Free tools and resources for Data Protection Officers!

Tag Archives for " EU Commission "

Paper on encryption workarounds and human rights

On 12 September, European Digital Rights (EDRi) – an association of civil and human rights organisations from across Europe – published the position paper “Encryption Workarounds: a digital rights perspective”. Paper was published as a response to the European Commission’s expert consultation exercise around the Encryption Workarounds paper by Orin Kerr and Bruce Schneier.

EDRi’s position paper describes ways law enforcement authorities can use to access encrypted data within the framework of their investigations.

Download paper

Read also:

Commission launches consultation on ENISA

European Commission has launched public consultation on the evaluation and review of the European Union Agency for Network and Information Security (ENISA, whose current mandate will come to an end in 2020). ENISA is the Agency of the European Union tasked with contributing to the enhancement of the overall level of cybersecurity of the EU and its Member States.

The European Commission wants all interested stakeholders to share their views on ENISA’s past performances, as well as on a possible revision of its mandate in view of new challenges the EU faces in the cybersecurity field.

The consultation is open until 12 April 2017.

More information

EU ePrivacy Regulation proposed

Yesterday, January 10, 2017, European Commission announced its proposal for new Regulation on Privacy and Electronic Communications (ePrivacy Regulation) that will supplement General Data Protection Regulation (GDPR) and replace existing ePrivacy directive.

Aim of new ePrivacy regulation is to harmonise data protection framework relating to electronic communications within the European Union and ensure consistency with the GDPR. Main changes introduced by ePrivacy Regulation are:

  • Greater scope of coverage. If current ePrivacy Directive only applies to traditional telecoms operators, new rules will also cover new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber.
  • Same law to whole EU. Current Directive that has to be adapted into each Member State’s law will be replaced with a directly applicable Regulation meaning the same ruleas and protection for electronic communications.
  • Protection for content and metadata. Privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location). Under the proposed rules, operators will have to anonymis or deleted both content and metadata if users have not given their consent, unless the data is required, for instance, for billing purposes.
  • Simpler rules on cookies. Regulation will streamline so called “cookie provision” that resulted in an overload of consent requests for internet users. New rules will provide an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks. No consent will be needed for non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history) or cookies set by a visited website counting the number of visitors to that website.
  • Opportunities for new services. With a customers consent traditional telecoms operators will have more opportunities to use communications content and/or metadata data to provide additional services.
  • Protection against spam. Proposed Regulation bans unsolicited electronic communication by any means including emails, SMS and also by phone calls if users have not given their consent. Member States may opt for a solution that gives consumers the right to object to the reception of voice-to-voice marketing calls, for example by registering their number on a do-not-call list. Marketing callers will need to display their phone number or use a special pre-fix that indicates a marketing call.
  • More effective enforcement. The enforcement of the confidentiality rules in the Regulation will be the responsibility of national data protection authorities.

Commission emphasis that the proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.

Breaches of ePrivacy regulation will be punishable under GDPR and mean penalties up to EUR 20 million or 4% of the total worldwide annual turnover of company group, whichever is higher.

Read:

EU will start adequacy talks with Japan and Korea

In its communication published yesterday, January 10, 2017, the European Commission announced it will proactively engage in discussions on reaching “adequacy decisions” with key trading partners in East and South-East Asia, starting with Japan and Korea in 2017. Adequacy decisions allow the free flow of personal data from European Union (EU) to countries with adequate or “essentially equivalent” data protection rules to those in the EU.

Besides East and South-East Asia also will open discussion with interested countries of Latin America and the Europe. Also, Commission states that it can now adopt adequacy decisions for the law enforcement sector, particular territory of a third country or a specific sector or industry within a third country.

Read EU Commision’s communication

>