Category: Personal Data

Google may remove millions of apps from its Play Store

14. February 2017

Last week Google contacted millions of app developers informing them about their apps’ violation of Google’s User Data policy.

According to this policy, apps which handle personal or sensitive user data must post a privacy policy in the designated field in the Play Developer Console, as well as within the app itself and handle the user data securely, for example by using cryptography for transmitting them.

Millions of apps handling with personal data do not have a privacy policy and thus do not contribute to providing a clear and transparent experience for Play Store users. Google set a time limit of 5 weeks, until March 15 this year for the apps to comply with the User Data policy. Either the developers shall include a link to a valid privacy policy or remove any requests for sensitive permissions or user data. Otherwise Google might limit the visibility of those apps or even remove them from its Google Play Store.

Category: Personal Data · Privacy policy
Tags: App, Google, Google Play Store

LinkedIn was banned in Russia

27. January 2017

The Russian data protection authority “Roskomnadzor” sent on November, 17 2016 an order to the telecommunication companies to block access to LinkedIn within Russia. The reason for this step was, according to Roskomnadzor, that LinkedIn does not protect subjects’ data rights in a way that complies with the Russian data protection law.

The order of Roskomnadzor refers to a Moscow District court decision from August, 4 2016.

The case of LinkedIn is the first major test of the Russian law, which is on effect since September, 1 2015.

Roskomnadzor judges, that LinkedIn not only violates against the data localization requirement furthermore LinkedIn also violates a number of other requirements such as collecting personal data from non-users without their consent before they complete the registration process.

Now LinkedIn can take action against this decision within the six-month period to the Moscow Court and then appeal to the Russian Supreme Court. However, LinkedIn has not announced its intentions yet.

Category: Personal Data
Tags: LinkedIn, Roskomnadzor, Russia

The „right to disconnect“

16. January 2017

As a recent study shows (published by French research group Eleas in October), more than a third of French workers use their devices everyday in order to work out-of-hours.

Despite the fact that checking professional emails after work gives employees a sort of autonomy and flexibility speaking of working outside the office mode, such a habit may also lead to the „info-obesity“ (according to a report submitted in September 2015 by labour minister Myriam El Khomri).

Computing and work-life balance expert Anna Cox (University of College London – UCL) says: “Some of the challenges that come with flexibility are managing those boundaries between work and home and being able to say ‘actually I am not working now’.

From 1st of January therefore, French companies should guarantee a „right to disconnect“ to their employees, which means that the new employment law has just entered into force. Since then, all the organisations that employ over 50 workers will be obliged to define employees „disconection from technology“ rights.

Its aim is to minimise an overuse of digital devices by employees after their working hours, which lately surged in unpaid overtime.

To diminish the problem, some steps have already been taken, among which there are an automatic erasure of emails for employees on holiday or email connections cutoff.

Eventhough no sanction for a breach of this obligation is foreseen, the company should publish a charter with employees out-of-hours demands and rights.

Category: General · Personal Data · Privacy policy
Tags: right to disconnect, work out-of-hours

European e-Privacy Directive will likely become a Regulation

14. December 2016

As it was just reported by huntonprivacyblog, that Politico released an article saying that the European Commission wishes to upgrade the e-Privacy Directive to a Regulation.

This upgrade would cause highly important legal consequences under European law due to the fact that a Directive needs to be implemented in to national law, whereas a Regulation implies requirements that are directly applicable in the Member States.

The draft of the Regulation, which was leaked to Politico, tries to complete the European GDPR. As Politico explained, the draft was last reviewed on the 28th November 2016. It is expected that it will be officially published at the beginning of 2017.

The e-Privacy Directive shall protect privacy and confidentiality of users of electronic communication services.

Category: European Data Protection · GDPR · General Data Protection Regulation · Personal Data

The latest news concerning the dispute in terms of the “right-to-be-forgotten”

13. December 2016

Peter Fleischer, a global privacy counsel, raised the question: „Should the balance between the right to free expression and the right to privacy be struck by each country?“

In basic terms, the right-to-be-forgotten is a right of every European citizen to demand the erasure of certain links from the internet. However, this can also be seen as cencorship and rewriting history, which is why there is a neverending debate upon this topic.

