Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
No general right to oblivion under Israeli law (December 3, 2010)
In a first-of-its-kind decision, the Tel-Aviv district court ruled that a subscriber of cellular services does not have a general right to have his phone records deleted.
Notes from the IAPP President (December 1, 2010)
In front of a packed hall at an OECD conference in Jerusalem last month, one of the world’s foremost experts on information privacy dismissed the idea of companies using privacy as a competitive differentiator. During a panel session featuring some of today’s most highly regarded data protection experts and regulators, Alan Westin said the idea that privacy can be used as a business advantage is dead, privacy controls are too complex for consumers to understand and a certification culture would be more effective.
International data protection laws (December 1, 2010)
In the past year, two more countries in Asia—Malaysia and Taiwan—have adopted comprehensive national privacy laws that regulate the collection, use and disclosure of personal information. These new privacy laws differ considerably from those in the United States. U.S. laws typically focus on addressing misuse of information and seek to protect individuals from particular harms. These two laws, instead, are omnibus laws that extend protections to all personal information and focus not only on the use of information but also on the collection and disclosure of personal information.
Poland’s data protection outlook: A conversation with the DPA (December 1, 2010)
Poland is in the process of amending its 13-year-old data protection law. Inspector General for Personal Data Protection (GIODO) Wojciech Rafał Wiewiórowski, who was elected last July, spoke with the Privacy Advisor about the data protection challenges facing Poland, including the speed at which technology develops and the struggle to keep pace legislatively. Wiewiórowski says he envisions Poland playing a leading role in the changes to EU data protection laws and discusses the key issues filling his schedule at present, including working with stakeholders and government on the future implementation of the smart grid and working with the direct marketing industry on a best practices code.
Cloud computing: Value proposition and risks (December 1, 2010)
This is the second article in a three-part series on cloud computing. View the first installment in the November issue of the Privacy Advisor. The first installment of the cloud computing series provided an overview of cloud computing and practical examples of the ever-evolving phenomenon. This article discusses the value proposition that can be derived from cloud computing and some of the privacy risks that should be considered before moving into the cloud.
TH!NK PRIVACY: Locally, globally and across disciplines (December 1, 2010)
When Barclays Bank PLC won a 2009 HP-IAPP Privacy Innovation Award for its TH!NK PRIVACY program, that was only the beginning. In just over a year, what began as a cross-company effort to emphasize privacy awareness, compliance and cultural change has expanded into the global, not-for-profit TH!NK PRIVACY Consortium.
Breach notification decisions handed down (December 1, 2010)
Regular readers of this column will recall that previously we wrote about amendments to the Alberta Personal Information Protection Act (PIPA) that came into effect May 1, 2010. One of the amendments requires that organizations covered by PIPA notify the province’s privacy commissioner of a loss of, unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a “real risk of significant harm” to an individual.
RFID applications require prior privacy impact assessment (December 1, 2010)
On May 12, 2009, the European Commission issued a Recommendation on The Implementation of Privacy and Data Protection Principles in Applications Supported by Radio-Frequency Identification. The recommendation recognizes the importance of RFID technology for businesses and industry to enhance efficiency. The Article 29 Working Party (hereinafter: Article 29 WP) did, however, express serious concerns about the impact of RFID technology on individuals’ privacy, since its deployment may entail robust information processing and novel monitoring practices.
Towards a new regulation on data protection in Europe (December 1, 2010)
The European Commission (EC) has opened a public consultation period (from November 4, 2010, to January 15,2011) to obtain views on its ideas for addressing new challenges to personal data protection in order to ensure an effective and comprehensive protection to individuals’ personal data within the EU. The document “Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions informs the consultation.”
Unlawful implementation of a location-based system sanctioned by court (December 1, 2010)
In France, employers who want to monitor employees’ use of company cars using location-based systems must comply with labor and data protection laws. An employer who intended to dismiss an employee for serious misconduct because his vehicle’s location-based system revealed that he used the company car for personal purposes and violated the highway code, has learned this the hard way.
FRANCE: Targeted advertising: A charter to protect Internet users (December 1, 2010)
A public consultation launched by the Secretary of State for the future and development of the digital economy has revealed that one of individuals’ major concerns about targeted advertising is the fear that their advertising profiles could be kept indefinitely.
FRANCE: CNIL issues guidelines on data security (December 1, 2010)
The use of IT systems has become essential for analyzing and centralizing information and outsourcing is increasing, thus the security of information systems is a major challenge for any data controller, whether a business or government entity.
Commissioner receives OBA Karen Spector Memorial Award for Excellence in Privacy Law (December 1, 2010)
Canadian Privacy Commissioner Jennifer Stoddart has been honored by the Ontario Bar Association (OBA) with its Karen Spector Memorial Award for Excellence in Privacy Law, which was established to recognize, honor and celebrate the outstanding achievements of OBA members working in the privacy field.

Jonathan Cantor joins Department of Commerce (December 1, 2010)
Jonathan R. Cantor, CIPP, CIPP/G, was recently selected as the chief privacy officer and director of open government at the Department of Commerce. In his new role, Cantor will work with all of the bureaus and operating units to improve the department’s privacy program, develop sound privacy policies and consult with public- and private-sector professionals and organizations.
10 in 2010: A chat with Jules Polonetsky (December 1, 2010)
In this last interview of our yearlong feature celebrating the IAPP’s tenth anniversary, the Privacy Advisor chats with Future of Privacy Forum co-chairman and director and past IAPP board member Jules Polonetsky about, well, what else? The future of privacy.
SURVEILLED (December 1, 2010)
Scenes from Privacy After Hours.