ICO fines charities with a total of 43,000 GBP

13. December 2016

The ICO just released a statement saying that investigations have shown that the Royal Society for the Prevention of Cruelty to Animals, RSPCA, and the British Heart Foundation, BHF, did not act according to the Data Protection Act.

The statement explaines that these charities used to screen donors for wealth in order to increase their donations.

“The charities also traced and targeted new or lapsed donors by piecing together personal information obtained from other sources” is stated in the report. Furthermore, “they traded personal details with other charities creating a massive pool of donor data for sale. Donors were not informed of these practices, and so were unable to consent or object.”

Elizabeth Denham, Information Commissioner, fined both charities, the RSPCA 25,000 GBP and BHF 18,000 GBP. She explained that the reason for the fining is also due to the fact that “This widespread disregard for people’s privacy will be a concern to donors, but so will the thought that the contributions people have made to good causes could now be used to pay a regulator’s fine for their charity’s misuse of personal information”.

Category: Data breach · UK
Tags:

Instagram developes additional privacy features

9. December 2016

On Tuesday, Instagram announced the launching of some features for its users to help maintain privacy.

Some time ago, Instagram already included a feature to filter comments by introducing keywords. Now, it has also introduced the feature to turn off comments in any post if the user wishes to do so. Furthermore, a new feature to like posts will be added in order to maintain a positive environment.

Another important feature consists of the possibility to remove followers from private accounts. At the time, users that have a private account are able to choose the followers they want to accept. However, once a follower was accepted there was no way to remove it. This feature will make possible to remove followers and the removed followers will not be notified about it.

Finally, a reporting tool will be available for all users. This tool can be used in cases where a user suspects that another user will injure him/herself based on the published posts. This reporting tool can be used anonymously and aims at offering support and help and connect the reported persons with specialized organizations.

Instagram’s CEO announced ongoing changes in order to achieve a safe use of Instagram.

Category: General · Instagram
Tags: ,

The viability of the EU-U.S. Privacy Shield under Trump is questioned

8. December 2016

What happened?

As Bloomberg Law Privacy & Data Security just reported, officials of the European Union stated that they will watch carefully for any signs of U.S. President-elect Donald Trump turning around the EU-U.S. Privacy Shield agreement.

Vera Jourova, EU Justice Commissioner, can be quoted that the European Union would “closely monitor the respect of protection standards and the correct implementation” of the EU-U.S. Privacy Shield “under the new U.S. leadership”.

Why are the concerns raised?

The questions are asked is due to the fact that under the EU-U.S. Privacy Shield data transfers are based on respect for European privacy rights in case European personal data is transferred to the USA for commercial purposes. However, as Trump made comments that can be interpreted so that such privacy rights might be disregarded, during the U.S. presidential campaig, concerns are raised.

Adina-Ioana Valean, Member of the European Parliament, gave a speech at the European Data Protection and Privacy Conference in Brussels and explained that “a lot of things were said” during the U.S. presidential campaign. Therefore, she concluded that “we should sit and wait for the next move and then we can judge”.

 

 

Use of encryption App increases after US election

6. December 2016

BuzzFeed News reported, that after electing Donald Trump the App called Signal has been faced with a 400 percent rise in daily downloads.

This App is a secure communications tool and therefore well-known in terms of technology, journalism and politics. When using this App people are able to text and speak with one another by encrypting end-to-end, so that only the sender and the intended recipient can read or hear the respective message.

The founder of the App called Signal, Moxie Marlinspike, released a statement saying that “There has never been a single event that has resulted in this kind of sustained, day-over-day increase.” Marlinspike explained that “Trump is about to be put in control of the most pervasive, largest, and least accountable surveillance infrastructure in the world (…) People are maybe a bit uncomfortable with him.”

 

CNIL released results of public consultation report about the GDPR

2. December 2016

CNIL, the French Data Protection Authority,  just released the report of the public consultation. This report refers to the consultation of  professionals about the upcoming General Data Protection Regulation, GDPR.

The basis of the report were 540 replies from 225 contributors and the main aspects relate to:

  • the Data Protection Officer, DPO
  • the right to data portability,
  • the data protection impact assessments and
  • the certification mechanism.

The report states that there are questions on how the requirements of the GDPR should be applied in practice. Some of the most frequently asked questions are:

  • What is considered to be a conflict of interest – who can be appointed?
  • Can a DPO be whole a team? Can a DPO be a legal person?
  • What kind of investments will need to be made in order to implement the right to data portability?

Therefore, CNIL announced that some national communication campaigns will be launched and that there will be training sessions and workshops in cooperation with the current CILs, Correspondants Informatique et Libertés.

 

Category: General
Tags:

EU Member States address issues on encryption in criminal investigations

30. November 2016

Recently, Italy, Latvia, Poland, Hungary and Croatia, have proposed a new legislation, which could facilitate police investigators to access the different entities’ encrypted information in order to make it easier to crack open encryption technology.

According to the Polish officials, “One of the most crucial aspects will be adopting new legislation that allows acquisition of data stored in EU countries in the cloud”.

