Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
French DPA FAQ on Data Breaches (May 31, 2012)
The CNIL has published an explanation of the new rules relating to data breaches. Only providers notified to ARCEP, the regulatory authority in charge of e-communications—in other words, ISP and telecom providers—are subject to the obligation to notify data breaches. E-commerce sites providing online services are not yet impacted.
Assessing public information in the digital age (May 1, 2012)
Though public records stand among the pillars of an open society, the information economy is challenging traditional notions of what should be considered readily accessible to the general community. As information brokers collect and store greater amounts of information, public agencies implement e-government initiatives and telecommunications systems improve the ease with which information flows across the globe, should the line around what constitutes public data be reassessed?
Social networks seek workplace privacy protections (May 1, 2012)
The debate over access to people’s Facebook and Twitter profiles is heating up, as a number of legislators seek to ban employers from forcing people to disclose their access credentials. But at the same time, intelligence and law enforcement agencies report that they’re starting to troll social networks for suspicious activity.
Maryland "Facebook law" raises new obstacles for employers vetting applicants and investigating employees, but with important exceptions (May 1, 2012)
The momentum in the media made it almost inevitable: the first state law to expressly restrict employers from asking applicants and employees for social media account login credentials has been passed.
A practical guide to making good use of your PII inventory (May 1, 2012)
Since the publication of recommendations by the President’s Identity Theft Task Force and the Office of Management and Budget (OMB) Memo 07-16, federal agencies are required to review their holdings of all personally identifiable information (PII) and ensure they are accurate, relevant, timely and complete. Agencies are also required to reduce PII to the minimum necessary for the proper performance of a documented agency function and eliminate unnecessary collection and use of Social Security numbers.
Singapore released proposed personal data protection bill (May 1, 2012)
The Ministry of Information, Communications and the Arts (MICA) released the proposed personal data protection bill on 19 March and invited comments from the public ending 30 April. MICA conducted two public consultations on the proposed data protection (DP) regime as well as the Do-Not-Call Registry (DNC) in 2011. The DP regime covers the scope of the proposed DP law; related rules on use, collection, disclosure and transfer of personal data outside Singapore; data accuracy; retention of personal data, and penalty and enforcement-related matters.
CANADA—The use of facial recognition technology (May 1, 2012)
The use of facial recognition technology is becoming more and more prevalent in modern society, note such examples as Facebook’s introduction of such technology in 2011; Google’s attempt to introduce a facial search engine, and even an online dating site that was launched on the premise of matching people based on “facial compatibility.”
EU—Article 29 Data Protection Working Party Opinion 01/2012 on the data protection reform proposals (May 1, 2012)
On 23 March, the Article 29 Data Protection Working Party (Working Party) adopted its opinion on the data protection reform proposals of the European Commission. The Working Party broadly welcomes the proposals for seeking to reinforce the position of data subjects, enhance the responsibility of controllers and strengthen the position of supervisory authorities both nationally and internationally. In spite of this positive stance, however, the Working Party believes that parts of the proposal for a regulation need clarification and improvement.
GERMANY—Facebook "Friend Finder" functions violate German privacy rules (May 1, 2012)
Several functions of the social network Facebook have been under scrutiny by German data protection authorities for some time. Now, a first judgement has been issued: In its decision dated 6 March, the Regional Court of Berlin held that certain Facebook “Friend Finder” functions, which have been amended meanwhile, shall violate the Federal Data Protection Act and the German Act Against Unfair Competition.
UK—UK CBI: Draft regulation "risks strangling innovation” (May 1, 2012)
The UK Confederation of British Industry (CBI), the UK's largest business lobbying group, responded to the Ministry of Justice's Call for Evidence on the draft EU Data Protection Regulation on 16 March, stating the regulation will threaten many innovative business models and place a compliance cost burden on businesses, which may deter investment and be passed on to consumers.
UK—Plans for greater Internet monitoring powers spark privacy debate (May 1, 2012)
Government plans to allow for wider monitoring of the public's e-mail and social media communications by police and national security services have divided opinion and attracted criticism from civil liberty campaigners.
UK—ICO issues updated guidance on identifying data controllers and data processors, “disproportionate effort" and "regulatory activity” (May 1, 2012)
The UK Information Commissioner's Office has updated some of its practical guidance documents aimed at assisting organisations in dealing with their data protection obligations.
Employers are making good use of applicants' social network profiles, but should they? (May 1, 2012)
Making a good first impression when it comes to applying for a new job no longer involves simply spell-checking a resume. That’s because employers are now capable of eyeballing more than just a candidate’s job history and references; these days, social media profiles provide a much broader picture.
IAPP Privacy Vanguard and HP-IAPP Privacy Innovation Awards nomination period now open (May 1, 2012)
Nominations are now being accepted for the 2012 HP-IAPP Privacy Innovation Awards and the 2012 IAPP Privacy Vanguard Award.