EU, South Korea 'intensify' data protection cooperation efforts

(Nov 21, 2017) Officials from the European Commission and South Korea issued a joint statement Monday announcing efforts "to further strengthen cooperations" between the two regions around data flows and data protection. Věra Jourová, Commissioner for Justice, Consumers and Gender Equality, together with Korea Communications Commission Chairman Lee Hyo-seong and Korea Internet & Security Agency Vice President Jeong Hyun-cheol, said they have, in recent months, "significantly strengthened the mutual underst... Read More

Analysis of Poland's draft employee privacy law

(Nov 21, 2017) The Polish legislature has recently proposed a new law specifying the rules of employee data processing in line with allowances under Article 88 of the EU General Data Protection Regulation. Anna Kobylańska of Kobylańska & Lewoszewski Kancelaria Prawna sp.j. writes for Privacy Tracker about the solutions the proposal offers, including the types of data employers may require from employees and employee candidates; how long they may retain the data; the types of consent needed for different ty... Read More

Poland's draft law on processing employee data under the GDPR

(Nov 21, 2017) Under Article 88 of the EU General Data Protection Regulation, member states may provide specific rules in respect of processing of employees’ personal data in the employment context. Poland has recently proposed new law provisions that specify the rules of employee data processing. This proposal is still under public consultation, but it is worth presenting some of the major solutions proposed by the Polish legislature. General rules Under the new laws, a prospective employer will be entitled... Read More

Roundup: Singapore, Australia, US and more

(Nov 20, 2017) In response to public comments, the Singapore Ministry of Communications and Information and the Cyber Security Agency announced they will clarify the scope of the new Cybersecurity Bill prior to introducing it. Australia’s NSW Labor party has introduced a bill requiring government agencies to report breaches, and the government published a draft of a national approach to how digital identity is managed. In the U.S., senators have introduced the Consumer Privacy Protection Act of 2017 and a bill... Read More

German regulator bans children's smartwatches over privacy concerns

(Nov 20, 2017) Privacy concerns surrounding the audio recording capabilities of children’s smartwatches has motivated the German telecommunications regulator, the Federal Network Agency, to ban the sale of the devices in the country, the Guardian reports, and to recommend parents destroy existing devices. FNA President Jochen Homann said parents have been using children's smartwatches, often marketed as toys, to not only listen in on their children’s actions, but also to secretly record conversations taking pl... Read More

ICO clarifies post-Brexit BCR standing

(Nov 20, 2017) A recent article in The Privacy Advisor wondered: What will happen to BCRs approved through the U.K.'s Information Commissioner's Office post-Brexit? Might they be totally invalidated? This caused something of a stir in some circles, and the ICO's office today responded with clear guidance: "It’s important to note that no BCR authorisation will be cancelled because of Brexit. The ICO will continue to work together with other European data protection authorities for international transfers to be ... Read More

Global News Roundup — November 13-20, 2017

(Nov 20, 2017) In response to public comments, the Singapore Ministry of Communications and Information and the Cyber Security Agency announced they will clarify the scope of the new Cybersecurity Bill prior to introducing it. Australia’s NSW Labor party has introduced a bill requiring government agencies to report breaches, and the government published a draft of a national approach to how digital identity is managed. In the U.S., Senators have introduced Consumer Privacy Protection Act of 2017 and a bill res... Read More

ENISA recommends EU, national regulators create cyberinsurance guidelines

(Nov 17, 2017) The European Union Agency for Network and Information Security is calling for European Union and national legislators to create draft guidelines detailing what type of damage from hacking incidents should be covered by cyberinsurance, EURACTIV.com reports. The agency proposes working with the European Commission to create guidelines for insurance companies, including developing a method for the ways they should assess a firm’s cybersecurity risk, while recommending EU authorities create a databa... Read More

European Commission launches 4M euro prize for usable authentication tech

(Nov 17, 2017) With a proliferation of internet-of-things devices entering the marketplace, the European Commission has launched the Horizon Prize to help jumpstart development of a "simple, secure and privacy-friendly way" to authenticate people when connecting to their devices. The prize totals 4 million euros, with 2.8 million for the winner, 700,000 for second place, and 500,000 for third. "The winning solutions will be innovative methods that will enable everyone and their smart objects to seamlessly auth... Read More

Notes from the IAPP Europe Managing Director, 17 November 2017

(Nov 16, 2017) Greetings from Brussels! It’s the week after our IAPP Data Protection Congress here in Brussels, and if you missed it there are a couple of articles (here and here) penned by our content director, Sam Pfeife, that are worth a gander to give you a sense of how the event unfolded. A hearty thanks to all of you who attended, and we hope to see you all again back next year; I have a sense that DPC18 might be an even bigger draw as it will be our first European Congress following the GDPR going into... Read More