fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " law "

EDPB seeks comments on its Guidelines on the processing of personal data for online services 

The European Data Protection Board welcomes comments on the Guidelines 2/2019 on on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects. Such comments should be sent to EDPB by 24/05/2019 at the latest.

More infoemation: Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects | European Data Protection Board

Content Groups Warn FTC Over ‘Troubling’ Application of EU Privacy Law

The FTC is reviewing privacy regulations and has been holding a series of hearings, including one scheduled for Tuesday and Wednesday.

Groups representing producers, filmmakers and other content creators are warning the Federal Trade Commission over the unintended consequences of adopting sweeping online privacy laws akin to those in the European Union.

They contend that the sweeping measure restricts the availability of domain name data from a database overseen by the Internet Corporation for Assigned Names and Numbers. They say that such information is critical to enforcement of online infringement.

Source: Content Groups Warn FTC Over ‘Troubling’ Application of EU Privacy Law – Variety

How Privacy Laws Are Changing To Protect Personal Information

There is growing movement to establish and even harmonize privacy laws to reduce the data governance deficit and promote the right to privacy and economic competitiveness.

Changes to privacy laws are being fuelled in part by growing public concerns with the idea of unfettered data accumulation and use. Regulation, often slow to adapt to the pace of innovation, is starting to catch up with the extent of personal information being transmitted every minute.

Full article: How Privacy Laws Are Changing To Protect Personal Information

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal data protection regulations.

Full article: French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Finland Approves Act On The Secondary Use Of Social And Health Care Personal Data

The Finnish Parliament has approved the new general Act on the Secondary Use of Social Welfare and Health Care Data in March 2019.

The new Act codifies the relevant legislation and broadens the possibilities to, under certain conditions, utilize and combine for secondary purposes personal data collected in relation to public or private social and health care operations.

Source: Finland: Parliament Approves New Act On The Secondary Use Of Social And Health Care Personal Data

Association of German Supervisory Authorities issues paper on broad consent for research

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper  on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation.

According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope of the research. Moreover, the DSK suggests that a broad consent can be fixed at a later stage of the research by narrowing down the scope of the research once that scope is clearer – i.e., deliberately not using the obtained flexibility.

Ful article: Association of German Supervisory Authorities issues paper on broad consent for research

European Commission Releases Study on GDPR Data Protection Certification Mechanisms

European Commission has published a final report “Data Protection Certification Mechanisms: Study on Articles 42 and 43 of the Regulation
(EU) 2016/679”.

The overall aim of the study is to support the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Articles 42 and 43 GDPR.

More specific the purpose of the assignment is to: i) accompany the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Art. 42 and 43 GDPR and ii) collect all relevant information for the Commission in view of the possible implementation of Art. 43(8) GDPR on the requirements for the data protection certification mechanisms and of Article 43(9) GDPR on the technical standards for certification mechanisms and data protection seals and marks, and for mechanisms to promote and recognise those certification mechanisms, seals and marks.

Read report: Data Protection Certification Mechanisms: Study on Articles 42 and 43 of the Regulation (EU) 2016/679

Department of Justice Releases White Paper on CLOUD Act

On Wednesday, the U.S. Department of Justice released a white paper and FAQ on the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which was enacted in March 2018 and creates a new framework for government access to data held by technology companies worldwide.

The paper, titled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act,” addresses the scope and purpose of the CLOUD Act and responds to 29 frequently asked questions about the Act.

Source: Department of Justice Releases White Paper on CLOUD Act

A new US bill would force companies to check their algorithms for bias

US lawmakers have introduced a bill that would require large companies to audit machine learning-powered systems — like facial recognition or ad targeting algorithms — for bias.

If passed, it would ask the Federal Trade Commission to create rules for evaluating “highly sensitive” automated systems. Companies would have to assess whether the algorithms powering these tools are biased or discriminatory, as well as whether they pose a privacy or security risk to consumers.

Source: A new bill would force companies to check their algorithms for bias – The Verge

Senators say US needs its own GDPR

An investigation into the Equifax data breach has condemned the company’s poor security standards and urged politicians in the States to look to the GDPR’s example to minimise chances of a similar breach taking place in future.

The 67-page report, which was put together by the US Senate, proposes that organisational mismanagement of personally identifiable data should be punished by law, as happens under the GDPR.

Source: Senators say US America needs its own GDPR

>