Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Data Protection and Privacy Workshop (November 1, 2008)
More than 60 professionals attended the Data Protection and Privacy Workshop hosted by the IAPP and the Gesellschaft für Datenschutz und Datensicherung (German Association for Data Protection) last month in Strasbourg.
Varney named to Obama Team (November 1, 2008)
A leading privacy attorney and founder of the Online Privacy Alliance has been named to Barack Obama's transition team. Christine Varney will serve as personnel counsel during the three-month transition. Varney has headed the Internet practice group at international law firm Hogan & Hartson for the last decade.
Privacy Progression (November 1, 2008)
Carol DiBattiste has been named senior vice president of privacy, security compliance and government affairs for LexisNexis. DiBattiste joins LexisNexis from ChoicePoint, where she served as general counsel and chief privacy officer. At LexisNexis, DiBattiste will represent the company on privacy matters, set the company's privacy policies, direct privacy compliance, and oversee internal and external privacy education and training for the company.
Partner in Privacy (November 1, 2008)
Daniel Cooper has been elected to Covington & Burling's partnership. Based in London, Cooper handles the firm's growing privacy and data security practice there. He counsels clients in myriad industries on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations.
Global Privacy Dispatches- France- Observatory Body Annual Report (November 1, 2008)
The French observatory body, "Observatoire de la securite des cartes de paiement," issued its fifth annual report. The report is available at It observes a small decrease in the overall number of frauds in 2007 (-0,062% in comparison with 2006), with the total amount of fraud amounting to 268,5 millions of Euros. However, an increase in frauds on remote payments was also noticed (50,1 millions of Euros), and fraud rates were higher on payments via the internet than on payments by postmail or phone.
Global Privacy Dispatches- France- CNIL Award (November 1, 2008)
The CNIL announced the creation of an award which will be granted on an annual basis to a thesis related to the protection of personal data in the fields of law, history, human or political sciences, sociology, or economics, as well as technical fields. Applicants must have received a magna cum laude award for their thesis from a French University and they must submit their application to the CNIL before January 20.
Global Privacy Dispatches- France- Litigation Data (November 1, 2008)
In a litigation opposing the insurance commissioner of the State of California and the French insurance company MAAF, a French attorney sought to obtain for his U.S. client information from a former member of the MAAF's board of directors on the conditions under which board decisions were made about the purchase of Executive Life.
Global Privacy Dispatches- France- BCRs (November 1, 2008)
The G29 and the CNIL continue intensive work on Binding Corporate Rules (BCR). New clarifying documents should be issued soon, such as additional FAQs and examples of BCR provisions. On the French side of things, the CNIL continues to organize meetings with businesses of various industry sectors in order to sensitize them on the interest of BCR.
Global Privacy Dispatches- France- Employee Privacy (November 1, 2008)
An employee who was terminated for abusing his employer's IT resources claimed that the employer's access of his internet navigation history violated his right to privacy and labor and employment code. However, the Supreme Court determined that an employer can access navigation logs for internet connections made during working hours using the employer's IT resources, as such connections are presumed to be of a professional nature.
Global Privacy Dispatches- France- Privacy (November 1, 2008)
The Forum des Droits sur l'Internet, in coordination with the CNIL, has launched an online consultation about privacy on the internet. Internet users can exchange views in an open forum until January 15 on four main topics.
Global Privacy Dispatches- France- Edvige (November 1, 2008)
Edvige has been making headlines in France and Brussels. Edvige is not, as you might expect, the new tall, blond, Nordic girlfriend of a French VIP. It is the name of a new system that the French Ministry of Interior seeks to implement.
Identity Compliance (November 1, 2008)
Sun Microsystems has released Identity Compliance Manager software to help companies comply with regulations and mitigate risk.
Global Privacy Dispatches- European Union- BCR Approvals (November 1, 2008)
On October 1, the Article 29 Working Party—a group of EU data protection authorities— announced that France, Germany, Ireland, Italy, Latvia, Luxembourg, the Netherlands, Spain and the UK have agreed to mutually recognize one another's approvals of Binding Corporate Rules (BCRs).
Global Privacy Dispatches- Canada- Social Networking (November 1, 2008)
In a speech to employees of the Bank of Canada, Privacy Commissioner Jennifer Stoddart discussed the use of social networking and its impact on the workplace.
Global Privacy Dispatches- Argentina and Latin America- Data Protection Law (November 1, 2008)
Uruguay has a new data protection law. The Senate approved the law on July 16 and it was finally sanctioned by the Executive Power the first week of August, 2008. The law is based on European data protection law models. It contains a full set of data protection principles, including those on consent, notices, ban on certain transfers, and a provision forbidding the transfer of personal data to destinations lacking adequate protection.
Global Privacy Dispatches- Argentina and Latin America- Computer Crimes Law (November 1, 2008)
The Argentine Congress enacted a computer crimes law. The new law (law n. 26.388) criminalizes the illegal access to a computer system, computer fraud, and damages to information and software. In addition, the law creates a new offence related to privacy and data protection law: it is now illegal to open or access and publish an email or a document without authorization of the sender.
Global Privacy Dispatches- Argentina and Latin America- DPA (November 1, 2008)
The Data Protection Agency (DPA) issued Disposition 5/2008 detailing the procedure to perform audits in data controller. The aim of Disposition 5/2008 is to regulate how audits take place and to describe audit stages. Under this new regulation, the data protection agency will send a note with a questionnaire to the company several days before the inspection.
Surveilled (November 1, 2008)
On a late October evening, privacy professionals stepped out for some after-hours camaraderie with colleagues at locations across the world. From Auckland to Cleveland, those working in the privacy field gathered to meet, talk shop, and share a few laughs.
New PCI Data Security Standards expand obligations (November 1, 2008)
Attorney Susan Lyon outlines the actions companies must take to comply with the latest version of the Payment Card Industry Data Security Standards (PCI DSS Version 1.2). The new rules affect wireless networks and non-Windows-based platforms in particular. Lyon notes that, while some of the changes will ease or clarify the rules set out in Version 1.1, others may impact businesses due to significantly expanded security obligations.
Commissioner's Positions (November 1, 2008)
The IAPP is pleased to bring you this Q&A interview with Federal Trade Commission Chairman William E. Kovacic. Chairman Kovacic will deliver the keynote address at the upcoming IAPP Privacy Dinner in Washington, DC.
A global triangle of trust (November 1, 2008)
David Hoffman, CIPP, says that greater transparency in data handling practices, while necessary, has done little to promote trust in the marketplace. He discusses the role of accountability and assurance in trust building, and proposes that government, industry, and NGO work together to create a global “triangle of trust” to this end.
Notes from the Executive Director (November 1, 2008)
Regardless of your political affiliation, the recent election results must be regarded as a momentous occasion for the U.S. and, indeed, the world. At a recent conference for the GDD, our sister organization in Germany, I was struck by how many Europeans are fascinated by the President Elect. Their interest was based on all the "firsts" that Barack Obama represents.