On October 20, 2016, the European Data Protection Supervisor (EDPS) published Opinion 9/2016 on Personal Information Management Systems, PIMS. The opinion acknowledges that the recently adopted GDPR provides for increased transparency, powerful rights of access and data portability, giving individuals more control over their data. However, the EDPS highlighted how market conditions and business practices can […]
On October 27, 2016, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) authorized the transfer of personal data to the U.S. according to the EU-US Privacy Shield. With its decision, the Italian DPA has aligned itself with to the European Commission’s decision of adequacy, which recognized the Privacy Shield as granting an adequate […]
On November 11, 2016, a court in Moscow upheld the decision of a lower court to block Russians from accessing LinkedIn. The court decision originated from a decision of the Russian data protection regulator (Roskomnadzor), which had found that LinkedIn had failed to maintain Russian data on Russian servers in breach of the Russian […]
On November 7, 2016, China adopted a new cyber-security law that will come into force in June 2017. The new legislation has received some criticism. According to James Zimmerman, Chairman of the American Chamber of Commerce in China, “this is a step backwards for innovation in China that won’t do much to improve […]
Following ICO’s comments on Brexit, on October 24, 2016, the UK Secretary of State Karen Bradley MP used her interview before the Culture, Media and Sports Select Committee to confirm UK’s participation to the General Data Protection Regulation (GDPR) coming into effect in the spring of 2018. The Secretary said that: “We will be members […]
On November 3, 2016, the Bavarian Data Protection Authority (BayLDA) informed that it will carry out a privacy audit on the international data transfers of more than 500 companies. The Authority has decided to carry out such audits because of the suspicion that companies may transfer data abroad without even being aware of it. Indeed, many small […]
On September 26, 2016, the Hamburg Commissioner for Data Protection and Freedom of Information issued an order prohibiting Facebook to collect and store data of German WhatsApp users. The decision came after WhatsApp issued a statement informing its users that the application’s terms and privacy policy was updated, as a consequence of WhatsApp’s joining Facebook. […]
On September 27, 2016, the Cloud Infrastructure Services Providers of Europe (CISPE) announced the publication of the Data Protection Code of Conduct for Cloud Infrastructures Services. The CISPE comprises several major European cloud infrastructure providers. The code of conduct provides that the certified cloud infrastructure providers: will process and store data exclusively within the EU/EEA […]
On a request for a preliminary ruling by the Bundesgerichtshof on the interpretation of 2(a) and 7(f) of Directive 95/46/EC (“Data Protection Directive”), the European Court of Justice (“ECJ”) held that a dynamic IP address registered by an online media services provider when a person accesses a website that the provider makes accessible to the […]
On October 25, 2016, the UK Information Commissioner’s Office (ICO) issued a revised code of practice and checklist on privacy notices, transparency and control. The code helps organizations required by the Data Protection Act 1998 (DPA) to “collect information about people, whether directly or indirectly” to provide transparent and accessible “privacy notices” to data subjects. The […]