ICO consults on data protection guidance for the media
EU-US safe harbour distrust
Dutch. Can't reach Netlfix based in Luxembourg
CNIL Report 2013
International data transfers: EU urged to scrap use of binding corporate rules and model contract clauses in cloud computing amidst concerns over US surveillance of data Businesses should be prevented from using model contract clauses and binding corporate rules (BCRs) as mechanisms for processing personal data in the cloud because those arrangements do not prohibit US law enforcement bodies from gaining access to that information, it said. The report, ordered by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE), said that the EU had created "derogations" from traditional rules governing international transfers of personal data that, in a cloud computing context, could not adequately protect the privacy of that information. It said BCRs and model contract clauses were examples of the 'derogations' created and that both are were "equally unsuitable to prevent the use of cloud data for surveillance purposes". The report (63-page / 1.32MB PDF) said that the EU had made "errors" when forging an agreement with the US over the recognition of US organisations' data protection standards.
new Ukrainien DP
Art 28 WP in BCR
PDPA Malaysia & Singapore
International Data Privacy Law
Germany strict data processing express consent
Data Protection Regulation - Information Technology and Telecoms - Germany In December we reported on the EU Commission's unofficial draft of the reform of the European Data Protection Directive 95/46/EU. On 25 January 2012 the Commission's official proposal for the Regulation was presented. We have analysed this 119-page draft and have summarised its main aspects in this Newsletter. Although there will be further changes to the draft before its envisaged entry into force in 2015/2016, the decisive legislative phase begins now, with the possibility for interest groups to exert their influence.
New EU Data Protection Regime Will Bring Significant Changes - Information Technology and Telecoms - Germany On 25 January 2012 the Commission's official proposal for the reform of the European Data Protection Directive 95/46/EU was presented. We have analysed this 119-page draft and have summarised its main aspects. Although there will be further changes to the draft before its envisaged entry into force in 2015/2016, the decisive legislative phase begins now, with the possibility for interest groups to exert their influence. On the whole, the Regulation is essentially in line with the law applicable in Germany to date. However, there will be numerous significant amendments in future: There are substantial amendments concerning the scope of application.
Hogan Lovells Submits Comments on Proposed EU Regulation to UK Ministry of Justice The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March. On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients since the proposals first became public knowledge. A copy of the submission is available here.
IPrivacy4IT – Clarinette's blog › Log In
Privacy News - PogoWasRight.org
DataGuidance.com - making data protection and privacy compliance simpler and faster
Europa / International / International Working Group on Data Protection in Telecommunications (IWGDPT) (Berliner Beauftragter für Datenschutz und Informationsfreiheit)
Art. 29 Working Party Opinion on SNS According to the latest press release, the Art. 29 Working Party has issued an opinion (pdf) on social networking sites ("SNS") . In particular, it addresses how the SNS can meet its data protection obligations by considering who is the data controller (SNS providers; application providers; users are exempt under Art. 3.2 Data Protection Directive, but leaves the possibility that they could have data controller responsibilities); information to be provided by SNS; third party access and whether retention of data under a SNS. In sum, the Art. 29 Working Party provides:
The Data Protection Act 1998 gives you the right to access information held about you by organisations. The act governs how organisations can use the personal information that they hold - including how they acquire, store, share or dispose of it. The act is administered and enforced by the Information Commissioner - an independent authority who is appointed by the Queen and reports directly to parliament. Data protection is an international issue which results from European legislation We are responsible for government policy on data protection, and represent the UK in European data protection negotiations. Back to top Department for Constitutional Affairs - Data Protection - Data Protection
Should Companies Sell Privacy Offsets? - Science and Tech It's time we were allowed to pay money for our privacy. We already "pay" for our online services by looking at advertising that has been augmented with personal data gleaned from our Internet perambulations. Maybe it's time we formalized the value of users' data. Then, to opt out of tracking, users could simply pay the difference between what they're worth to service providers with and without their data attached. It's not a tough calculation to make.
Should you own your own data?
Players and Pawns in the Game of Privacy Privacy is pretty constantly in the news at the moment. People like me can hardly take their eye off the news for a moment. This morning I was trying to do three things at once: follow David Allen Green's evidence at the Leveson inquiry (where amongst other things he was talking about the NightJack story which has significant privacy implications), listen to Viviane Reding talking about the new reforms to the data protection regime in Europe, and discover what was going on in the emerging story of 02's apparent sending of people's mobile numbers to websites visited via their mobile phones.... Big issues... and lots of media coverage... and lots of opportunities for academics, advocates of one position or other, technical experts and so forth to write/talk/tweet/blog etc on the subject. And many of us are taking the opportunity to say our bit, as we like to do. A good thing?
