Free tools and resources for Data Protection Officers!

Tag Archives for " law "

Spain finalises new data protection and digital rights law

A new law on data protection and digital rights has been approved by Spain’s parliament and will come into force in the coming days. The law will complement the General Data Protection Regulation (GDPR).

The new law, the Organic Law on Data Protection and Digital Rights Guarantee (LOPDGDD), was approved by a large majority in the Spanish Senate on 21 November after being nearly two years in development. The Senate did not amend any of the text that was previously approved by the Congress, ending a period of delay in the parliamentary process.

Source: Spain finalises new data protection and digital rights law

New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties

The new Law on Data Protection and Digital Rights (LOPD), recently enacted in Spain, includes a highly controversial provision allowing political parties and organizations to collect and use personal data revealing political views of individuals.

The controversial article was introduced as a last-minute amendment to the bill, which was voted unanimously on October 18 by the House of Representatives (Congreso de los Diputados). By then, the contentious article had largely gone unnoticed by the public opinion. Shortly after that, however, concerns that political parties might get broad leeway to process sensitive personal data were widely reported in the mainstream media. Nonetheless, the Spanish Senate definitively approved the law on November 21 – including the controversial section. The text is expected to be officially published shortly.

Full article: New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties | Center for Internet and Society

Russia, stung by intelligence leaks, plans to tighten data protection

Russia has drawn up draft legislation aimed at stopping leaks of personal information from state agencies, a step that follows publication of details of Russians allegedly involved in clandestine intelligence operations abroad.

The bill, produced by Russia’s communications ministry, bars unauthorized people from creating and publishing databases of personal data drawn from official sources, and fines anyone violating that rule.

Full article: Russia, stung by intelligence leaks, plans to tighten data protection | Reuters

EDPS calls for closer alignment between consumer and data protection rules in the EU

Consumer law and data protection can no longer afford to work in silos. The EU needs a big-picture approach to addressing systemic harms to individuals in digital markets, involving closer cooperation between enforcers in order to avoid legal uncertainty, the European Data Protection Supervisor (EDPS) said, as he published his Opinion on the legislative package A New Deal for Consumers.

Source: EDPS calls for closer alignment between consumer and data protection rules in the EU | European Data Protection Supervisor

Christmas spirit triumphs over GDPR in Germany

A German town managed to revive a children’s Christmas tradition after European data protection laws very nearly scrapped it.

In previous years up to 4,000 wishes to Father Christmas were placed on a tree at a Christmas market in the southern town of Roth and the city council would then attempt to fulfill those wishes, which included the names and addresses of the children who wrote them.

But the popular activity had to stop in 2016 because of Germany’s data privacy legislation and GDPR, as legislation requires parents of minors have to provide consent to the use of their kids’ data.

Local radio station Antenne Bayern found a solution by creating a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market.

Source: Christmas spirit triumphs over GDPR in German town of Roth – CNN

Irish watchdog clarifies record keeping and DPIAs interaction under GDPR

Ireland’s data protection authority has clarified how record keeping obligations under the General Data Protection Authority (GDPR) interact with the duties of businesses to carry out data protection impact assessments (DPIAs).

Full article: GDPR: Irish watchdog clarifies record keeping and DPIAs interaction

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

MEPs call for business GDPR ‘guarantee’ on using blockchain

Businesses should not begin using blockchain technology to process personal data until they can “guarantee compliance” with EU data protection laws, a committee of MEPs has said.

The Committee on Civil Liberties, Justice and Home Affairs (LIBE) said that businesses using blockchain must, in particular, be able to respect the rights of data subjects under the General Data Protection Regulation (GDPR) to the rectification and erasure of their data.

Full article: MEPs call for business GDPR ‘guarantee’ on using blockchain

New Spanish data law could undermine the integrity of democracy

On Wednesday, the Spanish senate gave the green light to an online data protection law which may enable political parties to hit voters with adverts based on profiling of internet search histories. The law was created as part of the Iberian nation’s efforts to align with the General Data Protection Regulation (GDPR) which came into force on May 25th of this year.

However, the recent adjustment made to the Spanish laws includes a caveat that enables political parties to “use personal data obtained from web pages and other publicly accessible sources to carry out political activities” throughout election campaigns.

Full article: New Spanish data law could undermine the integrity of democracy

Spanish Senate signs-off new GDPR-compliant Data Protection Act

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018.

Full article: Spanish Senate signs-off new GDPR-compliant Data Protection Act

>