Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Notes from the IAPP President (June 1, 2011)
There is perhaps no greater indication of the raised profile of data protection than the fact it is on the agenda of this week’s G8 Summit.
China issues data handling guidelines for public comment (June 1, 2011)
What happens when you combine a few high-profile cases along with some cries for standards from the business community? Even the Chinese government gets interested in expanding personal privacy rights. While no one would mistake China as a pioneer in the area of personal data privacy protection, several efforts have been made in recent years—most notably changes to Chinese criminal and tort law. These developments have been able to fill some of the void resulting from previous failed attempts to adopt a comprehensive national law on data privacy.
Cloud computing privacy and data security: Domestic and international issues (June 1, 2011)
With data storage costs plummeting, a great deal of information that was once stored on local computer hard drives is now being stored on remote servers, sometimes referred to as “clouds.” The term “cloud computing” has many meanings, but in general, it refers to the outsourcing of data processing functions to a group of servers connected via the Internet. Cloud computing offers the scalable use of information technology (IT) resources and facilities to save costs. In some cases, entire technological processes are transferred to the cloud; in others, cloud computing simply covers peaks in demand that overburden internal IT infrastructures.
Reducing social media risk (June 1, 2011)
Social media is carrying more and more information of all kinds every minute—business and personal, helpful and harmful. The potential for serious consequences to an organization through private and privileged information being unleashed via social networking is increasing dramatically every day.
FRANCE— Search engines should seek consent before keeping user data beyond six months (June 1, 2011)
Search engines should seek consent before keeping user data beyond six months, the CNIL has announced, while also expressing regret about Yahoo’s decision to extend the retention of user data from three to 18 months.
FRANCE—Whistleblowing—Not the end of story (June 1, 2011)
After having released its revised “Standard Authorization” on professional alert systems at the end of December 2010, the CNIL is granting specific authorizations to professional alert systems implemented by data controllers for very targeted purposes.
FRANCE—Cookies and security breach amendments to French DP Law (June 1, 2011)
Last year, the French Parliament authorized the government to implement by way of “ordinance” the so-called “telecom package” of Directives of 25 November 2009 (2009/139/EC and 2009/140/EC). The draft text includes an amendment to the provision of the French Data Protection Act relating to cookies and other web beacons. The government just completed a public consultation on the text, and the CNIL’s opinion is forthcoming.
ITALY—The “Google Suggest” case (June 1, 2011)
On 31 March 2011, the Court of Milan declared Google, Inc., liable for defamation in relation to its Google Suggest “auto-complete” function that recommends words and characters to complete a partial search for its users.
POLAND—Polish DPA to improve institutional cooperation regarding privacy issues (June 1, 2011)
At the end of March 2011, the Polish Data Protection Authority (DPA) Inspector General for the Protection of Personal Data Mr. Wojciech Rafał Wiewiórowski launched a new initiative to improve cooperation at an institutional level between the regulatory organs regarding privacy issues in Poland.
UK—Amendments to the Privacy and Electronic Communications Regulations (June 1, 2011)
The e-Privacy Regulations 2011 came into force on 26 May, implementing amendments to the e Privacy Directive that were introduced by the Citizens Rights Directive. They introduce important changes to the law governing privacy in electronic communications.
Fulbright funds privacy pro grant (June 1, 2011)
Harry Valetk, corporate privacy director for Metlife’s Global Privacy Office, was selected for a Fulbright Senior Specialist grant in February to represent the United States at the University of Oxford, United Kingdom. The grant lets working professionals engage in research and teaching opportunities typically reserved for traditional Fulbright scholars. Valetk spent two weeks at the university conducting research, teaching a seminar and attending a conference on free speech.
CSA to help develop cloud standards (June 1, 2011)
The Cloud Security Alliance has announced it will collaborate with the International Organization for Standardization/International Electrotechnical Commission on the development of cloud security and privacy standards.
Finding best practices through research (June 1, 2011)
Information is a valuable asset, and keeping that information safe and secure is essential. Yet, how does an organization know if it has the appropriate security standards and procedures in place? How does an organization’s data security practices compare to other organizations? And after a security incident, how does a company determine loss? The answers to these questions are not easy ones. To help deal with them, two privacy experts have teamed up to research current information governance practices.
EASA releases OBA recommendations (June 1, 2011)
The European Advertising Standards Alliance has released its Best Practice Recommendation on Online Behavioural Advertising. The guidance intends to promote an industry-wide self-regulatory standard for the practice.
This month on the Privacy List (June 1, 2011)
Privacy pros continue to use the Privacy List as a forum to query their peers on a host of issues, both large and small. Participants put forth a variety of questions through which resources and practical advice are sought and discovered. In recent weeks, the privacy community has employed the list to share information on the potential impact of breaking news. For example, when news of Epsilon’s data breach came in early April, privacy pros turned to the list to share their knowledge of which businesses were affected, posting running tallies as they became known.