fbpx

Download free GDPR compliance checklist!

Tag Archives for " EDPS "

EDPS Publishes Annual Report 2019

The Annual Report provides an insight into all European Data Protection Superviser’s (EDPS) activities in 2019.

EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future. Of particular note were EDPS efforts to ensure that new EU rules on data protection are put into practice.

Source: EDPS Annual Report 2019: new EU data protection rules must produce promised result | European Data Protection Supervisor

EDPS publishes new Proportionality Guidelines

European Data Protection Supervisor (EDPS) has published new Proportionality Guidelines aimed at making privacy-friendly policymaking easier.

New guidelines on assessing proportionality aim to provide policymakers with practical tools to help assess the compliance of proposed EU measures that would impact the fundamental rights to privacy and the protection of personal data with the Charter of Fundamental Rights, the European Data Protection Supervisor said today, as he published the Guidelines.

Source: EDPS publishes new Proportionality Guidelines aimed at making privacy-friendly policymaking easier | European Data Protection Supervisor

Data watchdog raps EU asylum body for snooping

The European Asylum Support Office combed through social media to monitor refugee routes to Europe for three years. The agency sent weekly reports on its findings to member states, the EU Commission and institutions such as UNHCR and Interpol.

EASO lacks a legal basis for collecting personal data on social media, the EU’s data protection supervisor Wojciech Wiewiórowski said in a recent letter. He imposed a temporary ban on the project.

Source: Data watchdog raps EU asylum body for snooping

EDPS investigates European Parliament’s 2019 election activities and takes enforcement actions

The European Data Protection Supervisor (EDPS) is carrying out an investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary election.

The EDPS is actively engaged in seeking solutions to the challenges of online manipulation in elections. Data protection plays a fundamental role in ensuring electoral integrity and must therefore be treated as a priority in the planning of any election campaign.

Source: EDPS investigates European Parliament’s 2019 election activities and takes enforcement actions | European Data Protection Supervisor

Microsoft updates terms on data privacy amid EU probe

Microsoft said it was updating the privacy provisions of its commercial cloud contracts after European regulators found its deals with European Union institutions failed to protect data in line with EU law.

The EDPS, the EU’s data watchdog, opened an investigation in April to assess whether Microsoft’s contracts with the European Commission and other EU institutions met data protection rules. It raised concerns about compliance in October.

Source: Microsoft updates terms on data privacy amid EU probe – Reuters

EU institution staff ‘unaware’ of Microsoft data misuse

Members of staff working across the EU institutions are “not aware” of the extent to which the US tech firm Microsoft collects and stores their data as part of the use of their products and services, the EU’s data protection watchdog has told.

The issue centres around the concern that the contractual terms under agreements for the provision of Microsoft products and services to the EU institutions could be in breach of EU data protection law.

Source: EU institution staff ‘unaware’ of Microsoft data misuse, EU data chief says – EURACTIV.com

Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.

The guidance provides examples of how controllers can make the re-identification of hashed messages more difficult. These examples include encrypting the message (prior to hashing), encrypting the hash value, or adding “salt” or “noise” (i.e., a random number) to the original message.

Source: Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

EU contracts with Microsoft raising ‘serious’ data concerns

Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services.

The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arrangements between EU institutions and the tech giant this April, following changes to rules governing EU outsourcing.

Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services.

Source: EU contracts with Microsoft raising ‘serious’ data concerns, says watchdog | TechCrunch

EDPS publishes opinion on communication data as personal data

The European Data Protection Supervisor (EDPS) published, on 11 September 2019, the pleading notes before the Court of Justice of the European Union (CJEU) in the joint hearing for case C-623/17 Privacy International, joint cases C-511/18 and C-512/18 La Quadrature du Net and Others, and case C-520/18 Ordre des Barreaux Francophones et Germanophone and Others.

Notes address question whether the IP addresses or other data relating to electronic communications are capable of providing information on the content of communications, what information concerning the private lives of the concerned persons can be obtained from IP addresses or other data relating to electronic communications, as well as whether, and to what extent, it would be possible to limit the retention and the access to electronic communication data while enabling the objectives set out in Article 15(1) of the ePrivacy Directive.

Source: Pleading notes of the European Data Protection Supervisor (EDPS)

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

1 2 3 5
>