Posted in EU Data Protection

Opinion

European Court Gives a Boost to EU Data Protection Reform

On April 8, the Court of Justice of the European Union invalidated the EU Data Retention Directive 2006/24. Beyond its significance for data retention, this judgment has important implications for EU data protection law in general and the proposed General Data Protection Regulation (GDPR) in particular.

More from Christopher Kuner

Opinion

Addressing the Challenges of the Internet of Things: An EU Perspective

By Brian Davidson, CIPP/E

Recent news that smart fridge software was hacked to send out spam is the latest example of the ineluctable opportunities and challenges presented by the Internet of Things (IoT).

The intrusiveness of IoT technologies and their potential to collect unlimited amounts of data on users’ daily habits brings with it serious privacy concerns. As European regulators grapple with the challenges and complexities of formulating a technology-neutral Data Protection Regulation, the difficulties of applying “traditional” concepts such as consent, purpose limitation, transparency, data deletion, accountability and security to the data processing activities carried out by an “Internet-ready” kitchen appliance become readily apparent.

More from Brian Davidson

EU Data Protection

An Honest Recap on Safe Harbor

By Eduardo Ustaran, CIPP/E

The recent vote at the European Parliament—by an overwhelming majority of 544 to 78 members, with 60 abstentions—calling for the immediate suspension of Safe Harbor has sent some powerful shockwaves across the business and legal communities in the EU and beyond. This should not have come as a surprise, given that the European Parliament has been very vocal in this respect for a while, but it is still a chilling reminder of the uncertainty surrounding the scheme—possibly the most widely relied upon mechanism to legitimise data flows between the EU and the U.S.

The big question that remains on the ground is whether EU-based organisations that rely on Safe Harbor as the legal basis for transferring data to either their own corporate group entities or service providers operating in the U.S. are doing the right thing or should be looking for alternatives.

More from Eduardo Ustaran

EU Data Protection

My Dinner with Jan

German Green MEP Jan Philipp Albrecht

On Wednesday of last week, in Strasbourg, France, the European Parliament overwhelmingly approved a proposal for a sweeping, region-wide Data Protection Regulation, ratifying the work of MEP Jan Philipp Albrecht, who almost two years ago began his work as rapporteur for the regulation.

The next evening, on Thursday in Palo Alto, California, I was sitting across the dinner table from Albrecht—who prefers to be called Jan—at an Asian-Fusion restaurant, enjoying a sociable evening for speakers at the next day’s Berkeley Center for Law and Technology (BLCT) annual Silicon Valley Privacy Conference.

More from Christopher Wolf

Opinion

The Global Competition Between Privacy Models

Countries around the world are struggling to decide whether to adopt data protection law based on the proposed EU Data Protection Regulation or to use a U.S. approach to privacy protection. As I observed firsthand during a recent trip to Japan, the result is competition in global data protection policy making, with the European Commission on the one side and the U.S. government on the other side, both lobbying other countries to follow their respective models.

More from Christopher Kuner

Data Transfers

Update: EU and APEC—A Roadmap for Global Interoperability?

By John Kropf, CIPP/US, CIPP/G

In November 2013, Malcolm Crompton, CIPP/US, and I suggested in a short IAPP article for The Privacy Advisor that the challenge for global data flows was interoperability but that there was reason for optimism between the world’s two largest economic entities: the EU and the Asia-Pacific Economic Cooperation (APEC) (EU and APEC: A Roadmap for Global Interoperability?).

More from John Kropf

The U.S.-EU Privacy Debate: Conventional Wisdom Is Wrong

Everybody knows the conventional wisdom: United States privacy law is weak and fractured, with neither comprehensive data protection legislation nor a dedicated privacy enforcement authority. The European Union is the gold standard of global privacy regulation, with its omnibus Data Protection Directive and collective force of 28 national data protection authorities. But, In fact, far from its caricature as a beat up railcar breathlessly panting behind the EU privacy locomotive, it is the U.S. that drives privacy policymaking worldwide.

More from Omer Tene

Big Data

Can We Balance Data Protection With Value Creation?

“Data People” by Andrés Opcional

In the last few years there has been a dramatic change in the opportunities organizations have to generate value from the data they collect about customers or service users. Customers and users are rapidly becoming collections of “data points” and organizations can learn an awful lot from the analysis of this huge accumulation of data points, also known as “Big Data.”

Organizations are perhaps thrilled, dreaming about new potential applications of digital data but also a bit concerned about hidden risks and unintended consequences. Take, for example, the human rights protections placed on personal data by the EU.  Regulators are watching closely, intending to preserve the eight basic privacy principles without compromising the free flow of information.

Some may ask whether it’s even possible to balance the two.

More from Sara Degli Esposti