fbpx

Download free GDPR compliance checklist!

Category Archives for "Other"

ICO Warns It Will Punish Those Abusing Data During COVID-19 Outbreak

The Information Commissioner’s Office has tweaked its approach the changing data environment that the COVID-19 pandemic is causing.

When it comes to a company’s employees and their health the data authorities stress that just because you are concerned about workers health doesn’t mean you should start collecting unnecessarily amounts of health data from them.

Source: ICO Warns It Will Punish Those Abusing Data During COVID-19 Outbreak

EU wants UK to share more data before it grants access to crime-fighting system

European parliamentary committee says UK should share same amount of fingerprint data as member states.

The UK should be denied access to an EU crime-fighting system until it agrees to share more fingerprint data with member states, a European parliamentary committee has said.

The DNA exchange system enables British police to check the genetic code of EU criminals and criminal suspects in 15 minutes, compared with 143 days through the Interpol process.

British government does not fully comply with EU rules: British authorities are sharing DNA data from British-based criminals, but not criminal suspects, although it gets full access to equivalent data on suspects from other EU countries.

Source: EU wants UK to share more data before it grants access to crime-fighting system | European Union | The Guardian

ICO sets out new priorities for UK data protection during COVID-19 and beyond

Elizabeth Denham, UK’s Information Commissioner, published a blog post setting out priorities for Information Commissioner’s Office (ICO).

In a blog post Elizabeth Denham revealed that ICO will focus on the areas with greatest impact to protect the public interest and support economic growth and innovation:

  • Protecting the public interest;
  • Enabling responsible data sharing;
  • Monitoring intrusive and disruptive technology.

Source: Blog: Information Commissioner sets out new priorities for UK data protection during COVID-19 and beyond | ICO

Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements

On April 28, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the General Data Protection Regulation related to the appointment of a data protection officer.

In its decision, the Litigation Chamber of the Belgian DPA upheld the alleged infringement of the GDPR’s DPO requirements (in particular Article 38(6) of the GDPR), arguing that by appointing the Head of the Compliance, Risk Management and Audit department as DPO, the company had failed to comply with its obligation to ensure that its DPO is free from any conflict of interest.

Source: Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements | Privacy & Information Security Law Blog

EDPB adopts further COVID-19 guidance

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

The  guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.

The guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak aim to clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes:
1.    using location data to support the response to the pandemic by modelling the spread of the virus in order to assess the overall effectiveness of confinement measures;
2.    using contact tracing, which aims to notify individuals who may have been in close proximity to someone who is eventually confirmed as a carrier of the virus, in order to break the contamination chains as early as possible.

Source: European Data Protection Board – Twenty-third Plenary session: EDPB adopts further COVID-19 guidance | European Data Protection Board

Privacy issues for employers during COVID-19

As COVID-19 becomes our new normal, we increasingly see the tension between protecting the public’s health and privacy rights. Employers are faced with providing a safe work environment while complying with applicable privacy laws.

The situation for employers is made more challenging because it is fluid – each day there is new information about the disease, what protections are appropriate and the level of infection in a particular community. All these factors potentially impact the analysis of how much personal information should be collected and shared by employers.

Full article: Privacy issues for employers during COVID-19

EU Civil Liberties Committee Monitoring Use of Tracking Technology to Fight COVID-19

The head of the EU Parliament’s Civil Liberties Committee says the group is monitoring efforts to use smartphone data tracking to fight COVID-19.

“Even in these exceptional times, the EU’s data protection principles, namely the General Data Protection Rules (GDPR) and the e-Privacy Directive, must continue to apply and be respected,” said Juan Fernando López Aguilar (S&D, ES), the Chair of the EC Civil Liberties Committee. “The Civil Liberties Committee is following these developments closely because of the serious risks that such tools may imply for an individual’s fundamental rights to a private life and data protection,” he said.

Source: EU Civil Liberties Committee Monitoring Use of Tracking Technology to Fight COVID-19

German Supervisory Authority Publishes New Standard Clauses for Processors

On April 9, 2020, the German Supervisory Authority of Baden-Wuerttemberg published standard contractual clauses for data processors pursuant to Article 28(8) GDPR.

It is the first German Supervisory Authority to do so, and the second in EU after the Danish Supervisory Authority published its own standard clauses in July 2019.

Source: German Supervisory Authority Publishes New Standard Clauses for Processors

China, coronavirus and surveillance: the messy reality

Although China has tools that many other governments would not be able to usually deploy to track potentially infected people, such as location data from individual phones and facial recognition technology, the state’s ability to access personal data is at times limited.

Co-ordination between different areas of the public sector is often sporadic and sometimes marred by bureaucratic rivalries — as the experience of the two Guangdong towns shows. Wary of alienating middle-class customers, whose lives now revolve around a series of apps on their smartphones, many private sector companies are reluctant to be seen handing over data.

Full article: China, coronavirus and surveillance: the messy reality – Getaka

EDPS Publishes Annual Report 2019

The Annual Report provides an insight into all European Data Protection Superviser’s (EDPS) activities in 2019.

EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future. Of particular note were EDPS efforts to ensure that new EU rules on data protection are put into practice.

Source: EDPS Annual Report 2019: new EU data protection rules must produce promised result | European Data Protection Supervisor

>