Here’s a challenge for privacy practitioners everywhere. Laws, by their nature, are national (or in some cases, like the GDPR, regional) but the businesses we represent often consume, process and share data globally. When contracting with counterparties, how then does the privacy practitioner draft data protection terms that accommodate the vagaries of every applicable local privacy law while still producing a contract that both parties want to sign?
So let’s be clear. Consent is one way to comply with the GDPR, but it’s not the only way.
Want to post photos and stories about your kids to Facebook? Law professor Stacey Steinberg talks to Consumer Reports about how to protect children while “sharenting.”
Australia’s Prime Minister recently suggested a proposal that would allow access to information protected by encryption. Access Now’s US Policy Manager Amie Stepanovich tells why that’s a bad idea.
The digital threat landscape changes constantly, and it’s very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries like health care, are a small piece of the ROI calculation. In the absence of good data, decision makers must use something less than perfect to weigh the options: their judgment.
EDPS publishes Opinion on the proposal for a Regulation establishing a single digital gateway and the ‘once-only’ principle
The successful implementation of an EU-wide once-only principle to enable the lawful exchange of data across EU borders depends on ensuring that the relevant data protection principles are respected, the European Data Protection Supervisor (EDPS) said today, as he published his Opinion on the Commission’s proposal for a Regulation establishing a single digital gateway and the once-only principle.
Legal analysis of opinion of Court of Justice of European Union (CJEU) regarding agreement between Canada and the European Union on the transfer and processing of Passenger Name Record data.
A new alliance of IT and security professionals wants to promote best practices and spread awareness of a standard definition.
Information Commissioner Elizabeth Denham separates fact from fiction regarding GDPR and financial penalties.
The UK government plans to harmonise our data protection laws with the EU’s. This is necessary and sensible, too.