24. November 2016
Background information:
Due to the fact that the German Federal Data Protection Act states that companies must appoint a Data Protection Officer if at least ten persons are involved in the automated processing of personal data, companies are asked to appoint an employee as an internal Data Protection Officer or appoint an external Data Protection Officer. In general, the Data Protection Officer needs to have the necessary knowledge of data protection law and must also be reliable and independent. Furthermore, a Data Protection Officer is reliability and independency in case he/she does not have other obligations which could lead to a conflict of interest.
What happened?
A German Data Protection Authority just fined a company as it appointed an internal Data Protection Officer who was also the IT-Manager. The Data Protection Authority argued that the position of an IT-Manager is incompatible with the position of the Data Protection Officer due to the fact that the Data Protection Officer would be required to monitor himself/herself. The Data Protection Authority explained that such self-monitoring is contradictory to the required independency that is necessary.
This is a very important statement as the upcoming GDPR requires the appointment of a Data Protection Officer as well and states further that it is not allowed that any further tasks and oblgations of the Data Protection Officer result in a conflict of interests – Having in mind that a violation of this may result in fines of up to 10.000.000 EUR or up to 2 % of the total worldwide annual turnover, whichever is higher.
22. November 2016
A White Paper on Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation was just released by the Centre for Information Policy Leadership at Hunton & Williams LLP.
The White Paper provides guidance and recommendations in terms of the implementation requirements of the GDPR concerning the role of the Data Protection Officer, DPO.
According to the privacy and information Blog of Hunton & Williams, the mentioned White Paper aims
- “to serve as formal input to the Article 29 Working Party’s work on developing further guidance on the proper implementation of the DPO role under the GDPR, which is expected to be finalized by the end of December and
- to provide guidance for companies that must comply with the GDPR’s DPO provisions by May 25, 2018 (i.e., the date the GDPR becomes effective).”
18. November 2016
The National Institute of Standards and Technology, NIST, just released guidelines on cybersecurity for internet-connected devices. These guidelines are called Systems Security Engineering: Considerations for A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. The Guidance “addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems.”
One of the main topics is the fact that the guidelines imply the importance of engineering Internet-connected devices in a way that security systems are directly built into the design and manufacturing processes. Furthermore, the guidelines describe the whole engineering process in order to improve cybersecurity, and reduce risk by implementing “trustworthy secure systems capable of protecting stakeholder assets.”
On top of this the guidelines state that the “objective is to address security issues from a stakeholder protection needs, concerns, and requirements perspective and to use established engineering processes to ensure that such needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system.”
17. November 2016
This week, Reuters reported that U.S. internet companies, such as Facebook and Amazon have sent a detailied letter including a list of their policiy priorities to President-elect Donald Trump. Among the topics of these policies are encryption, immigration reform and maintaining liability protections from user’s content.
The mentioned letter was sent by the so called Internet Association, which is a group of 40 members, also including Alphabet’s Google, Uber and Twitter. The letter tries to repair the relationship between the internet giants and Trump due to the fact that he was almost universally disliked during the presidential campaign.
The president of the Internet Association, Michael Beckermann signed the letter talking about “The internet industry looks forward to engaging in an open and productive dialogue”. Furthermore, Beckerman issued a statement syaing that the internet industry looked forward to working closely with Trump and lawmakers in Congress in order to “cement the internet’s role as a driver of economic and social progress for future generations.”
The letter describes some of the policies which go along with Trump’s prior statements, for example easing the regulation on the sharing economy and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market.
However, other topics are likely to be opposed with Trump’s campaign as he offered numerous broadsides against the tech sector.
15. November 2016
Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.
According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.
In 2016 the FBI
- has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
- with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
- couldn’t unlock around 880 devices.
- In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.
Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.
However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.
11. November 2016
The IAPP just published an article saying that INTERPOL calls on governments around the world to share terrorists’ biometric data in order to increase global security.
