Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

New Spanish data law could undermine the integrity of democracy

On Wednesday, the Spanish senate gave the green light to an online data protection law which may enable political parties to hit voters with adverts based on profiling of internet search histories. The law was created as part of the Iberian nation’s efforts to align with the General Data Protection Regulation (GDPR) which came into force on May 25th of this year.

However, the recent adjustment made to the Spanish laws includes a caveat that enables political parties to “use personal data obtained from web pages and other publicly accessible sources to carry out political activities” throughout election campaigns.

Full article: New Spanish data law could undermine the integrity of democracy

Spanish Senate signs-off new GDPR-compliant Data Protection Act

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018.

Full article: Spanish Senate signs-off new GDPR-compliant Data Protection Act

Finland updates its data protectionlaw according to the GDPR

Finland finally adopted its new GDPR-style law on 13 November. The delay was partly caused by deliberations on the role of the Data Protection Ombudsman (equivalent of Privacy Commissioner) in imposing administrative fines. It was argued that to have one person decide on a very high level of sanctions did not fit in with Finland’s legislative tradition.

Source: Finland updates its DP law according to the GDPR – Privacy Laws & Business

Full Congress support for bill on US cyber security

A bipartisan bill to create a new team to pioneer federal government cybersecurity has had unanimous backing in the House of Representatives in the US, the Register reports . Earlier in 2018, the Senate passed the Cybersecurity and Infrastructure Security Agency (CISA) Act, though this would revamp the Department of Homeland Security (DHS)’s National Protection and Programs Directorate to enable CISA as an independent agency within the DHS.

Full article: Full Congress support for bill on US cyber security

CIPL Publishes Legal Note on the ePrivacy Regulation and the EU Charter of Fundamental Rights

On November 12, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a legal note on the ePrivacy Regulation and the EU Charter of Fundamental Rights. The note contributes to an important and recurring legal discussion on the proposed ePrivacy Regulation.

The proposal aims to protect the confidentiality of communications, and in particular addresses the confidentiality of content data and metadata of individuals and legal persons, implementing Article 7 of the EU Fundamental Rights Charter (“right to privacy”). In contrast, the GDPR implements Article 8 of the Charter (“right to data protection”).

Full article: CIPL Publishes Legal Note on the ePrivacy Regulation and the EU Charter of Fundamental Rights

It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price

We’re living in the golden age of spyware and government hacking, with companies rushing to join a blossoming billion dollar market. The weakest among us—activists or journalists—will suffer the consequences if we don’t regulate it appropriately.

Full article: It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price – Motherboard

Macron and tech giants launch Paris call to fix web woes

Microsoft was among the US tech giants joining with France to call for more nations and corporates to adhere to new internet regulations and do more in the global fight against cyber crime, online censorship and hateful dialogue online.

At an international convening on cyber security principles in Paris, Emmanuel Macron launched a document called “Paris call for trust and security in cyber-space”. The French President hopes the initiative will reenergise momentum for much-needed internet regulation after negotiations broke down last year.

Full article: Macron and tech giants launch Paris call to fix web woes

CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

On November 6, 2018, the French Data Protection Authority (the “CNIL”) published its own guidelines on data protection impact assessments (the “Guidelines”) and a list of processing operations that require a data protection impact assessment (“DPIA”).

Source: CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

Intel launches online portal for consultation on its US federal privacy law

Intel has now become the latest entity to throw its proposal into the ring. The tech company has released a draft bill for a federal law it hopes would regulate consumer privacy without impacting innovation. Intel did not just release a draft bill, however, but also an online portal where, until Nov. 19, privacy professionals and the public can discuss the merits of the proposed rules and where improvements could be made.

Full article: Intel launches online portal for consultation on its US federal privacy law

>