Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Notes from the IAPP (November 1, 2010)
As most of you know, the European Data Protection Directive will undergo a substantial review in 2011. Many anticipate it will result in new enforcement powers for data protection authorities and more rights for individuals. Others predict that it may bring some relief for organizations from administrative compliance burdens and result in a more harmonized approach across the continent. Will the companies be required to appoint data protection officers and what their role will be? Whatever the outcome, data privacy and data protection will be top of mind across Europe for the next 14 months and beyond, as the legislative changes start to shape up in each country, too. Its ripples will certainly be felt across borders. The world is watching.
New data privacy law in Mexico (November 1, 2010)
Multinational and internationally focused businesses in the United States and elsewhere have stepped up their efforts to monitor and comply with data protection laws in recent years. Reasons for this trend include an increasing proliferation of new laws in this area, public attention, enforcement initiatives by European data protection authorities and the generally increased focus on compliance with laws (which used to be a self-evident requirement applicable to all employees but has become a separate professional discipline or even office in many organizations.)
Experts say P3P lacks transparency (November 1, 2010)
The Platform for Privacy Preferences (P3P) was created in 2002 as a tool to protect users’ privacy as they navigate the Internet. The voluntary platform was adopted by Internet Explorer, the only browser to make meaningful use of it but, since its inception, has faced a number of challenges to its intended success.
Demystifying cloud computing (November 1, 2010)
Few concepts in recent times have conjured up the allure and mystique of “cloud computing.” We are accustomed to hearing about clouds in the context of weather, but where does the notion of a cloud fit into computing? Part one of this three-part article will unmask some of the complexities that exist in describing cloud computing. Although you will see various technical terms, the focus of this series is not technical. Rather, it aims to present practical illustrations that provide better insight into the area.
CANADA: The OPC’s Facebook investigation (November 1, 2010)
In July 2009, the Privacy Commissioner of Canada published the results of an investigation it conducted into the privacy practices of the social networking site Facebook. A complaint filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) in May 2008 triggered the investigation.
German Federal Labour Court: Function of an internal data protection official ends with company merger (November 1, 2010)
In Germany, businesses that employ more than nine people with the processing of personal data are under an obligation to appoint an internal data protection official. The position of these internal data protection officials has recently been strengthened. According to Sec. 4f para. 3 of the German Federal Data Protection Act, their employment must not be terminated during their appointment and for one year thereafter unless for cause. In its decision dated September 29, 2010 (Az. 10 AZR 588/09), the German Federal Labour Court stated that an employee's function as internal data protection officer would end, however, if the company with which he is employed, and where he is appointed as a data protection official, merges and thereby ceases to exist as a separate legal entity.
UK: Consultation on data sharing launched (November 1, 2010)
The Information Commissioner's Office has published a consultation document on a new statutory code of practice on the sharing of personal data. The code is meant to explain how the Data Protection Act 1998 applies to the sharing of personal data. It also provides good practice advice that will be relevant to all organizations that do so. As the code puts it, adopting the good practice recommendations will help organizations collect and share personal data in a way that is fair, transparent and in line with the rights and expectations of the people whose information is being shared. The consultation is open until January 5, 2011.
EU sues the UK over privacy failings (November 1, 2010)
The European Commission has decided to refer the United Kingdom to the EU's Court of Justice for not fully implementing EU rules on the confidentiality of electronic communications such as e-mail or Internet browsing. Specifically, the commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities. In the meantime, the UK Home Office has confirmed that it is in discussions with the EU on the matter and plans to make changes to address the commission's concerns.
UK: Information Commissioner seeks EU legislative changes (November 1, 2010)
The UK Information Commissioner's Office has made a formal submission to the Ministry of Justice's call for evidence on the current data protection legislative framework. Not surprisingly, the ICO has indicated that there is need for a review of the law and that data protection should be given a "common sense and modern day approach." The ICO has highlighted the need for the law to be comprehensible for individuals and businesses. The UK government will consider all submissions made to help inform the UK’s position on negotiations for a new EU data protection instrument, which are expected to start in early 2011.
Uruguay found to provide adequate protection (November 1, 2010)
On October 12, 2010, Europe’s Article 29 Working Party opined that the Eastern Republic of Uruguay provides an adequate level of data protection within the meaning of Article 25(6) of the Directive 95/46/EC. The opinion came two years after the Uruguayan government submitted an official request to the European Commission.
TRUSTe launches new services (November 1, 2010)
TRUSTe has announced its latest offerings, including a privacy certification program for mobile applications and a new in-ad privacy solution.
Last chance to opt in to the 2011 IAPP Membership Directory is November 1 (November 1, 2010)
The IAPP is compiling the 2011 edition of the Membership Directory—one of the most coveted and widely used member benefits. For the first time, the 2011 directory will be available both electronically and in print, providing you with two convenient ways to stay in touch with your colleagues. Only IAPP members who opt in will have their names and contact information included. Don’t miss out on your chance to be listed in this valuable networking resource. The deadline for inclusion is November 1. (Members who opted in previously will be included in this year’s directory.)
10 in 2010: A Chat with Lawrence Tan (November 1, 2010)
As part of our ongoing celebration of the IAPP’s tenth year, the Privacy Advisor spoke with longtime member Lawrence Tan, CIPP, CIPP/G, about how--all the way from Singapore--he became a certified information privacy professional and Singapore’s data protection landscape.