WP29 issues guidelines on data portability, DPO, and lead authority (and lays foundation for much more)

  On December 13, 2016, EU Article 29 Data Protection Working Party “(WP29”) dealt with several critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and the Privacy Shield. It also dealt with the enforcement measures on cases having a cross-border effect. As for the GDPR’s implementation, the WP29 importantly adopted: […]

Tags: ,

Privacy Shield update: around 1300 active participants after over 4 months from start

As of mid December 2016, around 1300 companies were active under the EU-US Privacy Shield, according to the US Department of Commerce official website. The Privacy Shield Framework has now been effective for almost 4 months and it replaced the Safe Harbor, which had around 5,500 participants by 2016. The US Department of Commerce, International Trade Administration (ITA), […]

Tags: ,

EDPS’s Opinion on Personal Information Management Systems

On October 20, 2016, the European Data Protection Supervisor (EDPS) published Opinion 9/2016 on Personal Information Management Systems, PIMS. The opinion acknowledges that the recently adopted GDPR provides for increased transparency, powerful rights of access and data portability, giving individuals more control over their data. However, the EDPS highlighted how market conditions and business practices can […]

Tags: , ,

The Italian DPA authorizes data transfer to the US under the Privacy Shield

On October 27, 2016, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) authorized the transfer of personal data to the U.S. according to the EU-US Privacy Shield. With its decision, the Italian DPA has aligned itself with to the European Commission’s decision of adequacy, which recognized the Privacy Shield as granting an adequate […]

Tags: ,

European cloud providers’ association issues data protection code of conduct

On September 27, 2016, the Cloud Infrastructure Services Providers of Europe (CISPE) announced the publication of the Data Protection Code of Conduct for Cloud Infrastructures Services. The CISPE comprises several major European cloud infrastructure providers. The code of conduct provides that the certified cloud infrastructure providers: will process and store data exclusively within the EU/EEA […]

Tags: , , ,

Privacy notices, transparency and control – ICO’s good practices

On October 25, 2016, the UK Information Commissioner’s Office (ICO) issued a revised code of practice and checklist on privacy notices, transparency and control. The code helps organizations required by the Data Protection Act 1998 (DPA) to “collect information about people, whether directly or indirectly” to provide transparent and accessible “privacy notices” to data subjects. The […]

Tags: ,

The privacy problem of cookie-free tracking methods: device fingerprinting

Cookie regulation in Europe is quite strict. In a previous blog we discussed the cookie law of France, Germany, Italy and the UK, focusing on information to users, user consent and consequences of violations. However, cookies are not the only method to track users. There are cookie-free tracking methods that are similarly invasive, for example […]

EU Data Protection – glossary

Thanking CORDERY, we gladly publish the EU Data Protection – glossary (originally published by Cordery at http://www.corderycompliance.com/eu-data-protection-regulation-glossary/) We’ve put together this glossary to help explain some of the terms used in data protection and in the GDPR. If there’s a term you think we should add let us know. Agencia de Proteccción de Datos = the Spanish […]

Tags:

European Data Protection Supervisor’s Opinion on the review of the ePrivacy Directive

On July 22, 2016, the European Data Protection Supervisor (EDPS) released Opinion 5/2016 on the review of the ePrivacy Directive (2002/58/EC). This Opinion focuses on the issues specifically requested by the EU Commission. Particularly, the EDPS suggested that “a new proposal on ePrivacy should guarantee confidentiality of communications, offer clarity and complement the General Data […]

Tags: ,

1 16 17 18 19 20 21