Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
French DPA FAQ on Data Breaches (May 31, 2012)
The CNIL has published an explanation of the new rules relating to data breaches. Only providers notified to ARCEP, the regulatory authority in charge of e-communications—in other words, ISP and telecom providers—are subject to the obligation to notify data breaches. E-commerce sites providing online services are not yet impacted.
Assessing public information in the digital age (May 1, 2012)
Though public records stand among the pillars of an open society, the information economy is challenging traditional notions of what should be considered readily accessible to the general community. As information brokers collect and store greater amounts of information, public agencies implement e-government initiatives and telecommunications systems improve the ease with which information flows across the globe, should the line around what constitutes public data be reassessed?
Social networks seek workplace privacy protections (May 1, 2012)
The debate over access to people’s Facebook and Twitter profiles is heating up, as a number of legislators seek to ban employers from forcing people to disclose their access credentials. But at the same time, intelligence and law enforcement agencies report that they’re starting to troll social networks for suspicious activity.
A practical guide to making good use of your PII inventory (May 1, 2012)
Since the publication of recommendations by the President’s Identity Theft Task Force and the Office of Management and Budget (OMB) Memo 07-16, federal agencies are required to review their holdings of all personally identifiable information (PII) and ensure they are accurate, relevant, timely and complete. Agencies are also required to reduce PII to the minimum necessary for the proper performance of a documented agency function and eliminate unnecessary collection and use of Social Security numbers.
Singapore released proposed personal data protection bill (May 1, 2012)
The Ministry of Information, Communications and the Arts (MICA) released the proposed personal data protection bill on 19 March and invited comments from the public ending 30 April. MICA conducted two public consultations on the proposed data protection (DP) regime as well as the Do-Not-Call Registry (DNC) in 2011. The DP regime covers the scope of the proposed DP law; related rules on use, collection, disclosure and transfer of personal data outside Singapore; data accuracy; retention of personal data, and penalty and enforcement-related matters.
CANADA—The use of facial recognition technology (May 1, 2012)
The use of facial recognition technology is becoming more and more prevalent in modern society, note such examples as Facebook’s introduction of such technology in 2011; Google’s attempt to introduce a facial search engine, and even an online dating site that was launched on the premise of matching people based on “facial compatibility.”
EU—Article 29 Data Protection Working Party Opinion 01/2012 on the data protection reform proposals (May 1, 2012)
On 23 March, the Article 29 Data Protection Working Party (Working Party) adopted its opinion on the data protection reform proposals of the European Commission. The Working Party broadly welcomes the proposals for seeking to reinforce the position of data subjects, enhance the responsibility of controllers and strengthen the position of supervisory authorities both nationally and internationally. In spite of this positive stance, however, the Working Party believes that parts of the proposal for a regulation need clarification and improvement.
GERMANY—Facebook "Friend Finder" functions violate German privacy rules (May 1, 2012)
Several functions of the social network Facebook have been under scrutiny by German data protection authorities for some time. Now, a first judgement has been issued: In its decision dated 6 March, the Regional Court of Berlin held that certain Facebook “Friend Finder” functions, which have been amended meanwhile, shall violate the Federal Data Protection Act and the German Act Against Unfair Competition.
UK—UK CBI: Draft regulation "risks strangling innovation” (May 1, 2012)
The UK Confederation of British Industry (CBI), the UK's largest business lobbying group, responded to the Ministry of Justice's Call for Evidence on the draft EU Data Protection Regulation on 16 March, stating the regulation will threaten many innovative business models and place a compliance cost burden on businesses, which may deter investment and be passed on to consumers.