(Jul 29, 2016) In this edition of the The Privacy Advisor Podcast, Dutch Data Protection Authority Chairman Jacob Kohnstamm, who just today is leaving his post, talks to Angelique Carson, CIPP/US, about his experiences leading the Article 29 Working Party, what it takes to lead a group like that, and, interestingly enough, his history in a rock band. Next week, Kohnstamm’s replacement, Aleid Wolfsen, will take over. Wolfsen is a former mayor of Utrecht. Read More

Daily Dashboard

CJEU: Jurisdiction clauses may be irrelevant

(Jul 29, 2016) In VKI v. Amazon EU, the Court of Justice of the EU on Thursday clarified which Member State’s data protection laws should apply to a data processing operation established within the EU but directed at a number of EU Member States. The court held that “ … the processing of data … is governed by the law of the Member State in whose territory that establishment is situated.” The ECJ did not discuss the contract between Amazon and its customers, which provided that “Luxembourg law shall apply.” Ins... Read More

Daily Dashboard, Europe Data Protection Digest

FTC reverses ALJ decision, finds LabMD liable for unfair data security

(Jul 29, 2016) As the latest stage in a long-standing, and at times acrimonious, legal battle, the Federal Trade Commission announced it has issued an Opinion and Final Order that reverses an Administrative Law Judge Initial Decision, which had dismissed FTC charges against LabMD for unfair data security practices. The unanimous 3-0 opinion concludes the ALJ “applied the wrong legal standard for unfairness and finds that ‘LabMD’s security practices were unreasonable,’” the FTC press release states. In its fina... Read More

Daily Dashboard

It’s now illegal to use VPNs to access blocked services in the UAE

(Jul 29, 2016) One of the new IT laws from the president of the United Arab Emirates mandates that those found unlawfully using a VPN will be fined up to $545,000 and imprisoned, the International Business Times reports. While UAE tech laws previously only targeted those using VPNs for internet crime, this newer iteration prohibits citizens from accessing blocked services like WhatsApp and Snapchat via VPN, the report states. “The UAE is one of the first governments in the world to actually regulate on behalf of and for its telecoms companies in order to help them stem loss of revenue from [voice over IP] apps,” the report adds. Read More

Daily Dashboard

European lawmakers: 'Pokemon NO'

(Jul 29, 2016) As the enormously popular augmented app “Pokemon Go” hits Europe, regulators across the continent have expressed concerns over the game’s privacy attitudes, especially its user contract, BloombergTechnology reports. The Federation of German Consumer Organizations announced last week that if app developer Niantic fails to remove 15 clauses from the required player agreement before August 9, it will sue. French consumer rights group UFC Que Choisir called the game “potentially costly, and even dan... Read More

Daily Dashboard

Amazon transparency report shows government access requests more than doubling

(Jul 29, 2016) In its third-annual transparency report, released July 28, Amazon disclosed that its government data access requests have more than doubled since 2015, ZDNet reports. From January to the end of June 2016, the company received 1,803 requests, compared to the 851 received during the same time frame in 2015. The number of search warrant requests also increased eight times over last year’s figures, the report states. The study “also said that it received a separate 120 requests from overseas governments, of which it fully complied with 15 requests,” the report adds. “The company didn't say from which countries the requests were made, however.” Read More

Daily Dashboard

INAI says companies are responsible for protecting employee data

(Jul 29, 2016) The National Institute of Access to Information and Data Protection released a statement saying companies are responsible for processing their employees’ personal data under the Federal Law on Protection of Personal Data Held by Private Parties 2010, Data Guidance reports. The INAI announcement comes after a case where an employer attempted to use the “personal use” exemption to evade privacy law when processing employee data. “The INAI's announcement is a strong message to companies all around the country to understand the importance of protecting their employees' personal data; this is not a minor corporate issue and it should be treated seriously by management,” said Tomás Arankowsky, Partner at Avalerroux, S.C. Read More

Daily Dashboard

Hack numbers on upward trajectory

(Jul 29, 2016) According to hack-archive site, the number of data breaches at consumer-focused institutions is growing, Motherboard reports. noted that the amount of attacks nearly doubled from 158 in 2014 to 317 in 2015, with 183 logged breaches in 2016 thus far. While the report adds that the large size of recent breaches like Ashley Madison “may not be the best metric” for large-scale analysis, “I don't think anything is getting better, that much is pretty clear,” said security researcher Tony Hunt. “There's a lot of stuff out there that we don't even know about.” Read More

Daily Dashboard

Study: IT security pros fear phishing attacks, understaffing

(Jul 29, 2016) A survey of 250 IT security professionals revealed the top concerns for their organizations, ZDNet reports. The 2016 Black Hat Attendee Survey found IT security pros fear phishing and sophisticated attacks the most. Seventy-two percent of respondents believe their organizations would be hit with a major data breach within the next 12 months and 15 percent said they had “no doubt” they would be hit with a major cyberattack in the same time frame. The study found 74 percent of respondents said they are understaffed and will not be able to handle the rising amount of threats in the coming the year. Respondents also saw a rise in successful phishing attacks, with 30 percent of malicious messages opened, up from 23 percent last year. Read More

Daily Dashboard

Judge rules Arkansas cannot ban automated political phone calls

(Jul 29, 2016) A federal judge ruled Arkansas could not stop companies from making automated political calls to citizens, Ars Technica reports. Though Arkansas Attorney General Leslie Rutledge argued the calls invaded citizens’ privacy and safety, U.S. District Judge J. Leon Holmes stated the calls are protected under the First Amendment. Holmes also said the defense did “not survive strict scrutiny,” as it only targeted political phone calls. "Banning calls made through an automated telephone system in connec... Read More

Daily Dashboard