Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
With privacy law developing, security concerns take precedence at FIFA World Cup (July 8, 2010)
Long before the 2010 FIFA World Cup had all eyes focused on South Africa to see which team would win the coveted top honor, an immense amount of work went on behind the scenes to address the public safety issues that come with any gathering of this size and scope. According to the World Cup 2010 South Africa Web site, for example, various plans were put in place in advance of the event for security purposes, including using satellite monitoring.
Notes from the IAPP President (July 1, 2010)
I am delighted to herald the first all-digital edition of your monthly member newsletter, the Privacy Advisor. A decade into our development as a profession and professional community, today’s digital launch is a fitting step in the evolution of the IAPP.
Smart grids are the future of power, but what does that mean for the future of privacy? (July 1, 2010)
The transmission networks spanning nations to provide light, heat and electricity will soon undergo a radical transformation. Most of the world’s developed countries have invested in or plan to invest huge sums to implement smart energy infrastructures within the next two decades. The “smart grid” will revolutionize the way utilities and consumers measure and monitor electricity usage. It is expected to save money and aid energy conservation. But the grid will also result in massive amounts of new data, data that can reveal intimate details about households and the people who live in them. The risk of exposure or misuse of such data creates a new set of concerns for consumers and privacy professionals.
Call for Papers Open (July 1, 2010)
The International Association of Privacy Professionals Australia and New Zealand (iappANZ) has opened a call for papers for its third annual conference. This year’s event, Silver Lining: The Privacy Umbrella of Cloud Computing, takes place in Sydney, November 30, 2010.
Coverage for fax-blasting claims under the Telephone Consumer Protection Act (July 1, 2010)
The Florida Supreme Court’s recent decision in Penzer v. Transp. Ins. Co., No. SC08-2068, 2010 WL 308043 (Fla. Jan. 28, 2010) (Penzer), adds to the growing trend of cases holding that commercial general liability (CGL) insurance policies provide coverage for claims alleging violations of the Telephone Consumer Protection Act (TCPA), sometimes known as “blast fax” cases.
Eyes on Israel (July 1, 2010)
Israel has been an active player on the world’s privacy stage in recent years, and the momentum is expected to continue. Later this year, the nation’s data protection authority—the Israeli Law, Information, and Technology Authority (ILITA)—will host the 32nd annual International Conference of Data Protection and Privacy Commissioners in Jerusalem. The Privacy Advisor spoke with ILITA chief Yoram Hacohen and Omer Tene, associate professor at the College of Management School of Law and head of the conference steering committee, about recent developments and the upcoming international event.
A simple guide to EU privacy (July 1, 2010)
How can data privacy requirements in the European Union be a driver for data privacy initiatives worldwide? What does it mean to have a Data Privacy Directive for EU member states, and how does this really work in practice? There are no privacy directives worldwide that really match that of the European Union. The Data Protection Directive facilitates harmonization of member states’ laws in providing consistent levels of protections for citizens and ensuring the free flow of personal data within the European Union.
CANADA: Government introduces two bills (July 1, 2010)
On May 25, the government of Canada introduced into the House of Commons two bills to enhance the safety and security of Canadians’ personal information and the online marketplace.
Bill C-29, the Safeguarding Canadians’ Personal Information Act (SPCIA) amends the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal legislation that governs the collection, use and disclosure of personal information by organizations. These amendments are the culmination of the first statutory review of PIPEDA, which commenced, as required, in 2006 and resulted in an extensive report issued in May 2007 by a committee of the House of Commons containing 25 recommendations for consideration by the government.
GERMANY: Draft of new Employee Privacy Act (July 1, 2010)
Further to the recently published guidelines on new employee privacy rules (see the June issue Privacy Advisor), the German Federal Ministry of the Interior (Bundesinnenministerium - BMI) on May 28 tabled a first draft of a respective law according to which a new section on employee privacy rules shall be introduced into the German Federal Data Protection Act (FDPA).
POLAND: New president for the Polish Data Protection Authority (July 1, 2010)
On June 25, the Polish Parliament elected Mr. Wojciech Rafal Wiewiórowski the new president of the Polish Data Protection Authority (hereinafter: DPA). His four-year term began on July 14.
Global Privacy Enforcement Network aims to facilitate cooperation (July 1, 2010)
A number of international government agencies have joined to form a Global Privacy Enforcement Network (GPEN) in order to facilitate greater cooperation in the global enforcement of privacy laws.
“Because modern commerce increasingly relies on the flow of personal information across national and jurisdictional borders, privacy-related law violations often involve multiple jurisdictions,” says Yael Weinman, counsel for international consumer protection at the U.S. Federal Trade Commission (FTC). “This requires both a better understanding of the different privacy regimes around the world as well as actual cooperation among privacy enforcement authorities.”
Surveilled: Scenes from South Africa (July 1, 2010)
Scenes from IAPP Privacy Certification Training in South Africa
10 in 2010: A Chat with Jonathan Fox (July 1, 2010)
In our continuing celebration of the IAPP’s tenth anniversary, the Privacy Advisor talks with eBay’s global privacy director, Jonathan Fox. Jonathan became an IAPP member in 2003 and serves as co-chair of the San Francisco KnowledgNet chapter. He has been immersed in consumer privacy issues for a decade, co-founding Sun Microsystem’s Privacy Council in 2000 and co-authoring its Information Technologies Policies for Privacy Compliance, Data Stewardship Guidelines for Privacy, and its Privacy Impact Assessment.