Download free GDPR compliance checklist!

Tag Archives for " EU "

EU could introduce political ad rules for Facebook and Twitter

Vera Jourova, EU commissioner for justice, consumers and gender equality, said in a CNBC interview lawmakers in Brussels will introduce rules for more transparency in political campaigning. Companies including Facebook and Twitter will have to obey them.

Legislation around political ads would bolster the EU’s efforts to take a leading role regulating the world’s biggest technology companies on issues ranging from disinformation to competition and data privacy.

Source: EU could introduce political ad rules for Facebook and Twitter

EU institution staff ‘unaware’ of Microsoft data misuse

Members of staff working across the EU institutions are “not aware” of the extent to which the US tech firm Microsoft collects and stores their data as part of the use of their products and services, the EU’s data protection watchdog has told.

The issue centres around the concern that the contractual terms under agreements for the provision of Microsoft products and services to the EU institutions could be in breach of EU data protection law.

Source: EU institution staff ‘unaware’ of Microsoft data misuse, EU data chief says – EURACTIV.com

Regulating Facial Recognition Tech – Where Are We Now?

While there are clearly now multiple efforts to curtail the use of facial recognition technology (FRT) in the public realm, the reality is that the genie is already out of the bottle and there is no way to put it back.

The efforts above range from limited bans within the public sector, to reviews of new implementations of the tech, to specific court cases against police use of FRT. In short, it’s a patchwork of efforts, and there are huge gaps between them. Many examples also tend to focus on State-backed projects, rather than in the private sector – which is also experimenting with the tech, often in the public domain.

Meanwhile, the technology and its use is still rapidly spreading around the world, and there remains as yet no fully tested national position on its use in countries such as the US and UK.

Full article: Regulating Facial Recognition Tech – Where Are We Now? – Artificial Lawyer

EU Council releases revised draft ePrivacy Regulation

On 30 October, 2019, the Presidency of the Council of the European Union released revised text of the proposed ePrivacy Regulation (Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC).

The revised draft ePrivacy Regulation includes further clarifications to the scope of its application as well as several alternative options. In addition, further modifications are  introduced in the text, including in Article 2(2)(f), where the changes would specify that the processing upon receipt by a third party or end-user entrusted for the purpose of protecting the end-user’s terminal equipment would be outside the scope of the ePrivacy Regulation, and in Article 6a(2) where the new text specifies that the supervisory authority should be consulted, if necessary, in line with Article 36(1) of the General Data Protection Regulation (GDPR).

The Draft ePrivacy Regulation will be discussed during the Working Party on Telecommunications and Information Society (‘WP TELE’) meeting on 7 November 2019.

You can read the Draft ePrivacy Regulation here.

Finland eyes ePrivacy agreement before year’s end

The Presidency of the EU Council is expected to propose yet another iteration of the ePrivacy text for the next meeting of the Working Party on Telecommunications and Information Society Nov. 7.

Ever since the European Commission first presented its plans to overhaul the ePrivacy law in January 2017, the file has been mired in lobbying and conflicting positions of EU member states.

Source: Finland eyes ePrivacy agreement before year’s end

This Is What the Future of A.I. Regulation Could Look Like

The German Data Ethics Commission has produced a series of recommendations for regulating algorithms and artificial intelligence. Its ideas will likely influence new EU rules.

The commission insisted that algorithmic systems should be designed safely, to respect people’s rights and freedoms, protect democracy, be secure, and avoid bias and discrimination.

It said systems presenting a significant risk of harm, such as those that show different people different prices based on their profiles, should in some cases require licensing. And systems with an “untenable potential for harm”—killer robots, for example—should be banned outright.

Source: This Is What the Future of A.I. Regulation Could Look Like | Fortune

EU-US Privacy Shield passes third Commission ‘health check’

The European Commission published its report on the third annual review of the EU-US Privacy Shield. This despite the EU parliament calling last year for the mechanism to be suspended.

Report outlines that the US continues to ensure an adequate level of protection for personal data transferred from the EU to the 5,000 participating US companies under the Privacy Shield, the improvements made since the second annual review, and the appointments of key oversight and redress bodies, such as the Privacy Shield Ombudsperson.

Moreover, the Report highlights that an increasing number of EU individuals are making use of their rights under the Privacy Shield and that the relevant redress mechanisms are functioning well.

Source: EU-US Privacy Shield passes third Commission ‘health check’ — but litigation looms | TechCrunch

Where does the GDPR fine money go?

On 8 July 2019, the UK’s ICO issued British Airways with a £183 million penalty for violations and just one day later levied a £99 million fine against hotel chain Marriott. Google was hit with a €50 million fine by French authorities, and at least 70 enforcement actions have been taken in total across the EU little more than a year after the new regulations came into force.

But the destination of this money, which has the potential to exceed billions in the next few years, has been the subject of uncertainty. The relatively untested one-stop-shop principle, too, may lead to tensions brewing as data protection authorities wrestle over claims for jurisdiction with regards to mammoth investigations

Full article: GDPR: Where does the fine money go? | IT PRO

EBF publishes proposals on Cyber incident reporting

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.

In particular EBF makes the following proposals for supervisors and regulators:

  • Establish a central reporting and coordination hub in each Member State;
  • Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
  • Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
  • Further involve national CERTs in information sharing;
  • Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full report: EBF position on Cyber incident reporting

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

1 2 3 104