EU court could settle ICANN data gathering dispute

The internet’s global domain name organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), has appealed a recent ruling by a court in Germany on the amount of data that domain name registrars can be forced to gather on people operating websites.

“If the Higher Regional Court does not agree with ICANN or is not clear about the scope of the European Union’s General Data Protection Regulation (GDPR), ICANN is also asking the Higher Regional Court to refer the issues in ICANN’s appeal to the [CJEU],” ICANN said in a statement.

Source: EU court could settle ICANN data gathering dispute

Implementing appropriate security under the GDPR

Security of processing is a foundational principle of the GDPR. Under Article 5(1)(f), personal data shall be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

Read full article: Implementing appropriate security under the GDPR

Looking to Canada for input on the GDPR’s data retention requirements

One of the core principles of data processing set forth in Article 5(e) of the EU General Data Protection Regulation is that personal data shall be retained in a form that “permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” Although this language is not complex, it raises critical questions not answered within the text, namely: What comprises a purpose and how does one determine whether the purpose is resolved?

Read full article: Looking to Canada for input on the GDPR’s data retention requirements

Apple to Close iPhone Security Hole That Law Enforcement Uses to Crack Devices

Apple is closing a technological loophole that let authorities hack into locked iPhones, infuriating law enforcement officials and reigniting a debate over security versus privacy.

Source: Apple to Close iPhone Security Hole That Law Enforcement Uses to Crack Devices – The New York Times

Alexa and other smart speakers may endanger privacy rights

Legal experts say internet-connected smart speakers are the latest example of how technology and devices endear themselves to consumers before they realize the downsides.

The devices are supposed to begin recording the conversation only in response to “wake words” — like “Alexa” (for the Echo), “OK Google” (for the Google Home) and “Hey Siri” (for Apple’s HomePod). But they may be able to hear background conversations while activated.

Source: Alexa and other smart speakers may endanger privacy rights – SFChronicle.com

London cops’ facial recognition doesn’t work

London cops’ facial recognition kit has only correctly identified two people to date – neither of whom were criminals – and the UK capital’s police force has made no arrests using it. Police’s automated facial recognition (AFR) technology has a 98 per cent false positive rate.

Source: Zero arrests, 2 correct matches, no criminals: London cops’ facial recog tech slammed • The Register

The California Consumer Privacy Act of 2018 is not at all like the GDPR

There seems to be a rise in fearmongering about the next big potential privacy legislation on the horizon after GDPR – the California Consumer Privacy Act of 2018. Consultants, bloggers, and, sadly, some well-respected law firms, have hyped the initiative as “very similar to the GDPR,” and a “sweeping, GDPR-like privacy regime.”

However,California Consumer Privacy Act of 2018 is not like GDPR. The Act is not an “act” at all – it is an initiative that may appear on the ballot in California during the November elections. And while the ballot initiative proposes some interesting, and arguably misguided, privacy requirements, few of those requirements have any analog within the GDPR. Furthermore equating the California initiative to the GDPR masks its real aim, purpose, and danger.

Read full article: Bryan Cave – Stop the hype! The California Consumer Privacy Act of 2018 is not at all like the GDPR

GDPR implementation bills: The election problem

It is by now no secret that a lot of EU countries won’t have implementing acts ready in time for the introduction of the General Data Protection Regulation this week. While this is unlikely to be the end of the world for most companies — the GDPR doesn’t need to be transposed into member states’ national laws to apply — it does create a level of confusion where the new regulation clashes with still-active national implementations of the old EU Data Protection Directive.

Read full article: GDPR implementation bills: The election problem

How not to write your GDPR-‘compliant’ data protection notice

GDPR requires companies to have a robust data processing notices. However, “obfuscating their data collection and processing activities on the personal data while using the keywords from the GDPR, some controllers are publishing revised DP policies that under-inform or misinform their customers.”

Read full article: How not to write your GDPR-‘compliant’ data protection notice

>