La France va-t-elle se doter d’une loi rendant obligatoire les notifications des violations de sécurité ? « Information Security Breaches & The Law La France va-t-elle se doter d’une loi rendant obligatoire les notifications des violations de sécurité ? La proposition de loi visant à mieux garantir le droit à la vie privée à l’heure du numérique, présentée le 6 novembre 2009 au Sénat par les sénateurs Yves Détraigne et Anne-Marie Escoffier, a été adoptée par le Sénat et transmise à l’Assemblée nationale le 24 mars 2010. (Historique de la législation.)
UK DPA / EU DPD
DATA PROTECTION DAY, 28 January 2011 - European Commission & Council of Europe
US data protection
EU/US agreement on data transfer
data as a commodity
data breach US
ANALYSIS Last week was a big one for data breaches in the UK, as Zurich was hit with a £2.27 million fine for losing customer information. It was the biggest fine ever handed out by the Financial Services Authority (FSA) for a data security failing. Later in the week, the Information Commissioner’s Office (ICO) found both Yorkshire Building Society and DSG Retail, the owner of PC World, in breach of the Data Protection Act. Does the ICO have enough power to stop data breaches?
European Union Agency for Fundamental Rights - FRA
Depuis plusieurs mois, la CNIL constate une augmentation du nombre de projets liés, directement ou indirectement, à la révision de la directive européenne relative à la protection des données personnelles. L'impressionnante profusion des initiatives tendant à la révision de la directive de 1995 sur la protection des données
Irish ministers fight EU bid to give Israel data - Republic of Ireland, Local & National 02 September 2010 A crucial meeting to determine whether the plan should go ahead is taking place in Brussels. A special European Commission committee was forced to call the meeting after Justice Minister Dermot Ahern blocked a bid to push through the plan "on the nod" without consultation with government ministers from EU states. The commission is comprised of officials from the 27 member states and Ireland will be represented today by a senior official from the Department of Justice.
Global Privacy Enforcement Authorities Launch Cooperative Network and Website
Global Privacy Enforcement Network Launches Website | Global Privacy Enforcement Network
Council of Europe Prepares to Review Convention 108
Data Protection Law In India Data Protection Law In India-Needs And Position The age of Internet has taken on India to new heights of excellence in education, medicine, communication, public services and almost all walks of governance. In the IT sector, Indian professionals have built for themselves an enviable global reputation through hard work, dedication and commitment. Development in one sphere also has an impact over other spheres of life. This follows that with the increasing use of internet, need for changes in law is inevitable. Internet has in store a huge amount of data for different kind of people with different requirements.
7,500 Germans rally for greater data privacy Some 7,500 people demonstrated Saturday in Berlin to express their concerns about personal data privacy as the German government and private companies amass giant databases, organisers said. Called out by numerous civic organisations and political parties under the banner of "Liberty Instead of Fear!", the protestors denounced a government database which will collect information on wages, taxes and social payments. They also protested against electronic passports, electronic health insurance cards, and an accord allowing the United States to access EU banking information as part of anti-terror efforts.
Gov 2.0 Summit 2010: Osama Bedier, "PayPal: What We Do with Private..."
Reputation bankruptcy posted by Jonathan Zittrain Google CEO Eric Schmidt created buzz (and some shock and criticism) when he suggested in a recent Wall Street Journal interview that, in the not too distant future, “every young person…will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.” I’ve been intrigued by these concepts, too, and while I don’t think people should have to change their names to escape their pasts — whether earned or unearned — I like the idea of reputation bankruptcy.
For your information | Comment | Research
germany compliance with the EU data protection directive
UK Ministry of Justice opens data protection consultation
Tech and Law: EU Data Protection Directive reform - Commission paper, meeting
Article: Once More Unto the Breach: An Analysis of Legal, Technological and Policy Issues Involving Data Breach Notification Statutes
Arrêt de la Cour
Tech and Law: August 2010
making data protection and privacy compliance simpler and faster
Children's rights group threatens ICO with judicial review
Regulating the Use of Social Media Data
LLP | Data Protection | News & Updates
LLP | Data Protection | News & Updates
LLP | Data Protection | News & Updates
LLP | Outsourcing | News & Updates
LLP | Search
Personal_information_online_code_of_practice Digital Edition olw
Data Protection and Privacy Laws
Devices must come with data-wipe function, says privacy regulato
How Your Data Trail Can Linger for Decades - Digits
Information Security Breaches & The Law
Data Protection Guide - Public Data and Information Sharing
Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security
Computer Misuse Act 1990 (c. 18)
Before You Even Click…. : Future of Privacy Forum
ECJ clears up confusion between data protection principles and the right of access to public documents
Article 29 Working Party Opinion 3/2010 on the principle of accountability: 'made to measure' data privacy compliance for the proactive?
Information Commissioner offers guidance on school photos