The French Data Protection Authority, CNIL, has demanded an ultimate right-to-be-forgotten, which would mean that French data could be demanded to be removed, for example from Google search, from all over the world.

The problem which might occur is that also non-democratic countries have to follow this rule in theory. One might argue that the internet can be seen as as an independent source of infromation that is now being endangered.

Google disagrees with the idea that the right-to-be-forgotten should also be applied upon the countries outside the Europe.

Google’s only confirmation is that it is acting in accordance with the local laws as well as within the standards set by the European Court. What is more, Google makes a promise to remove the respective links from all European Google versions simultaneously.

Nevertheless, it has also beeen pointed out that one still could have found a link on the non-European version of Google.

As a feedback Google has delisted links as well on Google.com, Google.co.kr and Google.com.mx.

Category: EU · French DPA · General Data Protection Regulation · Personal Data
Tags: Google

The viability of the EU-U.S. Privacy Shield under Trump is questioned

8. December 2016

What happened?

As Bloomberg Law Privacy & Data Security just reported, officials of the European Union stated that they will watch carefully for any signs of U.S. President-elect Donald Trump turning around the EU-U.S. Privacy Shield agreement.

Vera Jourova, EU Justice Commissioner, can be quoted that the European Union would “closely monitor the respect of protection standards and the correct implementation” of the EU-U.S. Privacy Shield “under the new U.S. leadership”.

Why are the concerns raised?

The questions are asked is due to the fact that under the EU-U.S. Privacy Shield data transfers are based on respect for European privacy rights in case European personal data is transferred to the USA for commercial purposes. However, as Trump made comments that can be interpreted so that such privacy rights might be disregarded, during the U.S. presidential campaig, concerns are raised.

Adina-Ioana Valean, Member of the European Parliament, gave a speech at the European Data Protection and Privacy Conference in Brussels and explained that “a lot of things were said” during the U.S. presidential campaign. Therefore, she concluded that “we should sit and wait for the next move and then we can judge”.

 

 

Category: EU · EU Commission · EU-U.S. Privacy Shield · International data transfers · Personal Data · USA

EU: Data sharing with USA in terms of security and terrorism

29. November 2016

This week, Reuters reported that the European Parliament lawmakers supported a data-sharing agreement with the USA, which aims at safeguarding the data exchange between national authorities, in order to improve security and simplify investigations in terms of terrorism.

Basically, the agreement supports personal data such as names, addresses and criminal records in case an exchange by law enforcement agencies in both Europe and the USA takes place.

Axel Voss explained that “EU citizens will have the same rights as U.S. citizens when they seek judicial redress before U.S. courts. This is a major step for the enforcement of fundamental rights for EU citizens.”

What triggered the implementation of such an agreement?

After the mass spying in 2013 by the USA, which caused privacy concerns over the question “What do enforcement agencies with the gained data after colleting it?” the need to find a regulation concerning the gathering, sharing and storing of personal data became more important than ever.

What is the following process?

It is expected that the entire Parliament approves this agreement on the 1st of Dezember 2016. From then on, the respective ministers for justice and home affairs of the 28 European Member States have to sign off the agreement in the coming weeks.

Category: EU · European Data Protection · International data transfers · Personal Data · USA
Tags: European Parliament

Being IT-Manager and Data Protection Officer? German Data Protection Authority sees this as a conflict of interest

24. November 2016

Background information:

Due to the fact that the German Federal Data Protection Act states that companies must appoint a Data Protection Officer if at least ten persons are involved in the automated processing of personal data, companies are asked to appoint an employee as an internal Data Protection Officer or appoint an external Data Protection Officer. In general, the Data Protection Officer needs to have the necessary knowledge of data protection law and must also be reliable and independent. Furthermore, a Data Protection Officer is reliability and independency in case he/she does not have other obligations which could lead to a conflict of interest.

What happened?

