Colin Hinds



Read full biography at

Colin Hinds is an associate in our Technology Companies Group in London and specialises in data privacy and related matters.

Prior to joining Orrick, Colin worked for a global regulatory consulting firm primarily supporting clients with data privacy assessments and developing and implementing privacy compliance programmes.
  • Advised clients from various sectors on conducting privacy impact assessments and data privacy audits involving customer and employee data.

  • Advised a global financial services company on a group-wide programme to address the requirements of the General Data Protection Regulation and to secure Binding Corporate Rules.

  • Advised a banking client on compliance and risk aspects of its international data transfers and vendor management procedure.

  • Advised clients from various sectors on the data privacy risks of major technology and business transformation programmes.

Posts by: Colin Hinds

EU Proposes Overhaul to Privacy and Electronic Communications

NIS Directive

January 10, 2017 marked another important step towards reform of the EU data protection framework, with the release of the EU Commission’s proposals for a new Regulation governing privacy and electronic communications.

The draft Regulation, which goes beyond the scope of the current e-Privacy Directive in significant ways, would apply directly without the need for Member States to implement local law in the same way as the General Data Protection Regulation (“GDPR”). Like the e-Privacy Directive, the Regulation sets out rules on, among others, the use and confidentiality of electronic communications and metadata, use of cookies and direct marketing by electronic means.

The main aims of the draft Regulation are to update the ePrivacy Directive to reflect new technologies and to better align it with GDPR. In addition to taking effect on the same day as the GDPR (25th May, 2018), penalties for non-compliance envisaged by the draft Regulation are the same as the GDPR, (i.e. potentially fines of €20m or 4% of annual global turnover, whichever is higher).