Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Maryland AG discusses “Privacy in the Digital Age” (June 27, 2012)
The National Association of Attorneys General (NAAG) recently elected Maryland Attorney General Doug Gansler as its president. As the organization’s initiative for the year, Gansler has selected “Privacy in the Digital Age,” which he says is “of concern to everybody” and at the height of public discussion.
“I think they mean it.” The new medical records privacy law in Texas (June 1, 2012)
Revisions to the Texas Medical Records Privacy statute, which take effect on Sept. 1, expand existing requirements for those who have access to medical information pertaining to others. House Bill 300 (HB 300) provides that covered entities, as defined in the statute, must comply with expanded responsibilities pertaining to health information. The act imposes upon these covered entities additional duties beyond those that are dictated by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Experts question whether the EC’s “Right To Be Forgotten” has forgotten a few key points (June 1, 2012)
Within the European Commission’s draft data protection framework is a provision for “the right to be forgotten and to erasure.” The provision’s concept isn’t entirely new to member states. Article 12 within the 1995 Data Protection Directive allows for the right to erasure. But where Article 12 grants data subjects rights to request that data controllers correct or erase data concerning them and to lodge a complaint to the supervisory authority, among others, the new proposal would allow data subjects to ask the data controller to delete their data and cease disseminating, even if consent was at one time given.
Online piracy eradication efforts spark privacy concerns (June 1, 2012)
Protests against the alphabet soup of competing anti-piracy and cybersecurity information-sharing bills—ACTA, CISPA, PIPA, SOPA—highlight the difficulty of balancing intellectual property protection and Internet freedom
Check: Are you ready for social media? (June 1, 2012)
Social media brings opportunities and risks. Companies have to prepare and position themselves. This article summarizes a few key considerations from different angles for a checkup on your company’s social media readiness.
Will Supreme Court Ruling In Pilot Case Apply to Other “Harm” Cases? (June 1, 2012)
Plaintiffs are increasingly filing privacy lawsuits that allege harm and seek compensation. But to date, courts have grappled with discrepancies between plaintiffs’ “harm” claims and the scope of the law—particularly when the harm can’t be qualified, such as in cases of emotional distress or humiliation, leaving many plaintiffs empty-handed when the judge strikes the gavel.
CANADA—The new paradigm: accountability (June 1, 2012)
The global privacy landscape is experiencing its largest shift since the implementation of the European Union’s adoption of Directive 95/46/EC in 1995. The directive was foundational in establishing a privacy regime in Europe, with a global ripple effect for countries wishing to transfer data to and from the EU; examples include the enactment of the Personal Information Protection and Electronic Documents Act in Canada and negotiations between the U.S. and the EU resulting in the Safe Harbor agreement.
EU—Article 29 Working Party publishes biometrics opinions (June 1, 2012)
On March 22 and April 27, the Article 29 Working Party published two opinions on biometrics, one relating to facial recognition in online and mobile services (Opinion on Facial Recognition) and a second on developments in biometric technology (Opinion on Biometrics). Both opinions build on the Working Party’s Working Document on Biometrics and seek to provide greater guidance to authorities, the biometrics industry and users alike.
FRANCE—2012: Increase of CNIL investigations to come (June 1, 2012)
Video surveillance, the healthcare sector, smartphones, sports, data security, large data files—police, highways, gas, electricity—these are the targets selected this year by the French data protection authority (CNIL) as justifying specific attention in its enforcement programme.
GERMANY—Regional Court of Berlin on expiry date of consent (June 1, 2012)
In its judgement of 9 December 2011, the Regional Court of Berlin (Case No. 15 O 343/11) had to decide on the permissibility of a certain e-mail advertising campaign. While after several decisions by the Federal Court of Justice, it is settled case law that an opt-in is generally required for e-mail marketing measures and that such an opt-in must be “separate” in the sense that it may not extend to other marketing forms such as telephone calls or telefax messages, the Berlin judges were, in this case, also called to rule upon the questions whether the consent was specific enough and whether it was still valid.
ISRAEL—Proposed guide on workplace privacy (May 31, 2012)
The Israeli Law Information and Technology Authority (ILITA) has published a consultation draft guide on protecting personal information in workplace environments. The purpose of the proposed guide is to reflect ILITA's view of the principles applicable to the right of privacy in personal information that employers store and process and recommend adequate practices to implement these principles.
UK—ICO grace period for compliance with new cookie rules comes to an end (May 31, 2012)
The new EU rules on cookies came into force in the UK on 26 May 2011, but the Information Commissioner’s Office (ICO) indicated that it would implement a grace period of one year to allow businesses to comply. The 12-month grace period will expire this month, and it seems likely that some businesses will still be caught out.
UK—ICO issues monetary penalty to a Welsh health board (May 31, 2012)
The Information Commissioner’s Office (ICO) has issued a monetary penalty of £70,000 to a Welsh health board following an incident in March last year in which a patient's health details ended up in the wrong hands.
Company offers two EU compliance management tools (May 31, 2012)
As businesses and organizations prepare for upcoming reforms to the EU data protection framework and potential enforcement of the ePrivacy Directive in the UK, TRUSTe has announced it is offering a suite of tools to help manage these new compliance obligations.
Collaboration produces universal privacy tool for cookie compliance (May 31, 2012)
With cookie enforcement on the horizon in the UK and eventually throughout Europe, two companies have teamed up to provide website owners with a way to achieve cookie compliance while providing users with a consent tool to transmit tracking preferences.
Seeking members’ input (May 31, 2012)
Your answers to seven brief questions will help the IAPP tailor its content offerings.