Category Archives for "Publications"

Paper on encryption workarounds and human rights

On 12 September, European Digital Rights (EDRi) – an association of civil and human rights organisations from across Europe – published the position paper “Encryption Workarounds: a digital rights perspective”. Paper was published as a response to the European Commission’s expert consultation exercise around the Encryption Workarounds paper by Orin Kerr and Bruce Schneier.

EDRi’s position paper describes ways law enforcement authorities can use to access encrypted data within the framework of their investigations.

Download paper

Read also:

Latest papers on privacy and data protection – June

Recommendations for Implementing Transparency, Consent and Legitimate Interest under the GDPR

Centre for Information Policy Leadership (CIPL) published its paper on transparency, consent and legitimate interest under the GDPR.

Download paper

Designing Without Privacy

This Article presents findings from an ethnographic study of how, if at all, technologists doing the work of technology product design think about privacy, integrate privacy into their work, and consider user needs in the design process.

Access paper

Privacy and Human Behavior In the Age of Information

This review summarizes and draws connections between diverse streams of empirical research on
privacy behavior.

Read the review

User-Centered Privacy Communication Design

This paper describes a user-centered privacy policy design project at Stanford Legal Design Lab aimed to generate new models of business-to-consumer communications around data privacy.

Read paper

Internet of Things. Status and implications of an increasingly connected world.

US Government Accountability Office (GAO) released a technology assessment of the Internet of Things (IoT) for Congressional members of the IoT Caucus.

Read assessment

Latest papers on privacy and data protection – May

Kaleidoscope on the Internet of Toys

Report by the Joint Research Centre (JRC) on safety, security, privacy and societal questions emerging from the rise of the Internet of Toys – “Internet Connected Toys that constitute, along with the wave of other domestic connected objects, the Internet of Things”.

Read report

Who Watches the Watchers?

Report from Citi GPS: Global Perspectives & Solutions on how consumers are tracked, and how the data that is collected and analyzed, and how consumers feel about that.

Read report

Practical Guide to Efficient Security Response

Whitepaper on data breaches with proposals how to decrease response time. It includes seven security operations capabilities you need, a handy checklist to evaluate your security operations capabilities, and best practices for efficient security response.

Download whitepaper

Assessing Mobile App Data Privacy Risk

paper on mobile-risk scoring and how to do that in practice. It was carried out by IAPP and Kryptowire and is based on input of 400 privacy professionals.

Read summary of paper

UN Report on Governmental Surveillance

UN Special Rapporteur on the Right to Privacy, Joseph Cannataci, presented his report on governmental surveillance and access to personal data from a national and international perspective.

Read report

How  to Talk About the Right to Privacy at the UN

A brief guide on United Nations stand on privacy. Guide is prepared by Privacy International.

Read guide

Be Compromise Ready: Go Back to the Basics. 2017 Data Security
Incident Response Report

Survey on data security and incident response trends, and how to minimise data breach risks.

Read survey

Annual Report of the Data Protection Commissioner of Ireland

Annual report of the Data Protection Commissioner of Ireland for yer 2016.

Read report

Certifications, Seals and Marks under the GDPR and Their
Roles as Accountability Tools and Cross-Border Data Transfer
Mechanisms

Discussion paper on Certifications, seals and marks under the GDPR prepared by Centre for Information Policy Leadership. It looks at regulation provided in GDPR and benefits of such mechanisms.

Read paper

Recent ICO guidances and feedback requests on GDPR

Recently UK Information Commissioner Office (ICO) published several GDPR guidances and requests for public feedback.

Guidance on consent

In March ICO published draft guidance on consent under the EU GDPR. Guidance was opened for public feedback till March 31, and ICO now aims to publish this guidance in May 2017.

Our guidance on consent explains our recommended approach to compliance and what counts as valid consent. It provides practical help to decide when to rely on consent, and when to look at alternatives. It also explains the key differences with the DPA and gives advice about existing DPA consents.

Reed the feedback on ICO’s guidelines:

Feedback request on profiling and automated decision-making

In April ICO published its feedback request on profiling and automated decision-making. It represents ICO’s initial thoughts on certain aspects of profiling in the GDPR, however, ICO warns, it should not be interpreted as guidance. Responses will help to form ICO’s contribution to the WP29 guidelines that will be published later this year.

The discussion paper published today highlights the key areas of profiling we feel need further consideration. This includes subjects like marketing, the right to object and data minimisation – and we want your feedback. We’d like to hear the views of our stakeholders and get examples of best practice before 28 April 2017.

Call for Feedback on GDPR derogations

ICO has published its call for feedback on derogations under GDPR.

For all derogations, stakeholders are encouraged to submit their views through the online ‘Call for Views’, uploading research and/or data where relevant. This exercise is to capture views on if and how the government should implement the defined flexibilities permitted within the GDPR.

Consultation closes at midday on 10 May 2017.

Update on paper on big data

In March ICO published updated version of paper on big data, artificial intelligence and machine learning. This paper sets out the ICO’s views on issues and how they relate to the GDPR.

Balancing the interests in big data processing

A paper from Anons looks at challenges to big data analytics under upcoming GDPR (General Data Protection Regulation) and legal solutions to them. Although new obligations imposed by the GDPR, they do require new technical and organizational measures to protect big data.

The body of this paper describes in detail the regulatory background, technological innovations, and practical applications of Controlled Linkable Data, leading to the maximization of data value and individual privacy in a GDPR-compliant manner.

Download paper

DPAs to issue GDPR guidance

Chair of the Article 29 Working Party, Isabelle Falque-Pierrotin, has promised that EU Data Protection Authorities will issue the first parts of their guidance on the EU Data Protection Regulation (GDPR) soon after their plenary meeting on 12-13 December. She also invited companies to provide their input to the Article 29 Working Party’s action plan for next year.

Companies are awaiting guidance from Working Parties and  Data Protection Authorities to sooner and better adjust their business practices and policies with upcoming data protection law. Guidance can be expected on Data Protection Officers (DPOs), data portability and designation of lead data protection authorities.

Source: http://www.privacylaws.com/Int_enews_01_12_16

Irish DPC issues guidance on anonymisation and pseudonymisation

In August 2016, Data Protection Commissioner (“DPC”) of Ireland published guidance on the use of data anonymisation and pseudonymisation. Guidance provides recommendations on effective use of anonymisation and pseudonymisation techniques.

Anonymisation and pseudonymisation techniques help organisations to better comply with security requirements of data protection law. General Data Protection Regulation (GDPR) encourages organisations to use pseudonymisation techniques while effectively and irreversibly anonymised data is not “personal data” and the data protection principles do not to such data.

Read the guidance

Working Party Issues Results of the GDPR Workshop

Article 29 Working Party (Working Party) has published a summary of the discussions that took place at its Fablab workshop entitled “GDPR/from concepts to operational toolbox, DIY”.

Workshop gathered more than 90 participants. Among them were 40 representatives from data protection authorities. Aim of Fablab was to discuss with representatives of industry, civil society, academics and relevant associations certain operational and practical issues identified in the Action Plan of the Working Party regarding the General Data Protection Regulation (GDPR).

Working Party organised the Fablab workshop to help it develop best practices and guidelines for the implementation of the GDPR, in particular with respect to the following topics:

(A) the delivery of guidelines on the Data Protection Officer ;
(B) the development of guidelines on the format, scope and modalities of Data Portability ;
(C) the production of a methodology and templates for Data Protection Impact Assessment, including the definition of guidance related to risk assessment in the GDPR, and finally ;
(D) the definition of criteria and mechanisms relating to certification and certification bodies.

Read Results of the discussion

1 2 3
>