Category: International Data Transfers
8. December 2016
What happened?
As Bloomberg Law Privacy & Data Security just reported, officials of the European Union stated that they will watch carefully for any signs of U.S. President-elect Donald Trump turning around the EU-U.S. Privacy Shield agreement.
Vera Jourova, EU Justice Commissioner, can be quoted that the European Union would “closely monitor the respect of protection standards and the correct implementation” of the EU-U.S. Privacy Shield “under the new U.S. leadership”.
Why are the concerns raised?
The questions are asked is due to the fact that under the EU-U.S. Privacy Shield data transfers are based on respect for European privacy rights in case European personal data is transferred to the USA for commercial purposes. However, as Trump made comments that can be interpreted so that such privacy rights might be disregarded, during the U.S. presidential campaig, concerns are raised.
Adina-Ioana Valean, Member of the European Parliament, gave a speech at the European Data Protection and Privacy Conference in Brussels and explained that “a lot of things were said” during the U.S. presidential campaign. Therefore, she concluded that “we should sit and wait for the next move and then we can judge”.
30. November 2016
Elizabeth Denham, UK Information Commissioner, participated at the Annual Conference of the National Association of Data Protection and Freedom of Information Officers during which she gave a keynote speech. In her statement Denham explained that the UK prepares for the upcoming GDPR. She confirmed the government’s position that the GDPR will be implemented in the UK as well – Brexit aside.
Denham’s statement includes that the first regulatory guidance on the GDPR can be expected to be published by the Article 29 Working Party at the end of this year. It is believed that this guidance will probably make a number of key aspects of the GDPR of discussion.
Another point of her speech included the fact that the Article 29 Working Party is about to release a concept of risk under the GDPR and carrying out Data Privacy Impact Assessments at the beginning of 2017.
Furthermore, it was mentioned that the Article 29 Working Party aims to publish guidance in terms of certifications under the GDPR.
29. November 2016
This week, Reuters reported that the European Parliament lawmakers supported a data-sharing agreement with the USA, which aims at safeguarding the data exchange between national authorities, in order to improve security and simplify investigations in terms of terrorism.
Basically, the agreement supports personal data such as names, addresses and criminal records in case an exchange by law enforcement agencies in both Europe and the USA takes place.
Axel Voss explained that “EU citizens will have the same rights as U.S. citizens when they seek judicial redress before U.S. courts. This is a major step for the enforcement of fundamental rights for EU citizens.”
What triggered the implementation of such an agreement?
After the mass spying in 2013 by the USA, which caused privacy concerns over the question “What do enforcement agencies with the gained data after colleting it?” the need to find a regulation concerning the gathering, sharing and storing of personal data became more important than ever.
What is the following process?
It is expected that the entire Parliament approves this agreement on the 1st of Dezember 2016. From then on, the respective ministers for justice and home affairs of the 28 European Member States have to sign off the agreement in the coming weeks.
24. November 2016
Background information:
Due to the fact that the German Federal Data Protection Act states that companies must appoint a Data Protection Officer if at least ten persons are involved in the automated processing of personal data, companies are asked to appoint an employee as an internal Data Protection Officer or appoint an external Data Protection Officer. In general, the Data Protection Officer needs to have the necessary knowledge of data protection law and must also be reliable and independent. Furthermore, a Data Protection Officer is reliability and independency in case he/she does not have other obligations which could lead to a conflict of interest.
What happened?
A German Data Protection Authority just fined a company as it appointed an internal Data Protection Officer who was also the IT-Manager. The Data Protection Authority argued that the position of an IT-Manager is incompatible with the position of the Data Protection Officer due to the fact that the Data Protection Officer would be required to monitor himself/herself. The Data Protection Authority explained that such self-monitoring is contradictory to the required independency that is necessary.
This is a very important statement as the upcoming GDPR requires the appointment of a Data Protection Officer as well and states further that it is not allowed that any further tasks and oblgations of the Data Protection Officer result in a conflict of interests – Having in mind that a violation of this may result in fines of up to 10.000.000 EUR or up to 2 % of the total worldwide annual turnover, whichever is higher.
22. November 2016
A White Paper on Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation was just released by the Centre for Information Policy Leadership at Hunton & Williams LLP.
