Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Nugg.ad Receives Privacy Seal for PTN Product (November 1, 2009)
The German-based nugg.ad has received the European Privacy Seal—EuroPriSe—for its Predictive Targeting Networking (PTN) product. An independent certification body issues the EuroPriSe trustmark to IT products and services deemed to be “privacy respecting.”
Hyatt has Approvals on BCRs (November 1, 2009)
The UK Information Commissioner’s Office (ICO) has authorized Hyatt to use BCRs, which are legally binding regulations that demonstrate a company’s capacity to transfer data across borders safely. The approval lets Hyatt transfer and share personal data within the company without having to use other legal instruments, such as model contractual clauses.
Commissioners’ resolution on PHRs (November 1, 2009)
From their semi-annual meeting in St. John’s, Newfoundland in September, the privacy commissioners of Canada resolved to take measures to ensure that personal health records (PHRs) encompass the highest privacy standards. “Now is the time to build components of PHRs that enhance patient privacy and control,” the commissioners stated in a document describing the points of the resolution—The Promise of Personal Health Records—outlined here:
Toolkit to help small, midsized businesses (November 1, 2009)
The Canadian Institute of Chartered Accountants (CICA) has created a toolkit to help organizations identify data security and privacy risks. “The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises” includes a risk self-assessment, advice on area-specific risks, and a CD-ROM with checklists, articles and training templates, and a customizable privacy policy.
Privacy News - video competition (November 1, 2009)
Canada Privacy Commissioner launches video competition.
Eileen Harrington (November 1, 2009)
Eileen Harrington is the new chief operating officer of the Small Business Administration.
2009 Australian Privacy Awards (November 1, 2009)
The Office of the Privacy Commissioner of Australia will announce the winners of the 2009 Australian Privacy Awards and Privacy Medal at a gala dinner on November 12 featuring a keynote address by Senator the Honorable Joe Ludwig. The awards recognize good privacy practices among businesses, not-for-profit organizations, and government agencies. Of this year’s award finalists, Privacy Commissioner Karen Curtis said many “have adopted innovative approaches to compliance and have embedded privacy as a core value in their activities.”
2009 Privacy Innovation Awards (November 1, 2009)
Hewlett Packard and the International Association of Privacy Professionals announced the 2009 Privacy Innovation Award winners at the IAPP Privacy Dinner in Boston in September.
Conservative party takes on ‘surveillance state’ (November 1, 2009)
The UK will soon be gearing up for its General Election, which must take place before June of next year. Not surprisingly, data security and privacy will be a battleground topic.
Privacy aspects of Internet rating Web sites (November 1, 2009)
In a landmark judgment in June, the German Federal Court of Justice generally approved of an online platform that allows pupils to evaluate their teachers. In its verdict, the court also clarified the privacy requirements to be met by the operators of such platforms.
Biometric weapon against exam fraud (November 1, 2009)
The French Data Protection Authority (CNIL) has granted approval for the testing company GMAC (Graduate Management Admission Council) to use biometric technology in France to control access to examination centers for the GMAT test used for student selection by business schools around the world.
Global Privacy Dispatches - Canada (November 1, 2009)
The Office of the federal Privacy Commissioner (OPC) recently released a Report of Finding under the Personal Information Protection and Electronic Documents Act—PIPEDA Case Summary #2009-010—in which the assistant privacy commissioner investigated a complaint involving the use of deep packet inspection (DPI) by an Internet service provider.
French Data Protection Authority Issues New Guidelines (November 1, 2009)
Pursuant to the Article 29 Working Party’s guidelines on pre-trial discovery for cross border civil litigation issued in February of this year, the French Data Protection Authority (CNIL) recently adopted similar guidelines for companies based in France that transfer personal data to the U.S. in the context of civil proceedings. These guidelines are generally in line with those of WP 29, although the CNIL does address pre-trial discovery in light of French rules of civil procedure. French civil procedure requirements apply regardless of data protection requirements.
E-Discovery in Asia/Pacific: Litigation Readiness for Asian Companies (November 1, 2009)
This is the first article of a three-part series exploring litigation exposure and readiness for Asian companies. Part two of the series will explain how non-U.S. companies, particularly those based in the Asia/Pacific region, can analyze and deal with the risks of U.S. litigation exposure to pre-trial discovery data requests. Due to expansive rules on discovery, jury trials, and the size of damage awards, plaintiffs worldwide choose to bring their claims in U.S. courts. So it is important that non-U.S. companies consider their exposure to U.S. litigation.
EuroPriSe - the New European Privacy Certification (November 1, 2009)
What began as a pilot project in 2007 is now up and running under the management of the data protection authority (DPA) of Schleswig-Holstein, Germany’s northernmost state, in partnership with the DPAs of Madrid (Agencia de Protección de Datos de la Communidad de Madrid) and France (Commission Nationale de l’Informatique et de Libertés, or CNIL), among other entities. Backed by European Commission funding, the European Privacy Seal (the Seal) for IT-products and IT-based services lets companies doing business in the European Union (EU) demonstrate privacy compliance.