Free tools and resources for Data Protection Officers!

Tag Archives for " internet "

Latest bits on privacy and cybersecurity #3

This weeks collection of latest privacy, data protection and cyber-security news and interesting articles. Enjoy the reading!

Six month prison sentence to employee for data misuse

A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.

Continue reading »

EU ePrivacy Regulation proposed

Yesterday, January 10, 2017, European Commission announced its proposal for new Regulation on Privacy and Electronic Communications (ePrivacy Regulation) that will supplement General Data Protection Regulation (GDPR) and replace existing ePrivacy directive.

Aim of new ePrivacy regulation is to harmonise data protection framework relating to electronic communications within the European Union and ensure consistency with the GDPR. Main changes introduced by ePrivacy Regulation are:

  • Greater scope of coverage. If current ePrivacy Directive only applies to traditional telecoms operators, new rules will also cover new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber.
  • Same law to whole EU. Current Directive that has to be adapted into each Member State’s law will be replaced with a directly applicable Regulation meaning the same ruleas and protection for electronic communications.
  • Protection for content and metadata. Privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location). Under the proposed rules, operators will have to anonymis or deleted both content and metadata if users have not given their consent, unless the data is required, for instance, for billing purposes.
  • Simpler rules on cookies. Regulation will streamline so called “cookie provision” that resulted in an overload of consent requests for internet users. New rules will provide an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks. No consent will be needed for non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history) or cookies set by a visited website counting the number of visitors to that website.
  • Opportunities for new services. With a customers consent traditional telecoms operators will have more opportunities to use communications content and/or metadata data to provide additional services.
  • Protection against spam. Proposed Regulation bans unsolicited electronic communication by any means including emails, SMS and also by phone calls if users have not given their consent. Member States may opt for a solution that gives consumers the right to object to the reception of voice-to-voice marketing calls, for example by registering their number on a do-not-call list. Marketing callers will need to display their phone number or use a special pre-fix that indicates a marketing call.
  • More effective enforcement. The enforcement of the confidentiality rules in the Regulation will be the responsibility of national data protection authorities.

Commission emphasis that the proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.

Breaches of ePrivacy regulation will be punishable under GDPR and mean penalties up to EUR 20 million or 4% of the total worldwide annual turnover of company group, whichever is higher.

Read:

Dynamic IP address is personal data, rules CJEU

Yesterday (October 19, 2016) the Court of Justice of the European Union (CJEU) issued its judgment in case Patrick Breyer v. Bundesrepublik Deutschland, in which court recognizes that dynamic IP addresses registered by websites are personal data. CJEU followed the Opinion of the Advocate General delivered earlier this year.

In its decision CJEU concluded that website operators and other online services providers would have the means to identify the website user and that there is reasonable probability that such means be used, e.g. in case of cyber attacks. Therefore dynamic IP addresses shall be considered personal data.

Read press release and full text of judgement.

CISPE publishes Code of Conduct for Cloud Infrastructures Services

Cloud Infrastructure Services Providers in Europe (“CISPE”) – a relatively new coalition of more than 20 cloud infrastructure providers operating in Europe – has recently published its first Code of Conduct for Cloud Infrastructures Services.

The CISPE Code of Conduct:

  • Gives a framework to comply with the General Data Protection Regulation
  • Excludes the reuse of our customers’ data
  • Allows you to process and store your data exclusively in the EU
  • Idenfies which Cloud Infrastructure Services are suitable for the data processing that you wish to perform
  • Helps citizens regain control over their data

Service providers may demonstrate their compliance with the Code of Conduct with Trust Mark that can be verified on CISPE website.

Download Code of Conduct

World’s biggest Internet hub sues German government over surveillance

On September 9, 2016, the operator of the world’s largest Internet hub, De-Cix, filed lawsuit against the German government to stop mass surveillance by the German intelligence agency Bundesnachrichtendienst (BND). De-CIX is challenging the legality of orders from the BND to implement monitoring of communications flowing through its Frankfurt Internet exchange point. De-CIX insists that mass surveillance is illegal. Recently leaked Germany’s federal data protection commissioner’s secret report stating BND repeatedly broke law engaging in mass surveillance activities.

Read more here and here.

Dutch police seize VPN provider’s servers without any explanation

Dutch police have seized two servers belonging to Switzerland-based VPN provider Perfect Privacy. The VPN provider claims that Dutch police haven’t informed or contacted them about the reason servers were seized and about seizure they were informed by their hosting provider. Despite the seizure of servers, Perfect Privacy promises that no user data was compromised.

Full story

Darknet: Where Your Stolen Identity Goes to Live

This article tries to shed some light on how identity theft and the second life of stolen identities. Stolen identity information is freely available on Darknet.

Unfortunately, there is little individuals can do to protect themselves from identity thieves lurking on the Darknet to do them harm. For organizations, the best strategy is to educate users, consumers and protect personal data with the latest cybersecurity solutions.

Full article

Microsoft expands right-to-be-forgotten filtering for Bing in Europe

Recently Microsoft has revealed that it is expanding the coverage of “right to be forgotten” mechanism in Europe. Microsoft will now use location signals such as IP addresses to delist URLs on all versions of its search engine Bing.

If someone in France successfully requests delisting of a URL on Bing, in addition to delisting that URL from all applicable European versions of Bing, Bing will now also delist that URL for all searches of that person’s name — regardless of what version of Bing is being used — if the search originates from a location within France.

Full article

UNCTAD report on data flows and international trade

 

Recently United Nations Conference on Trade and Development (UNCTAD ) published a report on privacy and personal data protection law, trans-border data flow and their implications on international trade and development. The in-depth and substantive report also places a focus on developing nations.

UNCTAD report on Data protection

This study is a timely contribution to our understanding of how data protection regulations and international data fl ows affect international trade. It reviews the experience in different parts of the world and of different stakeholders. The study identifi es key concerns that data protection and privacy legislation need to address. It also examines the present patchwork of global, regional and national frameworks to seek common ground and identify areas where different approaches tend to diverge. The last part of the study considers possible future policy options, taking the concerns of all stakeholders into account.

Download report
>