Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
GERMANY: Federal Constitutional Court refuses to accept constitutional complaint against teacher-rating Web site www.spickmich.de (October 25, 2010)
On August 16, 2010, the Federal Constitutional Court refused to accept the constitutional complaint of a teacher against the decisions of lower German courts regarding the permissibility of the teacher-rating Web site www.spickmich.de (Az. BvR 1750/09). On this Web site pupils can rate their teachers and give marks. The Federal Court of Justice decided earlier that the publication of teacher ratings on this Web site was in compliance with German privacy rules. This ruling has now been confirmed by the unanimous decision of the German Federal Constitutional Court.
How will privacy apply to apps? (October 1, 2010)
Critics of Apple’s policy to keep its criteria for third-party applications close to the vest were assuaged last week when the company revealed its guidelines. The App Store Review Guidelines include provisions on trademarks, data aggregation, user interfaces, violence, pornography and privacy. Apple published the rules in order to help developers “steer clear of issues as they develop apps” and to be sure users have a quality experience with the company’s products, according to the published guidelines.
Notes from the IAPP President (October 1, 2010)
I write these words from Baltimore, Maryland, where it is sunny and hot on this early autumn day. Data protection pros are streaming in from near and far for this year’s Privacy Academy.
The Protection of Personal Information Bill, 9 of 2009 (October 1, 2010)
South African organizations have, for some time, inhabited a data protection law haven. Whilst the right to privacy is enshrined in the Constitution of South Africa, legislation that gives practical credence to such right and a regulator to govern and administer corresponding data protection and privacy practices has been absent. That’s about to change.
Privacy law and order: Are there too many cops on the beat? (October 1, 2010)
There’s no question that there are more privacy cops on the beat in the U.S. than ever before, with regulators such as the Federal Trade Commission (FTC), Federal Communications Commission (FCC) and Department of Health and Human Services—just to name a few—all responsible for portions of privacy regulation and enforcement.
Sharing and transferring personal data in cross-border transactions—A Nordic Perspective (October 1, 2010)
Technological developments and globalization in business, combined with privacy rules, bring new challenges to lawyers assisting companies in cross-border transactions. Even though technology enables us to transfer personal data very quickly and easily to the other side of the world, privacy rules make the actual transfer more complex and compel us to follow specific procedures prior to transferring any personal data.
GERMANY: Hamburg privacy watchdog wants to impose fine on Facebook (October 1, 2010)
The Data Protection Officer of Hamburg has initiated proceedings against Facebook in order to impose an administrative fine against the company for breaching privacy laws.
GERMANY: Constitutional complaint against German census 2011 (October 1, 2010)
Germany will participate in the EU-wide population census scheduled for 2011. An EU regulation of July 9, 2008 obliges the Member States of the European Union to collect data by means of a fixed catalogue of characteristics, in the year 2011.
GERMANY: Guidelines for a modern data protection law (October 1, 2010)
On March 18, 2010, the summit of the highest data protection authorities in Germany passed guidelines for a modern data protection law for the twenty-first century. The guidelines are intended to form a basis for discussions on a major reform of the existing German privacy laws.
ITALY: Garante plans more than 250 inspections (October 1, 2010)
The Italian Data Protection Authority (the Garante) has announced its audit plan for the second semester of 2010. Officials will carry out more than 250 inspection checks in collaboration with the Italian Fiscal Police. The audits will target community registries, marketing databases, government departments and other entities that handle sensitive personal information.
SINGAPORE: Recent data privacy developments in Asia-Pacific (October 1, 2010)
Two developments in Asia-Pacific (APAC) region relating to the protection of personal data are worth noting. Malaysia passed the Personal Data Protection Act (2009) in April, and the Asia-Pacific Economic Cooperation created the Cross-Border Privacy Enforcement Arrangement in July.
Guidance now available on establishing a federal privacy office (October 1, 2010)
Two new publications offer guidance to federal personnel seeking to establish or streamline a privacy office: Best Practices: Elements of a Federal Privacy Program, by the Federal CIO Council Privacy Committee, and the Guide to Implementing Privacy by the Department of Homeland Security (DHS) Privacy Office, the first statutorily mandated privacy office in the federal government.
Privacy papers for policy makers (October 1, 2010)
The Future of Privacy Forum (FPF) has released its journal, Privacy Papers for Policy Makers, a collection of expert-written papers on emerging privacy issues. The journal is intended to help inform federal and state policy makers about data privacy issues.
Deadline for The Privacy Projects’ winter competition is Oct. 29 (October 1, 2010)
The Privacy Projects (TPP) has announced that proposals for its Winter 2010 Research Grants competition are due October 29. Awards range from $25,000 to $100,000 per project. TPP, which lists the goal of its grant program as advancing “practical and effective research relating to information and privacy governance to inform the transition we believe is underway from traditional regulatory models to emerging frameworks of demonstrated accountability and responsibility,” is seeking proposals addressing practical challenges with real-world solutions.
10 in 2010: A Chat with John Kropf (October 1, 2010)
As part of our yearlong series celebrating the IAPP’s tenth anniversary, this month the Privacy Advisor talks with John Kropf, CIPP, CIPP/G, from the Department of Homeland Security. John has been deputy chief privacy officer and senior advisor for international privacy policy since 2007 and an IAPP member since 2005. The Privacy Advisor asked John about his career and his credentials.