fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

European Data Protection Board publishes 3 new guidelines

European Data Protection Board in its Eleventh Plenary session announced 3 new guidance documents:

  • Guidelines on Codes of Conduct – they intend to help clarify the procedures and the rules involved in the submission, approval and publication of codes of conduct at both the national and the European level;
  • annex to the Guidelines on Accreditation, – it provides guidance on the additional requirements for the accreditation of certification bodies to be established by the supervisory authorities; and
  • annex to the Guidelines on Certification – it identifies topics that data protection supervisory authorities and the EDPB will consider and apply for the approval of certification criteria for a certification mechanism.

Source: European Data Protection Board

ICO’s Interim Report on Explaining AI

On June 3, 2019, the UK Information Commissioner’s Office (ICO), released an Interim Report on a collaboration project with The Alan Turing Institute called “Project ExplAIn.”

The purpose of this project, according to the ICO, is to develop “practical guidance” for organizations on complying with UK data protection law when using artificial intelligence (AI) decision-making systems; in particular, to explain the impact AI decisions may have on individuals.

Source: ICO’s Interim Report on Explaining AI

NCSC publishes new guidance and security paper now available

UK’s National Cyber Security Centre (NCSC) has published two new items of security architecture guidance, to help designers of computer systems and networks learn from NCSC experiences.

First is a set of design principles. Second is a set of 6 security architecture ‘anti-patterns’.

Source: National Cyber Security Centre

ICO’s draft Age Appropriate Design Code could seriously impact child data processing

On 15 April 2019, the ICO opened a public consultation on a draft code of practice titled Age Appropriate Design. The Code will remain open for public consultation until 31 May 2019.

The consultation document is described as a “code of practice for online services likely to be accessed by children.” However, its potential impact is in fact wider, and is perhaps better described as applying to all online services that are not demonstrably unlikely to be accessed by children, which it controversially defines as individuals under 18.

Full article: ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority issued six recommendations for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Full article: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation | Privacy & Information Security Law Blog

New Data Protection Guidelines to Impact Online Services?

The European Data Protection Board (EDPB) recently published draft guidelines which may impact online service providers’ ability to process personal data. The Guidelines are open for consultation until 24 May 2019.

The Guidelines are significant because the legal basis a service provider relies on determines, and impacts upon, the type and scope of its processing activities.

Full article: New Data Protection Guidelines to Impact Online Services? Mason Hayes Curran

The Spanish DPA publishes a list of processing operations for which a DPIA is mandatory

After having received the favorable opinion of the European Data Protection Board, the Spanish Data Protection Agency (“AEPD”) released last 6th May a list of processing operations for which it is necessary to carry out a privacy impact assessment.

Although the GDPR establishes criteria that help to identify those processing operations that involve a high risk, the supervisory authorities shall establish and make public a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment. In this context, the AEPD has published a list of processing operations determining that in the majority of cases where the processing meets two or more of the criteria on the list, a PIA will be necessary. The more criteria met by the processing analyzed, the greater the risk involved and the certainty of the need for a PIA.

Full article: The Spanish Data Protection Agency has published a list of processing operations for which a privacy impact assessment is mandatory

German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services

On April 5, 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or ‘DSK’) published a guideline regarding the applicability of the German Telemedia Act (‘TMG’) to telemedia services – including, for example, the use of website cookies for targeted advertising post-GDPR.

The guideline aims to “clarify and concretize” a previous statement on the topic released by the DSK in April 2018 and to serve as guidance for the implementation of data protection requirements when processing users’ data through telemedia services.

Full aticle: German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services

International Privacy Experts Adopt Recommendations for AI, Location Tracking

The International Working Group on Data Protection has adopted new recommendations for artificial intelligence and location tracking.

The Berlin-based Working Group includes data protection authorities who assess emerging privacy challenges. The IWG report “Privacy and Artificial Intelligence” sets out fairness and respect for human rights, oversight, transparency and intelligibility as key elements of AI design and use.

Source: International Privacy Experts Adopt Recommendations for AI, Location Tracking

Irish DPA Examines Right to Rectification

In light of increased awareness of the rights granted to individuals under the new data protection legislation, Ireland’s data protection authority (DPA) – Data Protection Commission – has published a note to clarify aspects of the right to rectification of personal data.

In particular, it examines the case of recording of names of individuals that contain diacritical marks (for example, fadas in the Irish language).

Read note: Examination of Right to Rectification complaints | 30/04/2019 | Data Protection Commission

1 2 3 32
>