Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc. Read More
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service. Read More
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation. Read More
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks. Read More
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
State Legislative Roundup: Privacy Bills Abound (March 29, 2013)
Several state legislatures have been considering a variety of privacy bills during the past week. Here’s a brief roundup of the activity being noted by media outlets.
IAPP launches new certification: CIPM (March 8, 2013)
Yesterday at the IAPP’s Global Privacy Summit, the organization launched a companion certification to its long-standing CIPP: the Certified Information Privacy Manager.
FRANCE—Sanction Against Controller Putting Employees Under Permanent Watch (March 1, 2013)
Security agents complained to the French Data Protection Authority (CNIL) that their employer had implemented a video surveillance system pointing in the direction of their workplace and filming continuously.
FRANCE—First Feedback from the CNIL on Albrecht’s Report (March 1, 2013)
The French Data Protection Authority (CNIL) expressed positive views on Rapporteur Jan Philipp Albrecht’s pre-report, in particular in the changes brought with regard to the position of data protection authorities (DPAs).
EU—The Factoring Company of an ISP Should Act as a Data Processor, Rules CJEU (March 1, 2013)
The Court of Justice of the European Union (CJEU) ruled on November 22, 2012, that factoring agreements must be contemplated also under a data protection angle.
ITALY—The Garante Releases 2012 Enforcement Balance (March 1, 2013)
The Garante has released the 2012 balance of its enforcement activities carried out with the help of a specific body of the Italian Tax Police, the so-called "Nucleo Speciale Privacy Guardia di Finanza.”
ITALY—Skype Explains Account-Closing Procedure (March 1, 2013)
Skype will enhance account-closing procedures, it has ensured the Italian Data Protection Authority (Garante) in response to the authority’s request for explanations regarding the reasons why Italian users meet so many difficulties when deciding to close their accounts.
Westin’s Privacy Scholarship, Research Influenced a Generation (March 1, 2013)
Alan Westin, a groundbreaking scholar of information privacy who helped influence a generation of privacy study and the privacy profession itself, passed away Monday, February 18, at the age of 83. Indiana University Prof. Fred Cate described his passing as “especially hard to come to grips with because he was such a larger-than-life figure who not only helped to create and define the modern field of privacy law but welcomed, included and mentored so many of us who followed in his giant footsteps.”
Albrecht Report on the Proposed EU Data Protection Regulation Revisited (March 1, 2013)
The draft report on the proposed EU General Data Protection Regulation released on 8 January has provoked much criticism and debate. The report, prepared by Green MEP Jan Philipp Albrecht, the rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament, has been welcomed by some—including European Commissioner Viviane Reding and the French Data Protection Authority, whereas strong criticism has been voiced by industry.
Privacy Law and History: WWII-Forward (March 1, 2013)
During the war, there were vast intrusions in the privacy…typically under the guise of national security. But in certain situations, these intrusions went far beyond the needs to protect the respective nations against espionage and other such acts. A German Constitutional Court case would set the boundaries for later post-war data privacy safeguards for the country and consequently Europe and all those countries subsequently affected by exporting of European privacy law principles—or data—around the world.
How To Prepare for, Respond to and Manage Breaches (March 1, 2013)
Breaches, lapses, incidents. They are going to happen, and they are going to happen to you. How you prepare will make a huge difference both mid-crisis and post-crisis. Experts Emily Stapf, director of cybercrime and forensic investigations at Pricewaterhouse Coopers; Mark Seifert of Brunswick Group, and Tim O’Brien of the FBI’s cybercrime division focus on the reality that organizations must shift from the mindset that breach preparedness is important because a breach might occur and understand it is important because a breach will occur.
Brazil's New Law Is Not Tough Enough To Fight Electronic Crimes (March 1, 2013)
After 15 years of discussion, Brazil's government has enacted a law that typifies computer-related crimes and covers important issues such as electronic device invasion, unauthorized remote access and interruption of web services. This article intends to analyze some aspects of the long-awaited law.
Significant Amendments to the Hungarian Privacy Act Expected; New Opinion Issued by the Hungarian Data Protection Agency (March 1, 2013)
The president of the Hungarian National Agency for Data Protection and Freedom of Information, Attila Péterfalvi, has announced that the Hungarian Privacy Act will be significantly amended by end of June in order to make it consistent with the EU Data Protection Directive, recent European case law and current privacy trends. While the new Hungarian Privacy Act has been in force for more than a year, certain key aspects of Hungarian DP legislation remained unchanged. The agency has also issued a long-awaited opinion on the electronic surveillance of employees.
New Privacy Requirements for Direct Marketing—Are You Compliant? (March 1, 2013)
Part VIA of the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO) sets out new direct marketing requirements. Part VIA will tentatively commence on 1 April. In anticipation of Part VIA commencing, the privacy commissioner for personal data (PCPD) has issued a Guidance Note on Direct Marketing. The guidance note will take effect when Part VIA commences.
Poland’s New Rules on Notification of a Data Breach Take Effect in March (March 1, 2013)
Until recently, under the Polish legal framework it was not necessary to report a personal data breach to data subjects or the Polish Data Protection Authority (DPA). Cases of data breaches were analysed ad-hoc by the regulator by sending its officers to the data controllers’ seat—or any other entity—and verifying the security measures and internal procedures that were implemented. The law was partially amended by the implementation of new rules by an act of 21 December 2012 on the change of the telecommunications law and other legal acts. Changes related to data breaches will enter into force by 22 March.
Apps Gone Wild? The FTC and California AG Seek To Rein In Mobile App Privacy Practices (March 1, 2013)
Industry-wide, whether they are fun games, serious tools or educational resources, mobile apps continue to access, collect and use private data stored on smart devices while customers remain largely ignorant of and disempowered by these practices. Key reports issued this winter, coupled with recent enforcement actions, suggest that regulators are ready to insist that they and consumers no longer be subjected to these unpleasant revelations.
Covington & Burling Adds Monika Kuschewsky, CIPP/E, to Data Protection Practice (March 1, 2013)
Covington & Burling is pleased to announce the addition of Monika Kuschewsky, CIPP/E, to its data protection practice, further expanding the firm’s global privacy and data security capabilities in Europe. Kuschewsky joins as special counsel resident in Covington’s Brussels office.
TRUSTe and Promontory Unveil BCR Management Program (March 1, 2013)
Data privacy management solutions provider TRUSTe and global regulatory compliance consulting firm Promontory have launched a joint Binding Corporate Rules (BCRs) management program.
POLAND—An Opportunity To Simplify the Transfer of Personal Data from Poland to Outside the EEA? (March 1, 2013)
A new draft framework for the draft Simplification of Conditions for Conducting Economic Activity Act, dated 8 January, was published on the Government Legislation Centre website. The new draft framework contains proposals to amend the Act of 29 August 1997 on the Protection of Personal Data.
UK—ICO Calls for Changes to Draft Data Protection Regulation (March 1, 2013)
The UK Data Protection Authority (the ICO) has published further views on the reform of EU data protection rules, following the release of the European Parliament LIBE Committee's report on the regulation.
UK—Sony Fined £250,000 for Data Security Breach (March 1, 2013)
The ICO has issued Sony Computer Entertainment Europe Limited (SCEE) with a monetary penalty notice of £250,000 after finding the company had failed to implement sufficient measures to prevent distributed denial of service attacks that compromised the personal information of its customers.
UK—ICO Uses Implied Consent for its Website Cookies (March 1, 2013)
The ICO has announced that it is no longer seeking explicit consent from users for the serving of cookies via its website, instead relying on implied consent.