This statement was issued by INTERPOL’s General Assembly saying that it currently possesses information about 9,000 terrorists. However, only 10 percent of these files include biometric information. INTERPOL’s Secretary General, Jürgen Stock, explaines that this can be seen as “a weak link” in the prevention of terrorism.
On one side, some countries – among these are multiple ASEAN countries – have taken big steps with regard to data sharing as they have recently agreed to share biometric data for the purposes of counter-terrorism. On the other side, many governments are still discussing how to handle biometric data domestically. So the sharing of data would be one step ahead.
However, governments worldwide becoming more and more interested in biometric security which might help to fight terrorism. The mentioned suggestion of INTERPOL might also increase this kind of cooperation.
10. November 2016
Reuters online reported that Telefonica Deutschland’s chief executive, Thorsten Dirks, said in an interview “People are right to scrutinize any attempt to make money off their data. At the same time they are a handing over data voluntarily to companies such as Google and Facebook”. He concludes that there is a double standard among consumers.
At the moment Telefonica Deutschland holds anonymized data of 44 million mobile customers. These information could be used to track the movements of crowds and traffic, as well as “many other areas that we at the moment cannot think of”, according to Dirks.
Dirks explained that Telefonica aims to be a platform for all devices connected to the internet and therefore processing all sorts of data gathered from sensors in cars, electronic devices and household apparel.
9. November 2016
The German Office for Information Security (BSI) published a survey concerning the security of personal data on smartphones.
- 20,7 % of smartphone users do not have any security measures implemented against unauthorized access.
- However, 74,6 % of smartphone users store sensitive data on their mobile device. This data includes for example pictures, videos, contact inforamtion, passwords and health data.
- Not even 46,3% of smartphone users have basic protection measures implemented, such as software updates.
Arne Schönbohm, chairman of the BSI, commented in the respective press release that although smartphones can be seen as a computers in your pocket, the necessary security measures have not yet been established on these as on your computer at home.
8. November 2016
After WhatsApp announced in August changes in its privacy policy, several EU DPAs announced monitoring activities in order to ensure the proper use of WhatsApp user’s data. One of these changes on the privacy policy, involved disclosure of personal data of WhatsApp users to Facebook in order to fight spam and improve both, WhatsApp and Facebook’s services.
The EU DPAs had requested WhatsApp not to carry out such disclosures until an adequate level of data protection could be ensured.
On Monday, ICO announced that Facebook agreed to suspend these disclosures. ICO already remarked that consumers were not adequately protected and in most cases a valid consent was not in place. Moreover, it has requested both companies to undertake in writing to inform users about the purposes for which their data will be used. Until now, none of the companies has signed such committment.
If enforcement action takes place, huge fines may be imposed. This is especially relevant upon the applicability of the GDPR from May 2018.
Other EU DPAs, such as Spain, will contact Facebook regarding WhatsApp’s privacy policy.
On the other side, Facebook stated that it only collects the data necessary to offer their services and only a part of this data is shared with Facebook. A Facebook spokeswoman confirmed that WhatsApp’s update complies with applicable law, including UK law and that they will continue the conversations with the ICO regarding the questions raised on the Privacy Policy.
As the IAPP just published online, 10 of the 16 German Data Protection Authorities, have begun to assess firms’ transfer of personal data to cloud services based outside of the EU.
According to a joint statement of the respective Data Protection Authorities this is due to the fact that cross-border personal data transfers are growing massively, because of globalization and the rise of software-as-a-service.
Therefore, a mass audit is conducted, which takes about 500 randomly selected companies of various sizes into account. This audit is based on questionnaires asking about their transfers of employee and customer personal data to third countries, in particular to the U.S. while using services such as:
- office apps,
- cloud storage,
- email and other communications platforms,
- customer service ticketing,
- support systems and
- risk management and compliance systems.
In case a company transfers personal data to third countries, it has to show the legal grounds they are using, for example Standard Contractual Clauses or the EU-U.S. Privacy Shield.
Pages: Prev 1 2 3 ... 52 53 54 55 56 57 58 ... 67 68 69 Next 
