Inside its newly created website section on GDPR, the Agencia Española de Protección de Datos (AEPD) has recently published three guidelines to assist organizations to comply with the new Regulation: The Guidelines for the data controllers (useful check list is included). Available (in Spanish) here. The Guidelines for entering into agreements between controllers and processors. […]
According to German data protection law, German data controllers must appoint a Data Protection Officer (“DPO“) in several cases, for example when ten or more people are involved in the automated processing of personal data. While an employee can be appointed as DPO, the appointee must be knowledgeable on data protection and must be reliable and independent. The […]
On December 13, 2016, EU Article 29 Data Protection Working Party “(WP29”) dealt with several critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and the Privacy Shield. It also dealt with the enforcement measures on cases having a cross-border effect. As for the GDPR’s implementation, the WP29 importantly adopted: […]
As of mid December 2016, around 1300 companies were active under the EU-US Privacy Shield, according to the US Department of Commerce official website. The Privacy Shield Framework has now been effective for almost 4 months and it replaced the Safe Harbor, which had around 5,500 participants by 2016. The US Department of Commerce, International Trade Administration (ITA), […]
On July 22, 2016, the European Data Protection Supervisor (EDPS) released Opinion 5/2016 on the review of the ePrivacy Directive (2002/58/EC). This Opinion focuses on the issues specifically requested by the EU Commission. Particularly, the EDPS suggested that “a new proposal on ePrivacy should guarantee confidentiality of communications, offer clarity and complement the General Data […]
On July 26, 2016, the Article 29 Working Party (WP29) released a statement on the decision of the European Commission on the EU-U.S. Privacy Shield. The statement refers to the Privacy Shield approved by the European Commission on July 12, 2016 (see here) and addresses the changes brought to the text of the document after […]
Interesting article discussing international data transfer between Europe and the U.S. Abstract: “In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union invalidated the EU-US Safe Harbour arrangement allowing personal data to be transferred to the US. The judgment affirms the fundamental right to data protection, defines an adequate level of […]
On April 28, 2016, the CCBE issued a paper about the standards necessary “to ensure that the essential principles of professional secrecy and legal professional privilege are not undermined by practices undertaken by the state involving the interception of communications and access to lawyers’ data for the purpose of surveillance and/or law enforcement”. Part I describes meaning and scope of […]
The California Attorney General released the California Data Breach Report (February 2016). The report is based on the notifications Californians to the Attorney General of breaches by businesses and government agencies (notification is required by law when affecting more than 500). The report analyzes breaches from 2012 through 2015. In 4 years, the Attorney General received […]
In its meeting of April 13, 2016 the WP29 issued a 57 pages opinion on the draft adequacy decision that the EU Commission made available on February 29, 2016. Together with the draft adequacy decision, the Commission disclosed a package of documents (including correspondence with its American counterparts). In order to give an opinion on […]