Category: Personal Data
14. December 2016
As it was just reported by huntonprivacyblog, that Politico released an article saying that the European Commission wishes to upgrade the e-Privacy Directive to a Regulation.
This upgrade would cause highly important legal consequences under European law due to the fact that a Directive needs to be implemented in to national law, whereas a Regulation implies requirements that are directly applicable in the Member States.
The draft of the Regulation, which was leaked to Politico, tries to complete the European GDPR. As Politico explained, the draft was last reviewed on the 28th November 2016. It is expected that it will be officially published at the beginning of 2017.
The e-Privacy Directive shall protect privacy and confidentiality of users of electronic communication services.
13. December 2016
Peter Fleischer, a global privacy counsel, raised the question: „Should the balance between the right to free expression and the right to privacy be struck by each country?“
In basic terms, the right-to-be-forgotten is a right of every European citizen to demand the erasure of certain links from the internet. However, this can also be seen as cencorship and rewriting history, which is why there is a neverending debate upon this topic.
The French Data Protection Authority, CNIL, has demanded an ultimate right-to-be-forgotten, which would mean that French data could be demanded to be removed, for example from Google search, from all over the world.
The problem which might occur is that also non-democratic countries have to follow this rule in theory. One might argue that the internet can be seen as as an independent source of infromation that is now being endangered.
Google disagrees with the idea that the right-to-be-forgotten should also be applied upon the countries outside the Europe.
Google’s only confirmation is that it is acting in accordance with the local laws as well as within the standards set by the European Court. What is more, Google makes a promise to remove the respective links from all European Google versions simultaneously.
Nevertheless, it has also beeen pointed out that one still could have found a link on the non-European version of Google.
As a feedback Google has delisted links as well on Google.com, Google.co.kr and Google.com.mx.
8. December 2016
What happened?
As Bloomberg Law Privacy & Data Security just reported, officials of the European Union stated that they will watch carefully for any signs of U.S. President-elect Donald Trump turning around the EU-U.S. Privacy Shield agreement.
Vera Jourova, EU Justice Commissioner, can be quoted that the European Union would “closely monitor the respect of protection standards and the correct implementation” of the EU-U.S. Privacy Shield “under the new U.S. leadership”.
Why are the concerns raised?
The questions are asked is due to the fact that under the EU-U.S. Privacy Shield data transfers are based on respect for European privacy rights in case European personal data is transferred to the USA for commercial purposes. However, as Trump made comments that can be interpreted so that such privacy rights might be disregarded, during the U.S. presidential campaig, concerns are raised.
Adina-Ioana Valean, Member of the European Parliament, gave a speech at the European Data Protection and Privacy Conference in Brussels and explained that “a lot of things were said” during the U.S. presidential campaign. Therefore, she concluded that “we should sit and wait for the next move and then we can judge”.
29. November 2016
This week, Reuters reported that the European Parliament lawmakers supported a data-sharing agreement with the USA, which aims at safeguarding the data exchange between national authorities, in order to improve security and simplify investigations in terms of terrorism.
Basically, the agreement supports personal data such as names, addresses and criminal records in case an exchange by law enforcement agencies in both Europe and the USA takes place.
Axel Voss explained that “EU citizens will have the same rights as U.S. citizens when they seek judicial redress before U.S. courts. This is a major step for the enforcement of fundamental rights for EU citizens.”
What triggered the implementation of such an agreement?
After the mass spying in 2013 by the USA, which caused privacy concerns over the question “What do enforcement agencies with the gained data after colleting it?” the need to find a regulation concerning the gathering, sharing and storing of personal data became more important than ever.
What is the following process?
It is expected that the entire Parliament approves this agreement on the 1st of Dezember 2016. From then on, the respective ministers for justice and home affairs of the 28 European Member States have to sign off the agreement in the coming weeks.
