Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

‘Sandbox’ advice could inform GDPR codes of conduct

Trade associations could develop codes of conduct to help businesses comply with the General Data Protection Regulation (GDPR) through a new ‘regulatory sandbox’ being set up by the Information Commissioner’s Office (ICO), the UK watchdog has said.

The precise framework for sandbox participation has still to be set, but the data protection authority gave guidance on how it might work in its response paper.

Source: ‘Sandbox’ advice could inform GDPR codes of conduct, says ICO

Microsoft calls for AI facial-recognition laws

Microsoft wants new laws to put some constraints on the use and development of facial recognition.

Tech companies are faced with a “commercial race to the bottom”, which should have a “floor of responsibility” that allows competition but outlaws the use of facial recognition in ways that harm democratic freedom or enable discrimination.

The call to action comes as China increasingly adopts facial recognition to monitor public spaces. Analysts estimate China’s 200 million surveillance cameras will grow to 300 million in the next two years as tech companies beef up surveillance offerings.

Full article: Microsoft: Here’s why we need AI facial-recognition laws right now | ZDNet

EU e-Privacy reforms hit stalemate

EU countries cannot agree on the wording of the planned new e-Privacy Regulation, causing the proposed reforms to be watered down.

The lack of consensus was acknowledged in a progress report published last week by the Council of Ministers on the work it has been carrying out on the reforms.

Full article: EU e-Privacy reforms hit stalemate

Australia’s horrific new encryption law likely to obliterate its tech scene

Australia‘s government signed a bill into law last week giving law enforcement agencies the right to force technology companies to reveal users’ encrypted messages. Another way of putting it: Australia‘s tech scene will soon be located on the Wayback Machine.

The law was introduced as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, but now it’s official. And there’s a lot to be concerned about, even if you don’t live or work in Australia.

Full article: Australia’s horrific new encryption law likely to obliterate its tech scene

Marriott attack adds urgency to calls for tougher privacy laws in US

Democratic senators are demanding tougher data privacy laws and bigger fines in the States for organisations that fall short in their duty to safeguard user data, the Inquirer reports.

The calls follow revelations of a hack suffered by the Marriott hotel chain that may have compromised the personal data of up to 500 million of the organisation’s customers.

Full article: Marriott attack adds urgency to calls for tougher privacy laws in US

EDPB’s common sense approach to the GDPR’s territorial scope

EDPB has produced a detailed 23-page document that is both authoritative and full of common sense.

The guidelines start by treading into well-known territory: the “establishment criterion.” Following a principle that already existed under the 1995 Data Protection Directive, the GDPR will apply to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU. So the EDPB relies on existing case law to consolidate its opinion on this criterion.

Full article: EDPB’s common sense approach to the GDPR’s territorial scope

New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data

This form of international data-sharing could put Americans’ privacy at risk and expose citizens to potential Fourth Amendment abuses, critics say. The possible agreement stems from the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, for which Justice Department officials have lobbied since 2016 and which President Donald Trump signed into law in March.

Full article: New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data, Human Rights Groups Warn

Data ethics and the rise of the “PEGs”

European data protection law has always been infused with ethical considerations around data use. Under the old Data Protection Directive, even if data use had a valid legal ground, unless the proposed use was also fair the law was still broken. But what is fairness when it comes to data?

Full article: Data ethics and the rise of the “PEGs”

Germany proposes router security guidelines

The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers.

Once approved, router manufacturers don’t have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance.

Full article: Germany proposes router security guidelines | ZDNet

Will the UK achieve adequacy after Brexit?

The status of U.K.-EU data flows post-Brexit has been the subject of speculation since the fateful vote was taken nearly two-and-a-half years ago. But with the prospect of the U.K. crashing out of the EU without an orderly withdrawal agreement growing ever-more realistic, concern is mounting.

Full article: Will the UK achieve adequacy after Brexit? Even the ICO isn’t so sure

1 2 3 96
>