Free tools and resources for Data Protection Officers!

Category Archives for "Other"

Timescale set for data protection ‘adequacy’ decision after Brexit

On Wednesday evening, the UK government and European Commission announced that the UK and EU27 countries had reached a draft agreement on the terms of the UK’s withdrawal from the EU. That draft agreement, which is still to be ratified by the UK parliament and EU27 member states, was published alongside a number of other documents, including an outline of the political declaration on the future EU-UK relationship.

According to the political declaration, the Commission will assess UK data protection standards on the basis of the EU’s “adequacy framework” with a view to adopting an “adequacy” decision by the end of 2020. Over the same period, the UK will take steps to ensure comparable facilitation of personal data flows to the Union.

Full article: BREXIT: timescale set for data protection ‘adequacy’ decision

How a small French privacy ruling could remake adtech for good

A ruling in late October against a little-known French adtech firm that popped up on the national data watchdog’s website earlier this month is causing ripples of excitement to run through privacy watchers in Europe who believe it signals the beginning of the end for creepy online ads.

CNIL’s decision suggests that bundling consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

Full article: How a small French privacy ruling could remake adtech for good | TechCrunch

First German data protection authority issues GDPR fine

The State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) was the first German data protection authority to impose a fine under the GDPR. The fine of € 20,000 sanctions the violation by a social media company of its obligation to ensure data security of processing of personal data pursuant to Art. 32 (1) (a) GDPR (obligation to pseudonymise and encrypt personal data).

Full article: Germany: First data protection authority issues GDPR fine

UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

UK Information Commissioner’s Office (“ICO”) issued a warning to the U.S.-based The Washington Post over its approach to obtaining consent for cookies to access the service. The Washington Post presents readers with option of free access to a limited number of articles dependent on consent to the use of cookies and tracking for the delivery of personalized ads. To avoid a third party ad tracking (and advertising), a higher fee premium subscription should be choosed.

ICO concluded that since The Washington Post has not offered a free alternative to accepting cookies, consent cannot be freely given and the newspaper is in contravention of Article 7(4) of the EU General Data Protection Regulation (“GDPR”).

Source: UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from EU

The draft Withdrawal Agreement at Article 71(2) implies an adequacy assessment by the European Commission could happen in future (this is expected before the end of the transition period in December 2019), but first the UK has to leave the EU and then the Commission has to follow the rules in Article 45 of the GDPR.

This means that the Commission has to involve the European Data Protection Board (EDPB) as part of the adequacy determination process so it won’t be a quick process. However, UK may not get an assessment of adequacy at all.

Full article: Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from European Union

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

The draft text of the EU-UK withdrawal agreement was published by the UK Government and the European Union yesterday, providing some of the first concrete indicators of the possible direction of travel in the area of data protection.

This article provides 10 initial conclusions on Draft EU-UK Withdrawal Agreement.

Full article: Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

UK police ‘gang matrix’ breached data laws

The Metropolitan police’s list of gang suspects breached data protection laws, potentially causing damage and distress to a disproportionate number of young black men, an investigation by the Information Commissioner’s Office (ICO) has found.

The list, called the gangs violence matrix, has also been criticised by human rights campaigners, who say it racialises the war on gangs and stigmatises black youngsters.

Source: Met’s ‘gang matrix’ breached data laws, investigation finds

UK government adopts draft Brexit withdrawal agreement

The cabinet has agreed a draft withdrawal agreement on the UK’s exit from, and future relationship with the European Union. In terms of data protection, the documents reaffirms the UK government’s commitment to a high level of data protection during and after Brexit.

The future relationship with the EU is described in just seven pages. The EU will commence its evaluation of the UK’s data protection framework with the aim of decisions by the end of 2020. There will be ‘appropriate cooperation between regulators.’ The draft withdrawal agreement talks about ‘essential equivalence’ rather than adequacy.

Full artisle: UK government adopts draft Brexit withdrawal agreement – Privacy Laws & Business

Dutch government report says Microsoft telemetry breaks GDPR

The telemetry data collection mechanism used by Microsoft Office breaks the EU General Data Protection Regulation (GDPR), Dutch authorities said in a report. Investigators said they’ve identified the “large scale and covert collection of personal data” through Office’s built-in telemetry collection capabilities, which is done without properly informing users.

Full article: Dutch government report says Microsoft Office telemetry collection breaks GDPR | ZDNet

>