Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
CNIL watching video surveillancesystem (December 24, 2009)
A video surveillance system has been installed in Lille city buses in northern France. The system records images and sounds continuously in order to improve driver and passenger safety. Only police can access the audio and video footage, and the recordings are deleted after a period of 48 hours.
E-Discovery in Asia/Pacific: U.S. litigation exposure for Asian companies (December 1, 2009)
Due to expansive rules on discovery, jury trials and the size of damage awards, plaintiffs worldwide would choose to bring their claims, if possible, in U.S. courts.
The ethics of “Googling” someone (December 1, 2009)
Just because you can “Google” someone, should you? This is a good question for the U.S. Federal Trade Commission, which is re-examining privacy during a series of roundtable events this winter.
‘Dear valued customer, we regret to inform you that your data has been compromised...’ (December 1, 2009)
Paving the way for new standards in data security, on October 26, 2009, the Council of the European Union approved the directive amending Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (the Directive).
Disclosure of subscriber information by Internet service providers (December 1, 2009)
A number of recent court decisions have discussed the matter of Internet service providers (ISPs) providing law enforcement with subscriber information (SI) absent a court-issued warrant or subpoena.
Data sharing: disclosure of partners required (December 1, 2009)
In an answer to a query brought by the online magazine, the CNIL (the French data protection authority) clarified what should be considered “informed consent” (opt in).
E-discovery (December 1, 2009)
The CNIL issued a recommendation to data controllers requested to transfer information to the U.S. in the framework of e-discovery proceedings. French legal requirements must be met including those resulting from the Hague Convention and from the Data Protection Act.
“Peer to peer law”— the status (December 1, 2009)
As reported in the October issue of the Privacy Advisor (page 10), the law to fight against infringing downloads had to be modified in order to meet the requirements of the French Constitutional Court. Finding the new draft still unsatisfactory, some MEPs challenged it once more before the Constitutional Court.
Video-surveillance sanctioned (December 1, 2009)
The CNIL issued a 10,000 euro fine to a street-ware business for using a permanent video surveillance system. The system, intended to protect the business against theft, was found not proportionate because it surveilled too many areas, including areas where no products were stored.
UK government consults on tough penalties for the misuse of personal data (December 1, 2009)
The UK Government has launched a public consultation on whether to introduce prison sentences for those found guilty of offences related to obtaining, disclosing, or selling personal data.
Consumer watchdog scrutinises customised pricing based on online behaviour (December 1, 2009)
The Office of Fair Trading (OFT) has launched two separate market studies into advertising and pricing. The first, into online targeting of advertising and prices, will cover behavioural advertising and customised pricing, where prices are individually tailored using information collected about a consumer's Internet use.
eBay receives BCR approval (December 1, 2009)
EBay has received permission to use binding corporate rules (BCRs) to transfer data across borders. The Luxembourg data protection authority, Commission Nationale pour la Protection des Données (CNPD), approved the company’s application recently.
Breach action site created (December 1, 2009)
A new site aims to provide a one-stop resource for organizations that have experienced a data breach. Field Fisher Waterhouse (FFW), RSA Security, and KPMG have teamed together to create the Breach Action Web site, a clearinghouse of law, technology, and consultancy resources who will collectively execute a joint plan of action for breached firms.
Walters joins U.S. SEC as FOI/Privacy Act chief (December 1, 2009)
Barry Walters is the new chief Freedom of Information Act and Privacy Act officer at the Securities and Exchange Commission.
New AFCDP board members (December 1, 2009)
The French Association of Data Protection Correspondents (AFCDP) has named new members to its board of directors.
Engaging data (December 1, 2009)
More than 200 people from across the globe attended the First International Forum on the Application and Management of Personal Electronic Information in October, the launching event of the MIT SENSEable City Lab's "Engaging Data Initiative."
The Privacy Projects New initiative to fund ‘evidence-based’ privacy research (December 1, 2009)
A new nonprofit research institute has been created to fund academic research about privacy. The Privacy Projects will forward research intended to help maintain the balance between the use and protection of personal data.
Notes from the Executive Director (December 1, 2009)
Our first issue of the Advisor every year has always been about looking forward into the New Year. What will change in the privacy world? What new laws and regulations will challenge privacy pros? What major media stories—whether breaches, emerging technologies, or boundary-stretching business models—will strain our current tools for managing data? There are always more questions than can possibly be answered.