24. November 2016
Background information:
Due to the fact that the German Federal Data Protection Act states that companies must appoint a Data Protection Officer if at least ten persons are involved in the automated processing of personal data, companies are asked to appoint an employee as an internal Data Protection Officer or appoint an external Data Protection Officer. In general, the Data Protection Officer needs to have the necessary knowledge of data protection law and must also be reliable and independent. Furthermore, a Data Protection Officer is reliability and independency in case he/she does not have other obligations which could lead to a conflict of interest.
What happened?
A German Data Protection Authority just fined a company as it appointed an internal Data Protection Officer who was also the IT-Manager. The Data Protection Authority argued that the position of an IT-Manager is incompatible with the position of the Data Protection Officer due to the fact that the Data Protection Officer would be required to monitor himself/herself. The Data Protection Authority explained that such self-monitoring is contradictory to the required independency that is necessary.
This is a very important statement as the upcoming GDPR requires the appointment of a Data Protection Officer as well and states further that it is not allowed that any further tasks and oblgations of the Data Protection Officer result in a conflict of interests – Having in mind that a violation of this may result in fines of up to 10.000.000 EUR or up to 2 % of the total worldwide annual turnover, whichever is higher.
22. November 2016
A White Paper on Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation was just released by the Centre for Information Policy Leadership at Hunton & Williams LLP.
The White Paper provides guidance and recommendations in terms of the implementation requirements of the GDPR concerning the role of the Data Protection Officer, DPO.
According to the privacy and information Blog of Hunton & Williams, the mentioned White Paper aims
- “to serve as formal input to the Article 29 Working Party’s work on developing further guidance on the proper implementation of the DPO role under the GDPR, which is expected to be finalized by the end of December and
- to provide guidance for companies that must comply with the GDPR’s DPO provisions by May 25, 2018 (i.e., the date the GDPR becomes effective).”
15. November 2016
Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.
According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.
In 2016 the FBI
- has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
- with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
- couldn’t unlock around 880 devices.
- In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.
Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.
However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.
11. November 2016
The IAPP just published an article saying that INTERPOL calls on governments around the world to share terrorists’ biometric data in order to increase global security.
This statement was issued by INTERPOL’s General Assembly saying that it currently possesses information about 9,000 terrorists. However, only 10 percent of these files include biometric information. INTERPOL’s Secretary General, Jürgen Stock, explaines that this can be seen as “a weak link” in the prevention of terrorism.
On one side, some countries – among these are multiple ASEAN countries – have taken big steps with regard to data sharing as they have recently agreed to share biometric data for the purposes of counter-terrorism. On the other side, many governments are still discussing how to handle biometric data domestically. So the sharing of data would be one step ahead.
However, governments worldwide becoming more and more interested in biometric security which might help to fight terrorism. The mentioned suggestion of INTERPOL might also increase this kind of cooperation.
10. November 2016
Reuters online reported that Telefonica Deutschland’s chief executive, Thorsten Dirks, said in an interview “People are right to scrutinize any attempt to make money off their data. At the same time they are a handing over data voluntarily to companies such as Google and Facebook”. He concludes that there is a double standard among consumers.
At the moment Telefonica Deutschland holds anonymized data of 44 million mobile customers. These information could be used to track the movements of crowds and traffic, as well as “many other areas that we at the moment cannot think of”, according to Dirks.
Dirks explained that Telefonica aims to be a platform for all devices connected to the internet and therefore processing all sorts of data gathered from sensors in cars, electronic devices and household apparel.
9. November 2016
The German Office for Information Security (BSI) published a survey concerning the security of personal data on smartphones.
- 20,7 % of smartphone users do not have any security measures implemented against unauthorized access.
- However, 74,6 % of smartphone users store sensitive data on their mobile device. This data includes for example pictures, videos, contact inforamtion, passwords and health data.
- Not even 46,3% of smartphone users have basic protection measures implemented, such as software updates.
Arne Schönbohm, chairman of the BSI, commented in the respective press release that although smartphones can be seen as a computers in your pocket, the necessary security measures have not yet been established on these as on your computer at home.