(May 21, 2015) Greetings from Brussels! Recently there have been a number of articles in the media related to the retention of metadata, which essentially refers to the retention of information concerning Internet and mobile phone usage. This is an important area of privacy development and also highly controversial. Only recently in Australia, both houses of Parliament voted in favor of legislation that obliges telecommunication companies and Internet service providers (ISPs) to store customers’ metadata&mda... Read More

Europe Data Protection Digest

After DAPIX’s Hard Work, GDPR Stage Is Set

(May 21, 2015) The road toward a revamped data protection mandate in the EU has been a long and arduous one, but this week news came out of Brussels that may inch the region-wide project closer to completion. DAPIX, the Data Protection and Information Exchange, held its last meeting on the General Data Protection Regulation under the current Latvian Presidency, writes Promontory’s John Bowman, CIPP/E, “in anticipation of a general approach agreement being reached on the text at the meeting of the Justice and Home Affairs Council on June 15-16.” In this post for Privacy Perspectives, Bowman discusses the latest news out of Brussels as well as the hard work of DAPIX members and the many other hands involved in creating what will surely be historic privacy legislation. Read More

Europe Data Protection Digest

ICO Calls for Practice Approach

(May 21, 2015) Information Commissioner Christopher Graham doesn’t want regulators left behind amidst the technological changes affecting personal data’s use. That’s according to a report in ComputerWeekly on the 2015 European Conference of Data Protection Authorities (DPAs). “The digital revolution has implications for every aspect of our lives—as citizens, as consumers, as individuals,” Graham said, noting DPAs “need to get practical.” Meanwhile, Computerworld reports on a survey that indicates only “o... Read More

Europe Data Protection Digest

Policy-Makers: Data Will Only Be Stored in the Country

(May 21, 2015) EurActiv reports “policy-makers have moved to strengthen data retention laws, insisting that information will only be stored in Germany, and for much shorter periods, after the European Court of Justice struck down EU legislation that required data storage for longer periods.” Other changes from an earlier draft include requiring metadata to be retained a significantly shorter time than the six months originally proposed, Ars Technica reports. Citing a 55-page draft of the data retention law pub... Read More

Europe Data Protection Digest

Surveillance, Hacking Laws Raise Questions

(May 21, 2015) The UK government has "quietly" changed a law to exempt “intelligence agencies from prosecution for hacking computers, phones and networks,” ZDNet reports, noting Privacy International has indicated “it was told ‘hours’ prior to a hearing of its claims against GCHQ, the UK's electronic spy agency, that the UK government had rewritten the Computer Misuse Act to permit its intelligence agencies to conduct cyberattacks.” Meanwhile, PBS reports on the recent passage of France’s surveillance law by t... Read More

Europe Data Protection Digest

Ruling Could Open Breach Compensation “Floodgates”

(May 21, 2015) SC Magazine reports on the ruling in Google vs. Vidal-Hall two months ago, suggesting it “potentially has huge ramifications” and quoting one lawyer who said it “could open the floodgates to data breach compensation claims.” It’s a decision that IAPP Vice President of Research and Education Omer Tene described in Privacy Perspectives as “a landmark case.” In other breach-related headlines this week, BBC News reports the UK Information Commissioner’s Office (ICO) has fined South Wales Police 160,... Read More

Europe Data Protection Digest

Classroom Software Supplier Updates Privacy Policy

(May 21, 2015) Following pressure from The Netherlands’ Data Protection Agency, CBP, Dutch company Snappet has changed its privacy policy, Telecompaper reports. The CBP investigated the “supplier of tablets and software for the classroom” in September amidst concerns Snappet “was not handling pupil results in line with personal data protection law,” the report states. Snappet had compared student results “without the written order of schools involved” and did not sufficiently protect student data, the report states, noting the “CBP has now approved its conditions for handling the data and ended its investigation.” Read More

Europe Data Protection Digest

Draft Text: Fines for RTBF Violations Would Increase

(May 21, 2015) EurActiv reports that EU ambassadors have agreed to a draft text proposed by Latvia—which currently holds the rotating presidency of the EU—that would implement three levels of fines for businesses that violate the EU’s data protection overhaul. The levels range from one-half percent to two percent of an organization’s annual global turnover. Failure to “erase personal data in violation of the right to erasure and ‘to be forgotten’” would be included in the second category of a one-percent fine. If all of the sections of the reform proposal are agreed upon, EU ministers could endorse the entire text at their mid-June meetings, the report states, and trialogue discussions between member state representatives and the European Parliament would commence. Read More

Daily Dashboard, Europe Data Protection Digest

Uber Ups the Privacy Ante with New Hires

(May 21, 2015) Sabrina Ross, CIPP/US, formerly of Apple, is joining Uber’s privacy team in the midst of the company’s initiative to improve its privacy processes. “At Uber, she’ll specifically work on privacy aspects of regulatory and policy issues. She’ll also be reviewing the privacy practices of Uber’s partnerships with companies like Spotify, Starwood and American Express,” Re/Code reports. Ross will be joining the likes of Chief Security Officer Joe Sullivan and Managing Counsel Katherine Tassi, who previously served as Facebook’s head of data protection. The focus on privacy has, according to an Uber report, resulted in improvements. “Uber has dedicated significantly more resources to privacy than we have observed of other companies of its age, sector and size,” the review said. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Member States Calling for Transparency from Internet Giants

(May 21, 2015) Ahead of a European Council meeting on proposed cybersecurity rules, France, Germany and Spain are hijacking the debate in hopes of using the rules to “boost control and surveillance over Internet companies, claiming they are critical to their economies and communication networks,” Politico reports. The proposal requests that Internet firms offer “greater transparency” to the EU and that firms outside the EU “report security breaches to national regulators in each member state,” similar to the burden placed on European telecom companies. “Nevertheless,” the report states, “the proposed rules will likely add to the long list of disputes pitting European authorities against U.S. tech firms.” Read More

Daily Dashboard, Europe Data Protection Digest