The White Paper provides guidance and recommendations in terms of the implementation requirements of the GDPR concerning the role of the Data Protection Officer, DPO.
According to the privacy and information Blog of Hunton & Williams, the mentioned White Paper aims
- “to serve as formal input to the Article 29 Working Party’s work on developing further guidance on the proper implementation of the DPO role under the GDPR, which is expected to be finalized by the end of December and
- to provide guidance for companies that must comply with the GDPR’s DPO provisions by May 25, 2018 (i.e., the date the GDPR becomes effective).”
17. November 2016
This week, Reuters reported that U.S. internet companies, such as Facebook and Amazon have sent a detailied letter including a list of their policiy priorities to President-elect Donald Trump. Among the topics of these policies are encryption, immigration reform and maintaining liability protections from user’s content.
The mentioned letter was sent by the so called Internet Association, which is a group of 40 members, also including Alphabet’s Google, Uber and Twitter. The letter tries to repair the relationship between the internet giants and Trump due to the fact that he was almost universally disliked during the presidential campaign.
The president of the Internet Association, Michael Beckermann signed the letter talking about “The internet industry looks forward to engaging in an open and productive dialogue”. Furthermore, Beckerman issued a statement syaing that the internet industry looked forward to working closely with Trump and lawmakers in Congress in order to “cement the internet’s role as a driver of economic and social progress for future generations.”
The letter describes some of the policies which go along with Trump’s prior statements, for example easing the regulation on the sharing economy and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market.
However, other topics are likely to be opposed with Trump’s campaign as he offered numerous broadsides against the tech sector.
15. November 2016
Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.
According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.
In 2016 the FBI
- has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
- with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
- couldn’t unlock around 880 devices.
- In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.
Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.
However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.
11. November 2016
The IAPP just published an article saying that INTERPOL calls on governments around the world to share terrorists’ biometric data in order to increase global security.
This statement was issued by INTERPOL’s General Assembly saying that it currently possesses information about 9,000 terrorists. However, only 10 percent of these files include biometric information. INTERPOL’s Secretary General, Jürgen Stock, explaines that this can be seen as “a weak link” in the prevention of terrorism.
On one side, some countries – among these are multiple ASEAN countries – have taken big steps with regard to data sharing as they have recently agreed to share biometric data for the purposes of counter-terrorism. On the other side, many governments are still discussing how to handle biometric data domestically. So the sharing of data would be one step ahead.
However, governments worldwide becoming more and more interested in biometric security which might help to fight terrorism. The mentioned suggestion of INTERPOL might also increase this kind of cooperation.
2. November 2016
The Article 29 Working Party published a statement on the EU-U.S. Umbrella agreement at the end of October.
On one side, the statement shows signs of support for the EU-U.S. Umbrella Agreement. However on the other side, it delivers recommendations in order to make sure that the agreement is compliant with European data protection law.
In general, the Article 29 Working Party supports the creaction of a general data protection framework in order for international data transfers to be compliant with national, European and international data protection laws. Therefore, the Article 29 Working Party elaborates that the respective agreement “considerably strengthens the safeguards in existing law enforcement bilateral treaties with the U.S., some of which were concluded before the development of the EU data protection framework”.
However, it is also mentioned that clarification is needed in terms of definitions, for example how to define personal data and data processing, due to the fact that European and U.S law have different opinions on what is meant by these terms.
28. October 2016
As the website of the European Court of Justice just released, is the EU-U.S. Privacy Shield being challenged by Digital Rights Ireland, an Irish privacy advocacy group.
The facts of this case (Digital Rights Ireland v Commission; Case T-670/16) are as follows:
- Digital Rights Ireland has filed an action for annulment against the European Commission’s adequacy decision on the EU-U.S. Privacy Shield.
- There has been no comment from Digital Rights Ireland yet.
- No documents have been published with regard to the case so far.
- However, as HuntonPrivacyBlog reported “(…) media sources quote a spokesperson for the European Commission acknowledging the case and stressing the European Commission’s conviction that the Privacy Shield meets all legal requirements.”
Pages: Prev 1 2 3 4 5 6 7 8 Next 
