Spain’s constitutional right to data protection and application of the GDPR

(Mar 26, 2019) In November, Spain approved a controversial data protection law to facilitate compliance with Spanish law to the EU's General Data Protection Regulation. Although the Spanish law aimed to provide clarity to implementation of GDPR principles, its text and potential real-world application have caused concern that it is deviating from GDPR’s intended effect. Citizens of Spain have a right to data protection both under the Constitution of Spain in Article 18(4) and under Article 8 of the Charter of... Read More

How your neighborhood library protects your privacy

(Mar 26, 2019) Modern libraries face the unique challenge of providing free and equitable access to services while also protecting the privacy and intellectual freedom of their patrons. Protection of privacy is particularly relevant given the surge in digital and e-services that modern libraries now provide. Public library data shows that electronic circulation is growing steadily as physical material circulations (i.e., books, CDs and DVDs) are in decline. Today’s library user wants a more dynamic experience... Read More

What does the CCPA mean for colleges and universities?

(Mar 26, 2019) It is a well-established proposition that colleges and universities have an immense amount of data about their students. Moreover, recent news involving the massive college admission bribery scam has placed colleges and universities across the nation under intense scrutiny. With the California Consumer Protection Act slated to take effect Jan. 1, 2020, how should institutions of higher learning prepare for what may be the most sweeping data protection regulation since the Family Educational Righ... Read More

Forget about defining a DPO; define the data protection committee instead

(Mar 26, 2019) Data protection professionals and organization management officers share a common question: Who should the data protection officer be? Some argue that a legal professional is most suitable for this role; some argue that an operations professional is the natural pick. This article suggests it’s not the background of a DPO but rather whether a data protection committee exists that would prove critical to an organization’s data protection efforts. Why has the talk been about a legal professional? ... Read More

How to get ready for potential amendments to US children's privacy law

(Mar 26, 2019) Businesses that collect, use and disclose children’s personal information are already subject to strict legal requirements. The U.S. Children’s Online Privacy Protection Act of 1998 establishes detailed rules for operators of websites and online services that collect information from children under the age of 13. And comprehensive privacy regimes in other jurisdictions impose stringent requirements on online and offline processing of children’s information. Businesses are also acutely aware of t... Read More

Benchmarking for GDPR: How often are orgs reporting data breaches to authorities and subjects?

(Mar 26, 2019) This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by Radar. Find earlier installments of this series here. Do you find yourself thinking about what you were doing this time last year? Maybe it’s the prevalence of social media and the memories that show up in our feeds like our own personal versions of “this day in history,” but in any case, when I think about this time last year, I think about the EU General Da... Read More

Web con: 'Developing Policy for Global Content Moderation'

(Mar 26, 2019) Online companies are tasked with the moderation of users’ online contributions; however, the challenge is to do so while their platforms remain open. Organizations look to create and implement community values, trust and safety, and much of this work is done by those who develop the policies that are translated into the company’s community guidelines. Join the IAPP April 9 for this webcast as professionals discuss how they collaborate with stakeholders and the evolution of their community guidel... Read More

Web con: 'Privacy Engineering Live — PBD in Practice'

(Mar 25, 2019) The IAPP has created a new web conference series to shine a spotlight on privacy engineering. Privacy Engineering Live has privacy professionals discuss workable solutions and innovative people and ideas from the field. Join the IAPP March 27 as Enterprivacy Consulting Group Principal Consultant R. Jason Cronk, CIPP/US, CIPM, CIPT, FIP, and Cybernetica Head of Privacy Technologies Department Dan Bogdanov explore privacy-enhancing technologies, how they work, and what utility they bring to data g... Read More

CJEU advocate general: Pre-checked cookie boxes do not qualify as valid consent

(Mar 25, 2019) Court of Justice of the European Union Advocate General Maciej Szpunar wrote in a non-binding opinion a website has not gathered valid consent when it requires a user to deselect a pre-checked box, The Register reports. Szpunar’s opinion was in response to a case where an online lottery hosted by Planet49 asked individuals to consent to cookies. The box was filled in, but patrons did not need to agree to cookies in order to participate in the lottery. Szpunar determined it "virtually impossible ... Read More

Utah passes first bill in the US to protect data kept with third parties

(Mar 25, 2019) Wired reports the Utah Legislature passed the first bill in the U.S. to protect electronic data individuals keep with third parties. The privacy law would require government entities to obtain a warrant in order to access “certain electronic information or data” from third parties, such as Google or Facebook. The warrant requirement can be waived in emergency situations or when data can be used in felony and misdemeanor investigations. Republican Gov. Gary Herbert still must sign the bill before... Read More