The author illustrates the types of information collected by the US Government differentiating among data collected by: Non-law enforcement government agencies – Mostly routine information that the government needs to operate and is not collected for intelligence or law enforcement purposes Intelligence and law enforcement agencies – Information swept up in government spying and surveillance […]
On February 9, 2018, Working Party 29 (WP29) published the Working document on Adequacy Referential (wp254). The paper provides guidance to the European Commission and the WP29 for the assessment of the level of data protection in third countries and international organizations by “establishing the core data protection principles that have to be present in […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01). Advances in the capabilities of big data analytics, as well as the widespread availability of personal data on the internet and from Internet of Things (IoT) devices can allow aspects of […]
On January 24, 2018 the EU Commission published a guidance to foster uniform application of the GDPR across the EU. The Commission also made available an online tool for SMEs (the tool was not working on January 25, 2018 but we are confident the error in the page will be solved soon: http://europa.eu/rapid/europa.eu/dataprotecti on) Here the EU Commission’s press release. […]
On January 8, 2018, the FTC announced that VTech Electronics Limited and its US subsidiary (VTech) agreed to settle with the Federal Trade Commission (FTC) a claim that the companies violated children’s privacy through the commercialization of some connected toys. Allegedly VTech violated COPPA (Children’s Online Privacy Protection Act of 1998) by collecting personal information from children […]
In this constitutional challenge to the 2013 amendments to sections 766.106 and 766.1065 of the Florida Statutes requiring claimants in a medical malpractice claim to disclose certain protected health information (PHI) and to consent to secret, ex parte interviews between health providers and defendant , the Florida Supreme Court held that the requirements were unconstitutional and […]
On October 24, 2017, Advocate General Bot issued his preliminary opinion in case C‑210/16, opining on the definition of a data controller, applicable national law, and jurisdiction under EU data protection law under Directive 95/46/EC. The opinion is not binding but if followed by the European Court of Justice (CJEU), EU companies that have been […]
In a post of January 5th, Nigel Houlden, the Head of Technology Policy of ICO (the United Kingdom Data Protection Authority) gives organizations recommendations on how to deal with Meltdown and Spectre and protect people’s personal data. As it is now well known, three connected vulnerabilities have been found in Intel’s, AMD’s, and ARM’s processors which could […]
On October 18, 2017, the EU Commission published its report on the first annual review of the EU-U.S. Privacy Shield. The report reflects the Commission’s findings on the implementation and enforcement of the EU-U.S. Privacy Shield framework in its first year of operation. According to the EU Commission, the Privacy Shield “continues to ensure an […]