fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " regulation "

Senators say US needs its own GDPR

An investigation into the Equifax data breach has condemned the company’s poor security standards and urged politicians in the States to look to the GDPR’s example to minimise chances of a similar breach taking place in future.

The 67-page report, which was put together by the US Senate, proposes that organisational mismanagement of personally identifiable data should be punished by law, as happens under the GDPR.

Source: Senators say US America needs its own GDPR

CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control

On March 28, 2019, the French data protection authority (“CNIL”) published a “Model Regulation” addressing the use of biometric systems to control access to premises, devices and apps at work.

The Model Regulation lays down binding rules for data controllers who are subject to French data protection law and process employee biometric data for such purposes.

Source: CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control

How to address new privacy issues raised by artificial intelligence and machine learning

Artificial intelligence and machine learning present unique challenges for protecting the privacy of personal data.

For this reason, policymakers need to craft new national privacy legislation that accounts for the numerous limitations that scholars have identified in the notice and consent model of privacy that has guided privacy thinking for decades. The exacerbation of privacy externalities created by machine learning techniques is just one more reason regarding the need for new privacy rules.

Full article: How to address new privacy issues raised by artificial intelligence and machine learning

Czech Republic adopts new Data Protection law

The Czech Republic adopted, on 12 March 2019, legislation that brings the GDPR’s provisions into national law.

The new Act now needs to be signed by the President. After that, it will enter into force on the day of its publication in the Legal Gazette.

Source: Czech Republic adopts new DP law to follow GDPR – Privacy Laws & Business

Zuckerberg says governments need to do more to support data privacy

Mark Zuckerberg has responded to privacy pressures by asking regulators and governments to do more to help control content that gets published online.

Writing in the Washington Post, the Facebook boss acknowledged the “major” role that tech plays in our everyday lives, as well as the “immense responsibilities” that lie on the shoulders of companies such as Facebook.

However, experts have questioned whether the Facebook chief’s message is little more than an acknowledgement of the fact that the social network has to comply with new data privacy laws.

Source: Zuckerberg says governments need to do more to support data privacy

The state Senate version of the Washington Privacy Act: A summary

Washington is increasingly looking like it will become the second state in the U.S. to pass a comprehensive privacy statute, following California’s Consumer Privacy Act. Drafting the statute was a two-plus year process, during which the CCPA was passed and the EU General Data Protection Regulation went into effect.

Washington’s proposed privacy statute shares many foundational principles with these two privacy regimes, but it has notable distinctions. Importantly, it represents a new model for other states to consider as they draft their own comprehensive privacy laws.

Full article: The state Senate version of the Washington Privacy Act: A summary

Mind the overlap between GDPR and ePrivacy

Organisations need to be aware of the overlaps between European data protection and privacy rules, and which takes precedence, a privacy lawyer warns.

Understanding the interplay between the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) is more difficult than most organisations realise, according to Eduardo Ustaran, partner and global co-head of the privacy and cyber security practice at law firm Hogan Lovells.

Full article: Mind the overlap between GDPR and ePD, warns privacy lawyer

New rules bring protections to personal data in EU political campaigns

On March 19, the European Union adopted new rules to “prevent misuse of personal data by European political parties.” The move comes ahead of the European Parliament elections, which will take place across the continent in May 2019.

New rules mean European political parties and foundations can be penalized up to 5 percent of their annual budget for “deliberately influencing, or attempting to influence, the outcome of elections by taking advantage of breaches of data protection rules.”

Source: New rules bring protections to personal data in EU political campaigns

GDPR continues to shine a light for US legislation

Washington DC is to introduce a new data privacy bill, in a further reminder of the GDPR’s power as a policy influencer for governments the world over.

The Whitehouse is now set to put regulations in place that are heavily modelled on the GDPR which came into being on May 25 th of last year. The rules will also galvanise requirements for data controllers’ handling of citizens within the District of Columbia.

Source: GDPR continues to shine a light for US legislation

The 4 Ps of leveraging data privacy for enhanced investment

Recent research shows over half (55 percent) of M&A professionals have had deals fall through due to concerns over GDPR and target firms’ data practices, and 66 percent of those M&A professionals believe GDPR will increase acquirers’ scrutiny of data protection policies and processes of target firms.

Just as financial information and cyber risk realities have long required organizations to employ accountants and cybersecurity professionals to conduct frequent audits and implement proactive monitoring, data privacy now requires a unique level of organizational data diligence, in addition to the appointment of personnel such as data protection officers (DPOs) to serve as advocates for the plethora of consumer and employee data companies collect, store and manage.

given today’s ever-evolving data privacy realities, companies should abide by the four “Ps” rule to show suitors that their company is a safe bet:

  • Policy,
  • People,
  • Process,
  • Product.

Full article: The 4 Ps of leveraging data privacy for enhanced investment | TechRadar

>