ACI-001 Online Ad Campaign r7_response 728x90

(Feb 26, 2015) As a long-term loyal and eager reader of the IAPP Europe Data Protection Digest, it is a real honour being the guest editor for this issue. Over the last days I have been doing my homework digging into the news to find something “juicy” that would best fit this appointment and that could engage readers. It is not an easy task and all my appreciation goes to Rita Di Antonio, whose articles have always been able to lure the readers' attention. The fact is that there is so much going on in that i... Read More

Europe Data Protection Digest

Room: Companies Shouldn’t Wait for GDPR

(Feb 26, 2015) In a speech Tuesday, European Commissioner for Digital Economy and Society Günther Oettinger said the EU should create a single law to protect its citizens' data from Facebook and Google, USA Today reports. "Americans are in the lead. They have the data, the business models and the power,” Oettinger said, warning tech giants must do more to comply with the EU's data protection rules or face being "thrown out of the single market." Meanwhile, PwC Legal Partner Stewart Room, CIPP/E, has suggested ... Read More

Europe Data Protection Digest

Garante Fines Were Up 20 Percent in 2014

(Feb 26, 2015) The Italian Data Protection Authority, the Garante, imposed privacy-related fines totaling about EUR 5 million, up about 20 percent over the 2013 total, Telecompaper reports. The sanctions applied to both public entities and private companies and mainly concerned privacy violations, a Garante newsletter explains. The Garante “carried out a total of 385 checks, issued 577 administrative fines and reported 39 cases to the courts,” the report states. The Garante noted the fines "mainly referred to cases of nondisclosure, unlawful treatment of data, and failure to notify the regulator and users of violations of personal data.” Read More

Europe Data Protection Digest

DPA Selects Nymity Privacy Management Accountability Framework

(Feb 26, 2015) Nymity has announced the signing of a long-term cooperative agreement with Bulgaria’s Commission for Personal Data Protection to support the commission's accountability initiatives. “By applying the Nymity Privacy Management Accountability Framework in compliance with the EU and the Bulgarian data protection framework, and considering the Bulgarian data controllers' needs,” Chairman of the Board for the Personal Data Protection Ventsislav Karadjov said, the commission “lays down the necessary pr... Read More

Europe Data Protection Digest

Gemalto Releases Findings; UK Attorney-Monitoring Called Unlawful; French Decree Challenged

(Feb 26, 2015) Following recent news that the U.S. National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) infiltrated and stole the encryption keys of the world's largest SIM card manufacturer, Gemalto has said it has “reasonable grounds to believe that an operation by NSA and GCHQ probably happened," but the hack was limited to office networks "and could not have resulted in a massive theft of SIM encryption keys." Meanwhile, The Guardian reports, “The regime under which UK in... Read More

Europe Data Protection Digest

Hawkes Rules Out Tech Company Post

(Feb 26, 2015) Former Data Protection Commissioner (DPC) Billy Hawkes will not be taking a position with a tech company, The Irish Independent reports. Hawkes, who was until recently “one of Ireland's most senior civil servants, said he would not take on a job that risked a conflict of interest accusation,” the report states, noting Ireland DPC staff “are highly coveted by private industry,” and citing the example of Deputy DPC Gary Davis who joined Apple as head of European privacy. Hawkes, however, “is unlik... Read More

Europe Data Protection Digest

ICO Takes Various Actions; NHS Register Concerns Persist; Motorist Info Published Online

(Feb 26, 2015) In his Global Privacy Dispatches for this week’s edition of The Privacy Advisor, Brian Davidson, CIPP/E, reports on recent actions by the Information Commissioner’s Office (ICO). Davidson discusses the ICO’s report on how community healthcare providers deal with data privacy issues and the ICO’s new powers to audit NHS authorities, while separately, The Guardian reports that in Scotland, “plans to expand an NHS register to cover all residents and share access with more than 100 public bodies” ar... Read More

Europe Data Protection Digest

Exploring the Semantics of PII

(Feb 26, 2015) The age-old dichotomy between privacy lawyers and engineers can often be a difficult hurdle to overcome. Last year, Profs. Peter Swire, CIPP/US, and Annie Antón discussed why engineers and lawyers need to get along. An essential part of making the connection between both disciplines, writes Security Specialist Ian Oliver, in this first in a series of posts for Privacy Tech, is by creating a grounded semantics through which lawyers and technicians can speak. One solid place to start, he writes, is grounding it in the term "personally identifiable information." Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

First Data the First With Double BCRs Through ICO

(Feb 26, 2015) U.S.-based First Data began its effort to win approval for its binding corporate rules (BCRs) in 2007, back when the process was young and still evolving. This month, the UK Information Commissioner's Office (ICO) officially recognized the multinational payment solutions company's BCRs for data processors. Now able to boast that it's been approved for both processors and controllers, First Data is also the first company to have done so under the purview of the ICO. First Data CPO John Atkins, Chief Compliance Officer Carmen Menendez-Puerto and Chief Control Officer Cindy Armine-Klein discuss the process with Angelique Carson, CIPP/US, in this exclusive for The Privacy Advisor. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Regulation May Be Moving Away from One-Stop-Shop Mechanism

(Feb 26, 2015) “Ireland will not retain sole control over privacy disputes involving companies such as Facebook and Apple under new rules agreed on Wednesday allowing any of its European peers to challenge Irish rulings,” Reuters reports. Had a proposed one-stop-shop mechanism been approved, businesses operating in the EU would only have dealt with the regulator where they have their primary European base. But, according to anonymous sources, member states that did not want their regulators to lose policing powers over multinationals pushed for a change allowing any concerned authority to object to a decision, triggering the intervention of the still-to-come European Data Protection Board, the report states. Ministers still have to sign off on Wednesday’s decision when they meet next month. Read More

Daily Dashboard, Europe Data Protection Digest