Passport system photo-vendor changes privacy policy

(Apr 20, 2017) The company providing approved passport photos for the new online passport application service has announced it has changed its privacy policy after concerns about its adherence to EU data protection laws, The Irish Times reports. Photo-Me's privacy policy originally stated it may process users' information outside of the European Economic Area, a move that could violate EU laws that ban processing outside the EEA unless certain safeguards exist, the report states. The company did affirm that al... Read More

Irish Minister on US-EU digital strategies

(Apr 20, 2017) In interviewing Irish Data Protection Minister Dara Murphy yesterday here at the IAPP Global Privacy Summit, IAPP VP of Research and Education Omer Tene asked a pointed question: Given that the vast majority of the large internet firms are American, “Would you say that the European digital market strategy has failed?” Murphy said that he would, “but I don’t think it continues to fail.” Thus began an examination into U.S. and EU approaches to digital innovation, why U.S. internet firms dominate, ... Read More

A regulatory update on contractual clauses and Privacy Shield

(Apr 20, 2017) Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private trans-Atlantic data flows, Irish Data Protection Commissioner Helen Dixon shared her thoughts about the case and questions the court must consider. "These hearings were positive," she said during a panel session at the IAPP Global Privacy Summit in Washington. "It was an extremely comprehensive hearing on complex issues. This wasn't a case where the judge will rush to judge... Read More

A regulatory update of contractual clauses and Privacy Shield

(Apr 20, 2017) Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private transatlantic data flows, Irish Data Protection Commissioner Helen Dixon shared her thoughts about the case and the questions the court must consider.  "These hearings were positive," she said during a panel session at the IAPP Global Privacy Summit in Washington. "It was an extremely comprehensive hearing on complex issues. This wasn't a case where the judge will rush to ... Read More

An update on the future of standard contractual clauses

(Apr 20, 2017) Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private trans-Atlantic data flows, Irish Data Protection Commissioner Helen Dixon shared her thoughts about the case and questions the court must consider. "These hearings were positive," she said during a panel session at the IAPP Global Privacy Summit in Washington. "It was an extremely comprehensive hearing on complex issues. This wasn't a case where the judge will rush to judge... Read More

FTC approves final orders for CBPR misrepresentations

(Apr 14, 2017) The U.S. Federal Trade Commission finalized orders Friday resolving allegations that three companies misrepresented their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules, according to an FTC press release. In three separate complaints, the FTC charged that Sentinel Labs, SpyChatter, and Vi2us "falsely represented in their online privacy policies that they participated in the APEC CBPR system. Sentinel Labs also falsely claimed that it was a participant in a TRUS... Read More

European Commission releases Umbrella Agreement negotiation documents

(Apr 12, 2017) Following a request made by Member of the European Parliament Sophie in 't Veld, the European Commission has released some of the documents related to the Umbrella Agreement negotiations between the EU and the U.S. In a letter to in 't Veld, European Commission Director-General Tiina Astola explains the decision to only release a portion of the documents, including information pertaining to personal data, passages that could potentially undermine the protection of public interests regarding inte... Read More

Ireland Data Protection Commissioner releases 2016 annual report

(Apr 11, 2017) The Data Protection Commissioner of Ireland has released her annual report for 2016, which highlights "key developments and activities for the Office for the last year, together with the priorities for 2017 and beyond." Commissioner Helen Dixon said data privacy complaints rose from 932 in 2015 to 1,479 last year, while there was a slight decrease in reported breach notifications, the Irish Independent reports. Dixon, whose agency expanded in the last year, noted that consultation queries "rose ... Read More

CNIL updates WP29 Plenary, releases research on location data flows

(Apr 11, 2017) In a pair of press releases, France's data protection authority, the CNIL, has provided an update to the recent Article 29 Working Party Plenary and shared research tracking where personal data flows to in the mobile ecosystem. The WP29 touched upon "critical" topics, including the implementation of the General Data Protection Regulation, which included the adoption of the final version of the data protection officer, among others. There was an update on meetings between EU and U.S. representati... Read More

Swiss-US Privacy Shield Framework FAQs released

(Apr 11, 2017) The U.S. Department of Commerce's International Trade Administration has released an FAQ sheet for the Swiss-U.S. Privacy Shield agreement. It tackles questions like the difference between the EU-U.S. Privacy Shield and this framework and how to apply to participate. Organizations can self-certify starting on April 12. The FAQ indicates that those organizations already self-certified with EU-U.S. Privacy Shield can self-certify for the Swiss version online via their Privacy Shield online account... Read More