Continue reading »
Continue reading »
Following on from the article published on the dataprotection.blog on 24 January 2018 “French GDPR Implementation Bill – for French Data Protection Authority (“CNIL”) it could not come soon enough!”, Charlotte Gerrish provides us with the latest update on the status of the French GDPR Implementation Bill which, after surviving an attack of “unconstitutionality” before the French Constitutional Council, is now on its way into force.
As we stated back in January 2018, the French legislature had been fairly slow in pushing forward with the implementation of the GDPR into French national law. The progress of the Bill had not been without issues. On 16 May 2018, just 9 days before the GDPR was due to come into force, at least 60 French senators referred the Bill to the Constitutional Council claiming that certain provisions were unconstitutional and therefore contrary to French law and public policy (Affaire No. 2018-765 DC).
Continue reading »
While some tend to portray new European Union (EU) General Data Protection Regulation (“GDPR”) as menacing Apocalypse coming from nowhere, fact is that GDPR is an “upgrade” of existing EU data protection laws. EU Data Protection Directive (Directive 95/46/EC) was adopted already in 1995. In some countries – like Germany and Sweden – data protection laws were introduced even much earlier – in 1970s and 1980s.
GDPR keeps the basic principles of Data Protection Directive and ads new “layer” to it, aiming to unify data protection in all EU countries and bring more rights and control over data use back to individuals. In fact, GDPR incorporates guidance of data protection authorities and best practice in data protection. There almost nothing in GDPR that wouldn’t already exist somewhere. For example, data protection by design and by default principle originated back in 1980s, data protection officers already are mandatory requirement in Germany, and breach notification exist in communication sector for years.
Continue reading »
If you are a regular reader of the dataprotection.blog, you probably already have a high level understanding of the EU General Data Protection Regulation, otherwise known as the “GDPR”.
The development of the digital era has forced us to rethink the framework that is applicable to personal data.
– French Minister of Justice, Nicole Belloubet, 13th December 2017
As you may be aware, the Member States are slowly but surely debating implementing legislation in order to transpose the GDPR into national law, in accordance with their own procedural requirements. France is no exception. As such, on 13th December 2017, Nicole Belloubet, the Minister of Justice presented the bill which sets out how France shall implement the provisions of the GDPR into existing French Data Protection Law to the French Council of Ministers.
Continue reading »
Report by the Joint Research Centre (JRC) on safety, security, privacy and societal questions emerging from the rise of the Internet of Toys – “Internet Connected Toys that constitute, along with the wave of other domestic connected objects, the Internet of Things”.
Report from Citi GPS: Global Perspectives & Solutions on how consumers are tracked, and how the data that is collected and analyzed, and how consumers feel about that.
Whitepaper on data breaches with proposals how to decrease response time. It includes seven security operations capabilities you need, a handy checklist to evaluate your security operations capabilities, and best practices for efficient security response.
paper on mobile-risk scoring and how to do that in practice. It was carried out by IAPP and Kryptowire and is based on input of 400 privacy professionals.
UN Special Rapporteur on the Right to Privacy, Joseph Cannataci, presented his report on governmental surveillance and access to personal data from a national and international perspective.
A brief guide on United Nations stand on privacy. Guide is prepared by Privacy International.
Survey on data security and incident response trends, and how to minimise data breach risks.
Annual report of the Data Protection Commissioner of Ireland for yer 2016.
Discussion paper on Certifications, seals and marks under the GDPR prepared by Centre for Information Policy Leadership. It looks at regulation provided in GDPR and benefits of such mechanisms.
Recently UK Information Commissioner Office (ICO) published several GDPR guidances and requests for public feedback.
In March ICO published draft guidance on consent under the EU GDPR. Guidance was opened for public feedback till March 31, and ICO now aims to publish this guidance in May 2017.
Our guidance on consent explains our recommended approach to compliance and what counts as valid consent. It provides practical help to decide when to rely on consent, and when to look at alternatives. It also explains the key differences with the DPA and gives advice about existing DPA consents.
Reed the feedback on ICO’s guidelines:
In April ICO published its feedback request on profiling and automated decision-making. It represents ICO’s initial thoughts on certain aspects of profiling in the GDPR, however, ICO warns, it should not be interpreted as guidance. Responses will help to form ICO’s contribution to the WP29 guidelines that will be published later this year.
The discussion paper published today highlights the key areas of profiling we feel need further consideration. This includes subjects like marketing, the right to object and data minimisation – and we want your feedback. We’d like to hear the views of our stakeholders and get examples of best practice before 28 April 2017.
ICO has published its call for feedback on derogations under GDPR.
For all derogations, stakeholders are encouraged to submit their views through the online ‘Call for Views’, uploading research and/or data where relevant. This exercise is to capture views on if and how the government should implement the defined flexibilities permitted within the GDPR.
Consultation closes at midday on 10 May 2017.
In March ICO published updated version of paper on big data, artificial intelligence and machine learning. This paper sets out the ICO’s views on issues and how they relate to the GDPR.
On February 23, 2017, the French Data Protection Authority CNIL launched a public online consultation on three topics – consent, profiling and data breach notification – regarding the implementation of the EU General Data Protection Regulation (“GDPR”). Those are the same topics earlier this year identified by Article 29 Working Party in its Action plan.
With this consultation CNIL aims to collect specific questions regarding the GDPR, potential difficulties in interpreting the GDPR, and examples of best practices. Responses will be also used in Article 29 Working Party discussions.
In December the Article 29 Working Party (WP29), an advisory body made up of all the EU national data protection authorities, has published three long awaited guidelines and frequently asked question (FAQ) on General Data Protection Regulation (GDPR). Guidelines covers following topics:
You can submit any additional comments on guidelines until the end of January 2017.
A paper from Anons looks at challenges to big data analytics under upcoming GDPR (General Data Protection Regulation) and legal solutions to them. Although new obligations imposed by the GDPR, they do require new technical and organizational measures to protect big data.
The body of this paper describes in detail the regulatory background, technological innovations, and practical applications of Controlled Linkable Data, leading to the maximization of data value and individual privacy in a GDPR-compliant manner.
Yesterday, January 10, 2017, European Commission announced its proposal for new Regulation on Privacy and Electronic Communications (ePrivacy Regulation) that will supplement General Data Protection Regulation (GDPR) and replace existing ePrivacy directive.
Aim of new ePrivacy regulation is to harmonise data protection framework relating to electronic communications within the European Union and ensure consistency with the GDPR. Main changes introduced by ePrivacy Regulation are:
Commission emphasis that the proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.
Breaches of ePrivacy regulation will be punishable under GDPR and mean penalties up to EUR 20 million or 4% of the total worldwide annual turnover of company group, whichever is higher.