Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
No general right to oblivion under Israeli law (December 3, 2010)
In a first-of-its-kind decision, the Tel-Aviv district court ruled that a subscriber of cellular services does not have a general right to have his phone records deleted.
Notes from the IAPP President (December 1, 2010)
In front of a packed hall at an OECD conference in Jerusalem last month, one of the world’s foremost experts on information privacy dismissed the idea of companies using privacy as a competitive differentiator. During a panel session featuring some of today’s most highly regarded data protection experts and regulators, Alan Westin said the idea that privacy can be used as a business advantage is dead, privacy controls are too complex for consumers to understand and a certification culture would be more effective.
International data protection laws (December 1, 2010)
In the past year, two more countries in Asia—Malaysia and Taiwan—have adopted comprehensive national privacy laws that regulate the collection, use and disclosure of personal information. These new privacy laws differ considerably from those in the United States. U.S. laws typically focus on addressing misuse of information and seek to protect individuals from particular harms. These two laws, instead, are omnibus laws that extend protections to all personal information and focus not only on the use of information but also on the collection and disclosure of personal information.
Poland’s data protection outlook: A conversation with the DPA (December 1, 2010)
Poland is in the process of amending its 13-year-old data protection law. Inspector General for Personal Data Protection (GIODO) Wojciech Rafał Wiewiórowski, who was elected last July, spoke with the Privacy Advisor about the data protection challenges facing Poland, including the speed at which technology develops and the struggle to keep pace legislatively. Wiewiórowski says he envisions Poland playing a leading role in the changes to EU data protection laws and discusses the key issues filling his schedule at present, including working with stakeholders and government on the future implementation of the smart grid and working with the direct marketing industry on a best practices code.
Cloud computing: Value proposition and risks (December 1, 2010)
This is the second article in a three-part series on cloud computing. View the first installment in the November issue of the Privacy Advisor. The first installment of the cloud computing series provided an overview of cloud computing and practical examples of the ever-evolving phenomenon. This article discusses the value proposition that can be derived from cloud computing and some of the privacy risks that should be considered before moving into the cloud.
TH!NK PRIVACY: Locally, globally and across disciplines (December 1, 2010)
When Barclays Bank PLC won a 2009 HP-IAPP Privacy Innovation Award for its TH!NK PRIVACY program, that was only the beginning. In just over a year, what began as a cross-company effort to emphasize privacy awareness, compliance and cultural change has expanded into the global, not-for-profit TH!NK PRIVACY Consortium.
Breach notification decisions handed down (December 1, 2010)
Regular readers of this column will recall that previously we wrote about amendments to the Alberta Personal Information Protection Act (PIPA) that came into effect May 1, 2010. One of the amendments requires that organizations covered by PIPA notify the province’s privacy commissioner of a loss of, unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a “real risk of significant harm” to an individual.
RFID applications require prior privacy impact assessment (December 1, 2010)
On May 12, 2009, the European Commission issued a Recommendation on The Implementation of Privacy and Data Protection Principles in Applications Supported by Radio-Frequency Identification. The recommendation recognizes the importance of RFID technology for businesses and industry to enhance efficiency. The Article 29 Working Party (hereinafter: Article 29 WP) did, however, express serious concerns about the impact of RFID technology on individuals’ privacy, since its deployment may entail robust information processing and novel monitoring practices.
Towards a new regulation on data protection in Europe (December 1, 2010)
The European Commission (EC) has opened a public consultation period (from November 4, 2010, to January 15,2011) to obtain views on its ideas for addressing new challenges to personal data protection in order to ensure an effective and comprehensive protection to individuals’ personal data within the EU. The document “Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions informs the consultation.”
Unlawful implementation of a location-based system sanctioned by court (December 1, 2010)
In France, employers who want to monitor employees’ use of company cars using location-based systems must comply with labor and data protection laws. An employer who intended to dismiss an employee for serious misconduct because his vehicle’s location-based system revealed that he used the company car for personal purposes and violated the highway code, has learned this the hard way.
FRANCE: Targeted advertising: A charter to protect Internet users (December 1, 2010)
A public consultation launched by the Secretary of State for the future and development of the digital economy has revealed that one of individuals’ major concerns about targeted advertising is the fear that their advertising profiles could be kept indefinitely.
FRANCE: CNIL issues guidelines on data security (December 1, 2010)
The use of IT systems has become essential for analyzing and centralizing information and outsourcing is increasing, thus the security of information systems is a major challenge for any data controller, whether a business or government entity.
Jonathan Cantor joins Department of Commerce (December 1, 2010)
Jonathan R. Cantor, CIPP, CIPP/G, was recently selected as the chief privacy officer and director of open government at the Department of Commerce. In his new role, Cantor will work with all of the bureaus and operating units to improve the department’s privacy program, develop sound privacy policies and consult with public- and private-sector professionals and organizations.
10 in 2010: A chat with Jules Polonetsky (December 1, 2010)
In this last interview of our yearlong feature celebrating the IAPP’s tenth anniversary, the Privacy Advisor chats with Future of Privacy Forum co-chairman and director and past IAPP board member Jules Polonetsky about, well, what else? The future of privacy.
SURVEILLED (December 1, 2010)
Scenes from Privacy After Hours.