BNA_PA_09_16_Privacy Laws-728x90


(Aug 25, 2016) Greetings from Brussels! Alas, as we near the end of August, one notices the uptake in traffic and increased bustle in the European quarter as folks return from holidays and start to focus on the run into the end of 2016. It’s been a balmy warm week here across Europe, and the calm, almost tranquil, pace of the last weeks here in Brussels is set to revert back to normalcy. Like a lot of people, I have been scrutinizing the media outpour in the hope that we might get a clearer understanding of ... Read More

Europe Data Protection Digest

British government mulls plans to sell patient data

(Aug 25, 2016) Politico reports the British government is considering a plan to sell patient health data to private organizations. New guidelines state patient data will be collected and stored in a centralized database run by NHS Digital. The decision comes after the British government dropped their plan after two independent reviews criticized the plan over poor consent and a lack of transparency regarding where patient data would be shared. The government is saying data sharing will only be for th... Read More

Europe Data Protection Digest

ICO investigating Virgin Trains following Corbyn video leak

(Aug 25, 2016) The Information Commissioner’s Office is investigating Virgin Trains for a possible violation of the Data Protection Act after the company released footage of  Labour Party Leader Jeremy Corbyn on one of the vehicles, Metro reports. Corbyn claimed he had to sit on the floor of one of the trains due to overcrowding, prompting Virgin Trains to release CCTV footage showing Corbyn walking past several rows of empty seats. The ICO will now determine whether the leak is a privacy violation. “All organ... Read More

Europe Data Protection Digest

Ex-officer wins lawsuit after department’s illicit monitoring

(Aug 25, 2016) The BBC reports a former Met Police officer won her case after suing the department for illicitly monitoring her activities. The Met surveilled former Detective Constable Andrea Brown after she went on vacation with her daughter while on sick leave. The Met Police and the Greater Manchester Police both admitted to violating the Data Protection Act and Brown’s right to privacy before the final ruling. “What is significant is that the judge commented that the senior police officers involved in this case didn't appear to have any appreciation or understanding of the laws that regulate their conduct in this area, and didn't acknowledge that they had done anything wrong," said Brown’s Solicitor Advocate David Gray-Jones. Read More

Europe Data Protection Digest

Reviewer of Terrorism gives stamp of approval

(Aug 25, 2016) U.K. Independent Reviewer of Terrorism David Anderson’s newly published review of Britain’s bulk surveillance plan found that there was “no viable alternative to the use of the powers by GCHQ, MI5 and MI6 in the fight against terror,” the BBC reports. Anderson also cautiously expressed support of bulk surveillance “in principle,” although he acknowledged that the government had not yet proven its merit through extensive, widespread use. Prime Minister Theresa May praised his findings, but not everyone was as pleased, such as representatives from campaign group Liberty. "Liberty called for an impartial, independent and expert inquiry into these intrusive powers — yet sadly this rushed review failed on all three counts," said Liberty’s Bella Sankey. Read More

Europe Data Protection Digest

How to ‘industrialize’ the mandatory DPO

(Aug 25, 2016) As most companies operating in Europe should by now be aware, as of May 2018 there will be a requirement for many firms to have a data protection officer. For small companies that nonetheless handle a lot of personal data, the sensible option may be to bring in an external DPO. There's likely to be a flurry of activity in the next couple of years, and one privacy professional who's definitely looking forward to the shake-up is Xavier Leclerc, the vice-president of the French association of data protection officers (AFCDP) and president of a company called Privacil. IAPP European correspondent David Meyer talks with Leclerc about the concept of the “mutualized DPO” in this piece for The Privacy Advisor. Read More

Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

PwC acquires to prepare for Privacy 2.0

(Aug 25, 2016) The age of privacy as a matter of policy and law is over. Now dawns the age of privacy as a technical matter, of automation, operations, and execution. At least that’s how PwC sees things, and that has fueled a pair of acquisitions in the identity and access management market, which will be bolted on to PwC’s growing cybersecurity, privacy and data protection practice. IAPP Publications Director Sam Pfeifle talks with PwC and the CEO of Everett, PwC’s latest buy, about why “if you don’t have deep technical expertise, such as about how biometric authentication works in a technical sense, you don’t have any future in the market.” Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

WhatsApp to begin sharing user data with Facebook

(Aug 25, 2016) The New York Times reports WhatsApp will start sharing user information with Facebook. The messaging app plans to send members’ phone numbers and analytics data to the social network, marking the first time WhatsApp has connected user accounts to Facebook. WhatsApp said neither company would be able to view users’ encrypted messages, and promised not to share phone numbers with advertisers. “Our values and our respect for your privacy continue to guide the decisions we make at WhatsApp,” Co-foun... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Facebook says applying telecom obligations to online services is ‘unnecessary’

(Aug 25, 2016) As the European Commission reviews the ePrivacy Directive, Facebook argues that applying legal obligations designed for telecom firms to online services would be “unnecessary, discriminatory and disproportionate,” The Irish Times reports. Facebook said online services are different from “traditional telecoms services,” and could not be a perfect replacement for them, while adding telecoms also have more access to data. “Many information society services today are based on free, advertising-funde... Read More

Daily Dashboard, Europe Data Protection Digest

Who are the Privacy Shield’s early adopters?

(Aug 24, 2016) The U.S. Department of Commerce has released the list of the first companies to self-certify under the Privacy Shield. A once-over of the list indicates mainly smaller companies across a spectrum of industries. Who are these firms and what made them dive in early? It turns out it's a mixture of competitive drive and the grace period the Shield agreement offers so that firms who certify early have some time to sort out their vendor agreements. Everyone agrees: Those vendor requirements are going ... Read More

Daily Dashboard, Europe Data Protection Digest