Council of Europe updates Convention 108

On May 18 the Council of Europe adopted an amending Protocol which updates its data protection convention, known as “Convention 108”.

The modernisation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the only existing legally binding international treaty with global relevance in this field, addresses the challenges to privacy resulting from the use of new information and communication technologies, and strengthens the convention’s mechanism to ensure its effective implementation.

Source: Enhancing data protection globally: Council of Europe updates its landmark convention – Newsroom

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May – but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won’t be ready. The delay will cause legal uncertainty.

Source: Eight countries to miss EU data protection deadline

Why the ‘encryption exception’ may be over used

EU General Data Protection Regulation and some U.S. state laws provides the “encryption exception” – it can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised.

The reasoning is that encryption preserves confidentiality – even for stolen data – by rendering it unreadable. But it’s not really true.

Source: Why the ‘encryption exception’ may be over used

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US

A hacker has provided Motherboard with the login details for a company that buys phone location data from major telecom companies and then sells it to law enforcement.

Source: Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US – Motherboard

Snooping Amsterdam civil servants broke privacy laws with Facebook research 

An analysis of the Facebook networks of trouble-making youngsters by the Amsterdam city authorities constituted a breach of privacy and should have been reported to privacy monitoring body AP.

Amsterdam civil servants decided to build up a picture of the networks of youngsters who hung around on the streets and caused a nuisance in Amsterdam Zuid. By looking at their networks the authorities thought they would gain a better understanding of this group.

Source: Snooping Amsterdam civil servants broke privacy laws with Facebook research – DutchNews.nl

Croatia announces GDPR implementation act

The Croatian data protection authority (‘AZOP’) announced, on 10 May 2018, that the Act on Implementation of the General Data Protection Regulation (NN 42/2018) had been published in the Official Gazette, repealing the Personal Data Protection Act of 2003 in order to transpose the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).

Source: Croatia: AZOP announces GDPR implementation act publication

Publishers, ad tech firms scramble to comply with GDPR

With only weeks until GDPR takes effect, publishers and ad tech vendors are still addressing concerns of transparency and control.

On April 25 the Interactive Advertising Bureau Europe and IAB Tech Lab officially released a framework for publishers to ask if it is OK for the publisher and their ad tech vendors to collect and use people’s data. The framework is meant to maintain the status quo of targeted online advertising while abiding GDPR’s transparency rules and preparing for ePrivacy’s consent decree.

Source: Publishers, ad tech firms scramble to comply with GDPR – Digiday

GDPR isn€’t the only game in town – US state developments also looming

Companies gearing up for the European Union’s implementation of the General Data Protection Regulation -€” which introduces significant new obligations on any business processing the personal data of individuals in the EU –  should not lose sight of significant obligations imposed by U.S. state legislatures, which are quite active in the privacy sphere.

Source: GDPR isn’t the only game in town; US state developments also looming

Are GDPR fines insurable?

DLA Piper and Aon have launched a guide ‘The price of data security‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. The guide reviews the insurability of GDPR fines across Europe, which can reach up to €20 million or, if higher, up to 4% of a group’s annual global turnover.

Source: EUROPE: Are GDPR fines insurable in the countries where you operate?

1 2 3 236
>