Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Notes from the IAPP President (January 23, 2011)
In last month’s issue, we asked what you thought about privacy as a competitive advantage. We received some great feedback, including two competing responses that bear mentioning.
Privacy forecast for 2011 (January 23, 2011)
At the end of each year, the Privacy Advisor asks a group of global privacy professionals to share what they see in the year ahead for privacy and data protection. In this first issue of 2011, we present their forecasts.
Australia’s changing privacy landscape (January 23, 2011)
Since the Australian Law Reform Commission Report (ALRC) was tabled in 2008, we have seen the rise of the iPhone, iPad and a doubling of the users of Facebook, as well as an explosion in location-based services. And after a period of stability, Australian and international thinking about how best to protect citizen privacy is on the move.
CNIL revises authorization on whistleblowing hotlines (January 23, 2011)
On October 14, 2010, the CNIL adopted a series of amendments modifying and broadening the scope of its single authorization. The CNIL adopted these amendments after carrying out a consultation with private organizations, public institutions and authorities and works councils. While the CNIL’s single authorization applies only in France, this amended version could foster amendments to whistleblowing regulations in other European jurisdictions and further discussions within the Article 29 Working Party.
National Research Council report lays framework for protecting privacy in the age of terrorism (January 23, 2011)
In Protecting Individual Privacy in the Struggle Against Terrorists, the National Research Council sets out a framework for the evaluation of classified and unclassified information-based programs that involve the collection and mining of personal data: practices that raise difficult questions about privacy and civil liberties as well as cost, efficacy, legality and societal values.
FRANCE—Consumer credit: creation of a National Register of Credits under CNIL monitoring (January 23, 2011)
The law of July 1, 2010, reforming the rules relating to consumer credits considers the creation of the National Register of Credits to Consumers (Registre National des Crédits aux Particuliers).
FRANCE—Disparaging remarks on Facebook lead to employee termination (January 23, 2011)
The Labour Court of Boulogne Billancourt held on November 19, 2010, that disparaging remarks posted to Facebook by employees of a company went beyond the private sphere and justified a dismissal for serious misconduct.
FRANCE—Policies on employee use of IT resources—a must for companies (January 23, 2011)
The validity of dismissing an employee for storing pornographic files depends on the prohibition of such acts in an IT policy, according to the Supreme Court.
FRANCE—CNIL and whistleblowing – end of story (January 23, 2011)
After more than a year of onsite investigations and hearings, the CNIL has finally published its revised "Autorisation Unique" on “professional alert systems,” the politically correct expression for whistleblowing systems.
FRANCE—A decree to regulate telemedicine (January 23, 2011)
A decree of October 19, 2010, has been issued by the government to define the notion of telemedicine and under which conditions telemedicine can be exercised by healthcare professionals.
ITALY—Company must stop locating its employees (January 23, 2011)
The Italian Data Protection Agency (IDPA or Garante) has ordered an Italian company to stop processing the personal data of its employees collected by means of GPS systems on company vehicles.
POLAND—Poland amends data protection law (January 23, 2011)
After a more than three-year political and legislative struggle, the Polish parliament has finally amended the Act of August 29, 1997 on the protection of Personal Data and other acts, including the Act on Enforcement Proceeding in Administration.
Ernst & Young’s 2010 Global Information Security Survey assesses privacy, other risks in a world of “borderless security” (January 23, 2011)
Ernst & Young has released its Global Information Security Survey for the year that was 2010, and the findings are clear, as IT Risk and Assurance Services Global Leader Paul van Kessel writes in his foreword to the 20-page report, that “the traditional boundaries of an organization are vanishing along with the traditional information security paradigm.”
Belair and Westin join Arnall Golden Gregory’s DC office (January 23, 2011)
Two of the world’s leading privacy experts have joined Arnall Golden Gregory LLP’s new Washington, DC, office, which opened on January 4. Robert Belair will lead the new office, while privacy scholar and Columbia University Professor Emeritus Alan Westin will serve as counsel.
Blake Madison joins Rosen Harwood (January 23, 2011)
Rosen Harwood, P.A., in Tuscaloosa, Alabama, has announced that Blake A. Madison has joined the firm as a shareholder.
Solove joins Hogan Lovells as senior policy advisor (January 23, 2011)
Renowned privacy scholar Daniel Solove has joined the Washington, DC, office of Hogan Lovells US LLP as a senior policy advisor to its Privacy and Information Management Practice.
This month on the Privacy List (January 23, 2011)
What do you get when you gather privacy pros from across the globe together to share insights, discuss issues and ask and answer questions via the speed of e-mail? The IAPP Privacy List. See what your peers have been discussing this month.