On October 18, 2017, the EU Commission released its report and accompanying working document on the first annual review of the EU-U.S. Privacy Shield framework. The report states that the Privacy Shield framework continues to ensure an adequate level of protection for personal data that is transferred from the EU to the U.S. It also indicates that U.S. authorities have put in place the necessary structures and procedures to ensure the proper functioning of the Privacy Shield, including by providing new redress possibilities for EU individuals and instituting appropriate safeguards regarding government access to personal data.
Microsoft breaches the Dutch data protection law by processing personal data of people that use the Windows 10 operating system on their computers. This is the conclusion of the Dutch Data Protection Authority (DPA) after its investigation of Windows 10 Home and Pro.
This white paper by Enterprivacy Consulting Group’s Jason Cronk attempts to contrast two approaches to privacy by design, the all-too-common PIA- based privacy by design approach and the proactive — or strategic —privacy by design approach.
Estimations of the value of the digital economy range from nearly 3 trillion dollars to 8 trillion on the high end. Given the already significant size of the digital economy and the anticipation that it will continue to grow at a breakneck pace, it is little wonder that all eyes are now beginning to focus on the one resource without which economic growth would not be possible: data. Survival and growth in the digital economy is and will be a function of how effectively today’s businesses can leverage their data assets to create the kinds of digital goods and services that continue to add value to the world economy.
On October 3 rd , 2017, the Irish High Court issued a decision to refer questions on the adequacy of standard contractual clauses (SCC) to the Court of Justice of the European Union (CJEU). This decision (which is already being referred to as the “Schrems 2.0 case” named after its plaintiff, Maximilian Schrems) follows a similar case that was brought before the Irish High Court in 2014 which ultimately resulted in a decision of the CJEU invalidating the Safe Harbour agreement between the United States and Europe.
As the number of devices quietly gathering your data increases, so does the risk of exposure.
Your personal data is worthless – it’s only when it’s processed by the Facebooks or Googles of this world that it has business value.
In order to be legally compliant with data protection law, an employer must have a “lawful basis” or justifiable reason to process an employee’s personal data.
Almost everything we do – keeping in touch, online shopping, watching television – leaves a data trail. The resulting data-sets feed the opaque algorithms that shape the cyber world we see and interact with. Yet that data concerns our personal information – the most basic tenets of who we are.