Data Protection
Get flash to fully experience Pearltrees
CNIL Report 2013
International data transfers: EU urged to scrap use of binding corporate rules and model contract clauses in cloud computing amidst concerns over US surveillance of data
Businesses should be prevented from using model contract clauses and binding corporate rules (BCRs) as mechanisms for processing personal data in the cloud because those arrangements do not prohibit US law enforcement bodies from gaining access to that information, it said. The report, ordered by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE), said that the EU had created "derogations" from traditional rules governing international transfers of personal data that, in a cloud computing context, could not adequately protect the privacy of that information. It said BCRs and model contract clauses were examples of the 'derogations' created and that both are were "equally unsuitable to prevent the use of cloud data for surveillance purposes". The report (63-page / 1.32MB PDF) said that the EU had made "errors" when forging an agreement with the US over the recognition of US organisations' data protection standards.FTC launch study Data brockers industry
new Ukrainien DP
Art 28 WP in BCR
PDPA Malaysia & Singapore
International Data Privacy Law
Germany strict data processing express consent
Data Protection Regulation - Information Technology and Telecoms - Germany
Article by Jürgen Hartung and Dr. Marc Hilber, LL.M. In December we reported on the EU Commission's unofficial draft of the reform of the European Data Protection Directive 95/46/EU. On 25 January 2012 the Commission's official proposal for the Regulation was presented.New EU Data Protection Regime Will Bring Significant Changes - Information Technology and Telecoms - Germany
Article by Jürgen Hartung and Dr. Marc Hilber, LL.M. On 25 January 2012 the Commission's official proposal for the reform of the European Data Protection Directive 95/46/EU was presented. We have analysed this 119-page draft and have summarised its main aspects. Although there will be further changes to the draft before its envisaged entry into force in 2015/2016, the decisive legislative phase begins now, with the possibility for interest groups to exert their influence. On the whole, the Regulation is essentially in line with the law applicable in Germany to date.
Hogan Lovells Submits Comments on Proposed EU Regulation to UK Ministry of Justice
The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March. On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients since the proposals first became public knowledge. A copy of the submission is available here .
Europa / International / International Working Group on Data Protection in Telecommunications (IWGDPT) (Berliner Beauftragter für Datenschutz und Informationsfreiheit)
The Group has since 1983 adopted numerous recommendations (“Common Positions” / “Working Papers”) aimed at improving the protection of privacy in telecommunications and Internet services: Die Arbeitsgruppe hat seit 1983 eine Vielzahl von Empfehlungen zur Verbesserung des Datenschutzes in der Telekommunikation und im Internet verabschiedet: Cloud Computing – Privacy and data protection issues – “Sopot Memorandum” (Sopot (Poland), 23./24. April 2012) english -pdf / deutsch -pdf Privacy by Design and Smart Metering: Minimize Personal Information to Maintain Privacy (Berlin, 12./13. September 2011) english -pdf / deutsch -pdf Working Paper on Privacy and Electronic Micropayment on the Internet (Berlin, 12./13.
Art. 29 Working Party Opinion on SNS
According to the latest press release, the Art. 29 Working Party has issued an opinion (pdf) on social networking sites ("SNS") . In particular, it addresses how the SNS can meet its data protection obligations by considering who is the data controller (SNS providers; application providers; users are exempt under Art. 3.2 Data Protection Directive, but leaves the possibility that they could have data controller responsibilities); information to be provided by SNS; third party access and whether retention of data under a SNS. In sum, the Art. 29 Working Party provides:The Data Protection Act 1998 gives you the right to access information held about you by organisations. The act governs how organisations can use the personal information that they hold - including how they acquire, store, share or dispose of it. The act is administered and enforced by the Information Commissioner - an independent authority who is appointed by the Queen and reports directly to parliament. Data protection is an international issue which results from European legislation We are responsible for government policy on data protection, and represent the UK in European data protection negotiations. © Crown Copyright
Department for Constitutional Affairs - Data Protection - Data Protection
Should Companies Sell Privacy Offsets? - Science and Tech
It's time we were allowed to pay money for our privacy. We already "pay" for our online services by looking at advertising that has been augmented with personal data gleaned from our Internet perambulations. Maybe it's time we formalized the value of users' data. Then, to opt out of tracking, users could simply pay the difference between what they're worth to service providers with and without their data attached. It's not a tough calculation to make.
