Consent to data processing should not be consideration for a free service, EDPS says

  On March 14, 2017, the European Data Protection Supervisor (EDPS) released Opinion 4/2017 on the 2015 Proposal for a Directive (1) on certain aspects concerning contracts for the supply of digital content  (1) on certain aspects concerning contracts for the supply of digital content and  (2) on certain aspects concerning contracts for the online and […]

Tags: ,

Conflict of interest under the recently issued WP29’s opinion on DPO

Francesca Giannoni-Crystal and Cristina Vicarelli In Section 3.5 of Article 29 Working Party (WP29)’s Guidelines on Data Protection Officer (“DPOs”) (“Opinion”), the WP29 discusses the issue of conflict of interest for DPO. See here for more information on this opinion. The WP29 points out that while Article 38(6) GDPR allows a DPO to perform “other tasks and duties”, […]

Tags: ,

Cyber Insurance: ENISA’s report on the last four years’ developments

The European Union Agency for Network and Information Security (ENISA) released an interesting report “to raise awareness for the most impactful market advances, by shortly identifying the most significant cyber insurance developments for the past four years – during 2012 to 2016 – and to capture the good practices and challenges during the early stages […]

Tags:

Bavarian DPA sanctions appointment of IT manager of company as DPO

According to German data protection law, German data controllers must appoint a Data Protection Officer (“DPO“) in several cases, for example when ten or more people are involved in the automated processing of personal data. While an employee can be appointed as DPO, the appointee must be knowledgeable on data protection and must be reliable and independent. The […]

Tags: ,

WP29 issues guidelines on data portability, DPO, and lead authority (and lays foundation for much more)

  On December 13, 2016, EU Article 29 Data Protection Working Party “(WP29”) dealt with several critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and the Privacy Shield. It also dealt with the enforcement measures on cases having a cross-border effect. As for the GDPR’s implementation, the WP29 importantly adopted: […]

Tags: ,

Privacy Shield update: around 1300 active participants after over 4 months from start

As of mid December 2016, around 1300 companies were active under the EU-US Privacy Shield, according to the US Department of Commerce official website. The Privacy Shield Framework has now been effective for almost 4 months and it replaced the Safe Harbor, which had around 5,500 participants by 2016. The US Department of Commerce, International Trade Administration (ITA), […]

Tags: ,

EU Digital Clearing House to protect privacy in the age of big data

On September 23, 2016, the European Data Protection Supervisor (EDPS) announced the intention to set up a Digital Clearing House to promote a more coherent enforcement of EU privacy rules. With Opinion 8/2016, Coherent enforcement of fundamental rights in the age of big data, the EDPS drew attention to the “concentration of market power and […]

Tags: ,

European Data Protection Supervisor’s Opinion on the review of the ePrivacy Directive

On July 22, 2016, the European Data Protection Supervisor (EDPS) released Opinion 5/2016 on the review of the ePrivacy Directive (2002/58/EC). This Opinion focuses on the issues specifically requested by the EU Commission. Particularly, the EDPS suggested that “a new proposal on ePrivacy should guarantee confidentiality of communications, offer clarity and complement the General Data […]

Tags: ,

1 2 3 4 12