A German Data Protection Authority just fined a company as it appointed an internal Data Protection Officer who was also the IT-Manager. The Data Protection Authority argued that the position of an IT-Manager is incompatible with the position of the Data Protection Officer due to the fact that the Data Protection Officer would be required to monitor himself/herself. The Data Protection Authority explained that such self-monitoring is contradictory to the required independency that is necessary.

This is a very important statement as the upcoming GDPR requires the appointment of a Data Protection Officer as well and states further that it is not allowed that any further tasks and oblgations of the Data Protection Officer result in a conflict of interests – Having in mind that a violation of this may result in fines of up to 10.000.000 EUR or up to 2 % of the total worldwide annual turnover, whichever is higher.

Category: GDPR · General Data Protection Regulation · German Law · International data transfers · Personal Data
Tags: Data protection officer

White Paper on the role of DPOs according to the GDPR

22. November 2016

A White Paper on Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation was just released by the Centre for Information Policy Leadership at Hunton & Williams LLP.

The White Paper provides guidance and recommendations in terms of the implementation requirements of the GDPR concerning the role of the Data Protection Officer, DPO.

According to the privacy and information Blog of Hunton & Williams, the mentioned White Paper aims

  • “to serve as formal input to the Article 29 Working Party’s work on developing further guidance on the proper implementation of the DPO role under the GDPR, which is expected to be finalized by the end of December and
  • to provide guidance for companies that must comply with the GDPR’s DPO provisions by May 25, 2018 (i.e., the date the GDPR becomes effective).”
Category: GDPR · General Data Protection Regulation · International data transfers · Personal Data
Tags: Data protection officer

FBI statistic: 87% of the needed data could be accessed in 2016

15. November 2016

Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.

According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.

In 2016 the FBI

  • has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
  • with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
  • couldn’t unlock around 880 devices.
  • In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.

Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.

However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.

 

Category: Encryption · European Data Protection · International data transfers · Personal Data · USA
Tags: FBI
Pages: Prev 1 2 3 4 5 6 7 8 9 10 11 Next
« Previous 1 … 7 8 9 10 11 Next »
  • Homepage
About us

privacy-ticker.com - Data security and data protection blog of KINAST Attorneys at Law (Germany)

Further information about our law firm are available at www.kinast.eu.

KINAST

Recent Articles
  • LGPD – Brazil’s upcoming Data Protection Law
  • Austrian data protection authority imposes 18 million euro fine
  • CNIL publishes report on facial recognition
  • Health data transfered to Google, Amazon and Facebook
  • Berlin commissioner for data protection imposes fine on real estate company
Search
Categories
  • Article 29 WP
  • Belgian DPA
  • Belgium
  • China
  • Cloud Computing
  • Cookies
  • Countries
    • UK
    • USA
  • Cyber security
  • Data breach
  • Encryption
  • end-to-end encryption
  • EU
  • EU Commission
  • EU-U.S. Privacy Shield
  • European Court of Justice
  • European Data Protection
  • European Union
  • French DPA
  • GDPR
  • General
  • General Data Protection Regulation
  • German Law
  • India
  • Instagram
  • International data transfers
  • Korea Data Protection
  • Personal Data
  • Phishing
  • Portugal
  • Privacy policy
  • right to be forgotten
  • Safe Harbor
  • Spain
  • Spanish Data Protection
  • The Netherlands
Tags
29 Working Party Amazon Apple Article 29 WP Austria biometric data Brexit Cambridge Analytica China CNIL cookies Data breach Data Processing data protection Data protection officer EDPB Encryption EU EU-U.S. Privacy Shield EU - US Privacy Shield European Data Protection Board European Parliament Facebook Facial recognition FBI Fine France GDPR General Data Protection Regulation Germany Google ICO LinkedIn Microsoft Privacy Privacy Policy right-to-be-forgotten Russia Safe Harbor Social Media Twitter Uber UK USA WhatsApp
Newsletter

Please enter your email address to subscribe to our monthly newsletter. Follow the steps in the confirmation email to complete your subscription.

For more information please see our privacy policy

© 2012-2019 | privacy-ticker.com
  • Home
  • Imprint
  • Privacy Policy
  • Newsletter