Players and Pawns in the Game of Privacy
Privacy is pretty constantly in the news at the moment. People like me can hardly take their eye off the news for a moment. This morning I was trying to do three things at once: follow David Allen Green's evidence at the Leveson inquiry (where amongst other things he was t alking about the NightJack story which has significant privacy implications), listen to Viviane Reding talking about the new reforms to the data protection regime in Europe, and discover what was going on in the emerging story of 02 's apparent sending of people's mobile numbers to websites visited via their mobile phones.... Big issues... and lots of media coverage... and lots of opportunities for academics, advocates of one position or other, technical experts and so forth to write/talk/tweet/blog etc on the subject. And many of us are taking the opportunity to say our bit, as we like to do. A good thing?
La France va-t-elle se doter d’une loi rendant obligatoire les notifications des violations de sécurité ? « Information Security Breaches & The Law
La France va-t-elle se doter d’une loi rendant obligatoire les notifications des violations de sécurité ? La proposition de loi visant à mieux garantir le droit à la vie privée à l’heure du numérique , présentée le 6 novembre 2009 au Sénat par les sénateurs Yves Détraigne et Anne-Marie Escoffier, a été adoptée par le Sénat et transmise à l’Assemblée nationale le 24 mars 2010. ( Historique de la législation .) Elle devrait à nouveau être débattue à l’automne.UK DPA / EU DPD
data retention
US data protection
EU/US agreement on data transfer
data as a commodity
EU phorm
EU DPD
data breach US
ANALYSIS Last week was a big one for data breaches in the UK, as Zurich was hit with a £2.27 million fine for losing customer information. It was the biggest fine ever handed out by the Financial Services Authority (FSA) for a data security failing. Later in the week, the Information Commissioner’s Office (ICO) found both Yorkshire Building Society and DSG Retail, the owner of PC World, in breach of the Data Protection Act.
Does the ICO have enough power to stop data breaches?
30 mars 2009 La directive du 24 octobre 1995 qui constitue le socle commun à tous les pays de l’Union européenne en matière de protection des données personnelles devrait être modifiée dans les années à venir pour s’adapter aux technologies du 21ème siècle. D’ores et déjà, un certain nombre de travaux sont engagés dont la mise en cohérence et la coordination s’avèrent nécessaires.
L'impressionnante profusion des initiatives tendant à la révision de la directive de 1995 sur la protection des données
PNR
e-communication directive
Irish ministers fight EU bid to give Israel data - Republic of Ireland, Local & National
02 September 2010 The Republic of Ireland is to vote today against an EU plan to allow sensitive personal data on European citizens to be handed over to Israel. A crucial meeting to determine whether the plan should go ahead is taking place in Brussels. A special European Commission committee was forced to call the meeting after Justice Minister Dermot Ahern blocked a bid to push through the plan "on the nod" without consultation with government ministers from EU states.Data Protection Law In India
Data Protection Law In India-Needs And Position The age of Internet has taken on India to new heights of excellence in education, medicine, communication, public services and almost all walks of governance. In the IT sector, Indian professionals have built for themselves an enviable global reputation through hard work, dedication and commitment. Development in one sphere also has an impact over other spheres of life. This follows that with the increasing use of internet, need for changes in law is inevitable. Internet has in store a huge amount of data for different kind of people with different requirements.7,500 Germans rally for greater data privacy
Some 7,500 people demonstrated Saturday in Berlin to express their concerns about personal data privacy as the German government and private companies amass giant databases, organisers said. Called out by numerous civic organisations and political parties under the banner of "Liberty Instead of Fear!", the protestors denounced a government database which will collect information on wages, taxes and social payments. They also protested against electronic passports, electronic health insurance cards, and an accord allowing the United States to access EU banking information as part of anti-terror efforts.Rebecca Wong