Francesca Giannoni-Crystal and Cristina Vicarelli In Section 3.5 of Article 29 Working Party (WP29)’s Guidelines on Data Protection Officer (“DPOs”) (“Opinion”), the WP29 discusses the issue of conflict of interest for DPO. See here for more information on this opinion. The WP29 points out that while Article 38(6) GDPR allows a DPO to perform “other tasks and duties”, […]
Article 37(5) General Data Protection Regulation (GDPR) does not list with particularity the professional skills that should be considered when designating the Data Protection Officer (“DPO”). It provides: The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability […]
Starting on February 7, 2017, the Irish High Court will hear a case brought by the Irish Data Protection Authority (DPA) against Facebook Ireland Ltd and Mr Schrems over EU-US data transfers after the Snowden disclosures. After the ECJ invalidated the “Safe Harbor” decision, Facebook performed its data transfer to the US using the “Model Clauses”. Mr. Schrems […]
European Court of Justice — Case C‑13/16 On January 26, 2017, the Advocate General (AG) to the Court of Justice of the European Union (CJEU) Mr. Bobek opined that there is no legal obligation for a data controller under EU data protection law to disclose data enabling the identification of a person allegedly responsible for an administrative offence. In […]
On November 10, 2016, the Eleventh U.S. Circuit Court of Appeals held that merely exposing sensitive data is not reasonably likely to harm consumers. LabMD operated as a clinical laboratory and as part of its business, receives patients’ sensitive personal information, which included their names, birthdates, addresses, and Social Security numbers. LabMD’s billing manager allegedly […]
On Tuesday, January 31, 2017, a lively panel discussed The Shifting Paradigm of Data Security: Intelligence & Big Data. The German Center for Research and Innovation and the European American Chamber of Commerce organized the event. The panel included Joanna Burkey, Chief Information Security Officer, at Siemens, Joseph V. DeMarco, Partner at DeVore & DeMarco […]
On November 4, 2016, Der Spiegel, a German newspaper, reported about an ongoing investigation on Facebook over hate posts. According to the complaint filed in Hamburg, Facebook is allegedly not removing illegal content, such as racist or violent posts, from its pages – even after being requested to do so. More information is available here in English. For […]
The Advocate General (AG) of the Court of Justice of the European Union (ECJ) opined on the right to be forgotten in companies’ registers: no right to be forgotten there. In case C-393/15, the Corte di Cassazione (the Italian Supreme Court) asked the ECJ to clarify the right of individuals to be forgotten, to have their […]
We would like to inform you of the proposed changes to the Russian Code of the Administrative Offences (hereinafter the “Code of Administrative Offenses”). These changes are aimed at increasing and differentiating administrative liability for violation of Russian personal data protection legislation. On January 11, 2017 the respective draft bill was adopted by the Lower Chamber […]
On January 12, 2017, Switzerland approved the Swiss-U.S. Privacy Shield Framework. Switzerland considers the agreement as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-U.S. Privacy Shield Framework will replace the U.S.-Swiss Safe Harbor immediately. Switzerland will begin accepting Privacy Shield certifications starting […]