The Information Commissioner Officer (ICO) published the data sharing code of practice. The document is a statutory code, issued by the under section 52 of the Data Protection Act (meaning that the code has been approved by the Secretary of State laid before Parliament). It is not an authoritative statement of the law but […]
On April 24, 2017, the European Data Protection Supervisor (EDPS) released Opinion 6/2017 on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation Proposal). The EDPS welcomes the Proposal for the Regulation. There is a need of “a specific legal tool to protect the right to private life guaranteed by Article 7 […]
On May 16, 2017, the French, Belgian and Dutch members of the Data Protection Contact Group published the results of their investigations after WhatsApp issued its new privacy policy in August 2015, after joining Facebook. See here. The DPAs all over the world watched the changes closely and several EU authorities initiated national investigations to verify, […]
On May 11, 2017, the Italian Antitrust Authority (Garante della Concorrenza e del Mercato “ICA”) found that WhatsApp infringed the Italian Consumer Code. In particular, according to the ICA, WhatsApp forced the users of its service “to accept in full the new Terms of Use, and specifically the provision to share their personal data with Facebook, […]
On April 4, 2017, the Working Party 29 (WP29) released Opinion 1/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC) – wp247 (ePrivacy Regulation Proposal). The WP29 welcomes the Proposal for the Regulation. However, it expressed several points of concern and suggested amendments. The European Commission, along with the European Parliament and the European […]
What data controllers should do before receiving a possible subject access request As a data controller, you obviously know it: one day you may receive an access request from a data subject. Being available to promptly comply with the request when you receive it is far from being enough. Indeed, there is much more that […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
Nel giugno del 2016, l’Autorità per la protezione dei dati personali (di seguito anche DPA) di Amburgo, in accordo con le altre presenti in Germania, si è occupata della compatibilità di Google Analytics con la normativa nazionale sulla protezione dei dati. Le indicazioni che sono emerse dal provvedimento dell’Autorità di Amburgo appaiono a un primo […]
Tags: DATA PROTECTION, INTERNATIONAL DATA PROTECTION, US PRIVACY
According to the Irish Data Protection Authority (DPA) the hearing before the Irish High Court brought by the DPA against Facebook Ireland Ltd and Mr Schrems over EU-US data transfers will possibly take another additional week (or two addition weeks) to conclude. More information on the case is available here. According to the available sources (see […]
According to this source, in February 2017, an Italian judge for the preliminary investigations (usually referred as “GIP”, from Giudice per le Indagini Preliminari) ordered to obscure a website hosted in the US allegedly violating the privacy of an Italian citizen. The latter had found that his personal data had been published on the website […]