European countries were asked by the Slovakian government (which holds the current presidency of the EU Council) to identify the way, in which their law enforcement authorities deal with technology preventing from the communication interception as long as they are not authorised to get the information.

Via a freedom of information request, twelve countries, amongst others Finland, Italy, Swedem or Poland, responded to the Dutch internet rights NGO Bits of Freedom, that they frequently encounter encrypted data while carrying out criminal investigations. The UK and Latvia indicated that it happens ‘almost always’.

Ultimately a dispute on prohibiting or creating backdoors in order to weaken encryption for digital and telecommunication services has raised among Germany and European Union.

Even though Germany has dismissed charges that the government is pushing companies to create encryption backdoors in their products, Angela Merkel has announced that investigators will pay more attention to tracing criminals who use the darknet and encryption, especially since the shooting in Munich in July.

So far however, Europol, ENISA and the Commission´s vice president Andrus Ansip oppose creating the backdoors weakening encryption.

ICO: confirmation about new guidelines in terms of the GDPR

Elizabeth Denham, UK Information Commissioner, participated at the Annual Conference of the National Association of Data Protection and Freedom of Information Officers during which she gave a keynote speech. In her statement Denham explained that the UK prepares for the upcoming GDPR. She confirmed the government’s position that the GDPR will be implemented in the UK as well – Brexit aside.

Denham’s statement includes that the first regulatory guidance on the GDPR can be expected to be published by the Article 29 Working Party at the end of this year. It is believed that this guidance will probably make a number of key aspects of the GDPR of discussion.

Another point of her speech included the fact that the Article 29 Working Party is about to release a concept of risk under the GDPR and carrying out Data Privacy Impact Assessments at the beginning of 2017.

Furthermore, it was mentioned that the Article 29 Working Party aims to publish guidance in terms of certifications under the GDPR.

EU: Data sharing with USA in terms of security and terrorism

29. November 2016

This week, Reuters reported that the European Parliament lawmakers supported a data-sharing agreement with the USA, which aims at safeguarding the data exchange between national authorities, in order to improve security and simplify investigations in terms of terrorism.

Basically, the agreement supports personal data such as names, addresses and criminal records in case an exchange by law enforcement agencies in both Europe and the USA takes place.

Axel Voss explained that “EU citizens will have the same rights as U.S. citizens when they seek judicial redress before U.S. courts. This is a major step for the enforcement of fundamental rights for EU citizens.”

What triggered the implementation of such an agreement?

After the mass spying in 2013 by the USA, which caused privacy concerns over the question “What do enforcement agencies with the gained data after colleting it?” the need to find a regulation concerning the gathering, sharing and storing of personal data became more important than ever.

What is the following process?

It is expected that the entire Parliament approves this agreement on the 1st of Dezember 2016. From then on, the respective ministers for justice and home affairs of the 28 European Member States have to sign off the agreement in the coming weeks.

Being IT-Manager and Data Protection Officer? German Data Protection Authority sees this as a conflict of interest

24. November 2016

Background information:

Due to the fact that the German Federal Data Protection Act states that companies must appoint a Data Protection Officer if at least ten persons are involved in the automated processing of personal data, companies are asked to appoint an employee as an internal Data Protection Officer or appoint an external Data Protection Officer. In general, the Data Protection Officer needs to have the necessary knowledge of data protection law and must also be reliable and independent. Furthermore, a Data Protection Officer is reliability and independency in case he/she does not have other obligations which could lead to a conflict of interest.

What happened?

A German Data Protection Authority just fined a company as it appointed an internal Data Protection Officer who was also the IT-Manager. The Data Protection Authority argued that the position of an IT-Manager is incompatible with the position of the Data Protection Officer due to the fact that the Data Protection Officer would be required to monitor himself/herself. The Data Protection Authority explained that such self-monitoring is contradictory to the required independency that is necessary.

This is a very important statement as the upcoming GDPR requires the appointment of a Data Protection Officer as well and states further that it is not allowed that any further tasks and oblgations of the Data Protection Officer result in a conflict of interests – Having in mind that a violation of this may result in fines of up to 10.000.000 EUR or up to 2 % of the total worldwide annual turnover, whichever is higher.

White Paper on the role of DPOs according to the GDPR

22. November 2016

A White Paper on Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the General Data Protection Regulation was just released by the Centre for Information Policy Leadership at Hunton & Williams LLP.

The White Paper provides guidance and recommendations in terms of the implementation requirements of the GDPR concerning the role of the Data Protection Officer, DPO.

According to the privacy and information Blog of Hunton & Williams, the mentioned White Paper aims

  • “to serve as formal input to the Article 29 Working Party’s work on developing further guidance on the proper implementation of the DPO role under the GDPR, which is expected to be finalized by the end of December and
  • to provide guidance for companies that must comply with the GDPR’s DPO provisions by May 25, 2018 (i.e., the date the GDPR becomes effective).”
Pages: Prev 1 2 3 4 5 6 7 8 9 10 ... 22 23 24 Next
1 7 8 9 10 11 24