher. The PIPL also may fine up to RMB 50 million or 5% of a company’s turnover in the previous year (it is unclear how the 5% will be calculated and whether it refers to turnover in China or worldwide). The authorities may also order the suspension of related business activities, or cessation of business for rectification, cancellation, or corresponding professional licenses or business permits.

The directly responsible person in charge and other directly responsible personnel are fined up to RMB 1 million and may also be prohibited from holding the positions of director, supervisor, high-level manager, or personal information protection officer for a certain period.

In addition to the administrative liabilities mentioned above, the PIPL provides civil and potential criminal liabilities. Civil liabilities include penalties for damages and losses to the individual. Joint personal information handlers would bear joint liability if their personal information handling activities harm individuals’ personal information rights and interests and result in damages. PIPL Art. 70 further establishes a public interest litigation system, stating that the People’s Procuratorates (the Prosecutor General’s Office in common parlance), statutorily designated consumer organizations, and organizations designated by the State cyberspace administrations may file a lawsuit if the rights and interests of many individuals are infringed by the personal information handlers. Criminal liability would be pursued depending on the type of violation.

CHINA-SPECIFIC PROVISIONS

As mentioned above, the PIPL provides some provisions with strong national features, which indicates that the government has considered personal information protection to be an important issue for national security. For example, PIPL Art. 41 prohibits personal information handlers to provide any personal information stored within the PRC to any foreign judicial or law enforcement agencies without approval of the authorities. PIPL Arts. 42-43 further provide regulations for extraterritorial and reciprocal protection systems, specifying that the government may put the foreign entities on a list limiting or prohibiting personal information provision if they engage in any personal information handling activity harming the national security or public interests of the PRC, and adopt retaliatory measures against any country or region adopting discriminatory prohibitions, limitations, or other similar measures against the PRC in the area of personal information protection.

To summarize, the protection of personal information in China is not only a matter of securing the rights and interests of personal information subjects, but also an essential element of national security and public interests.

OBSERVATIONS AND SUGGESTIONS

As analyzed above, although the PIPL draws great inspiration from the GDPR, the PIPL imposes higher compliance obligations on companies from certain perspectives. For example, when transferring personal information abroad, individual’s “separate consent” of cross-border personal data transfer is required under PIPL. Therefore, companies that fall in the regulatory scope of the PIPL shall develop their compliance system accordingly, instead of relying on the GDPR system. It is worth noting that the PIPL would come into effect within less than three months, which would be a great challenge for companies due to its strict penalties and stringent obligations placed.

In this regard, we would suggest companies start considering the questions that may arise from the new law, such as:

• Does the company need to set up a local data center?
• Does the company need to update its data processing agreement with its third-party data processors?
• How shall the company update its internal policies, such as personal information policies for employees or consumers?
• What export mechanism can the company adopt in order to achieve its data transfer needs with foreign affiliates?

Considering the PIPL is overall legislation establishing the data protection framework and provides general principles for personal information handling activities and personal information handlers’ obligations, it somehow lacks detailed explanations. It is anticipated that the authorities would release further regulations and rules to provide companies with more guidance and implement the supervision work step-by-step.

Source: winston

OSMs recruitment services help maritime and offshore businesses who want to recruit the right people with the right expertise by increasing the speed of delivery and secure quality and compliance.

OSM Recruitment team has extensive experience across all types of vessels and offshore units. OSM has the industry’s leading pool of candidates where seafarers and offshore specialists register their CV and profile. Additionally, we have offices around the world on locations relevant to our clients and candidates. As a result, OSM can connect your business with talented seafarers and offshore specialists across the globe, being your recruitment partner in the maritime and offshore industry.

Source: osm.no