Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Where Domestic Violence and Technology Collide (July 25, 2013)
The National Network to End Domestic Violence, comprising some 2000 shelters and 56 state-level non-profit organizations, holds its annual Technology Summit next week, July 29 through 31, in San Jose, California. In this exclusive, we talk with Cindy Southworth, who merges social work and technology in running Safety Net, which works with state agencies to address the ways in which technology issues impact the safety—including privacy and accessibility rights—of domestic violence victims.
Privacy in Popular Culture: Dressing To Beat Big Brother (July 23, 2013)
Sitting in the closing “Quiz Show” session at the IAPP Canada Privacy Symposium a couple of months back, Ontario Privacy Commissioner Ann Cavoukian got a bit of a laugh with her call for “privacy glasses,” or other “Star Trek”-like privacy technology to defeat Google Glass and other wearable computing technologies that might make covert surveillance omnipresent. But wearable privacy technology is here and hardly a joke.
The Privacy (and Security) Pro in the White House (July 19, 2013)
Much has been made of Nicole Wong’s appointment to work on privacy matters in the White House under U.S. CTO Todd Park, but there’s another privacy pro in the White House who actually has “privacy” in his title: Ari Schwartz, Director for Cybersecurity Privacy, Civil Liberties and Policy, National Security Staff, who started in the job this past month. The Privacy Advisor talks with him about his new position.
Committee Hears Testimony, Patriot Act Must Change (July 18, 2013)
At a House Judiciary hearing yesterday exploring the Obama administration’s use of Foreign Intelligence Surveillance Act (FISA) authorities, representatives from the Justice Department, National Security Agency (NSA), Office of National Intelligence and the Federal Bureau of Investigation were questioned by lawmakers, specifically on Section 215 of the USA PATRIOT Act (Patriot Act) and Section 702 of FISA.
A Guide to the Spanish Cookie Guidance (July 17, 2013)
Earlier this year, the Spanish Data Protection Authority, in conjunction with industry representatives, released the "Guía sobre el uso de las cookies,” or the Spanish cookie guidance. The guide contains recommendations on how to satisfy the requirements of Spanish law on electronic commerce.
Warning Bells for an Enforcement Tsunami? Regulators and CPOs Weigh In (July 17, 2013)
CPOs and regulators weigh in on whether recent actions against Google are a sign that enforcement actions are about to increase significantly. The message: "Accountability is required, and the big and small should prepare."
What You Need To Know About NSA Mass Acquisition of Telephony Metadata (July 16, 2013)
The U.S. government maintains that its massive acquisition of information concerning the telephone communications of millions of Americans complies with the Foreign Intelligence Surveillance Act. In this exclusive, David Bender examines whether such surveillance does in fact fall within FISA’s legal framework.
Harris To Step Down at CDT, Looks To Continue Global Growth, Legislative Progress (July 12, 2013)
Leslie Harris, who has headed the Center for Democracy & Technology since 2005, announced this month that she will resign from her post in March of 2014, just as the CDT celebrates its 20th anniversary. In this conversation, Harris made it clear that she is not retiring but rather “right-sizing,” and she is hardly done with her work in the privacy arena. Hear her thoughts on CPOs' human rights obligations, the status of current legislation, where CDT goes from here and more.
Data Breaches Abound in the U.S., UK and Online (July 11, 2013)
Across the U.S. and the UK, data breach incidents, investigations and litigation have been making headlines in the past two weeks. And, globally, a videogame maker has reported a breach that may have affected four million of its users. Here are some of the top data breach stories, as well as links to insights on breach trends and how to address a breach if it happens.
First PCLOB Meeting’s Ideas for USA PATRIOT Act; FISA Improvements May Affect Interaction with Private Industry (July 10, 2013)
At the Privacy and Civil Liberties Oversight Board’s first public meeting since its reemergence under new Chairman David Medine, the focus was very precise: What direct and concrete improvements could be made to improve “Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of Foreign Intelligence Surveillance Act.” Ideas generated included making the FISA Court adversarial, decreasing the vagueness around “data minimization,” instituting a data retention law and a number of other suggestions. Here we examine the potential impact on private industry.
The Future of Data Dealer Is in the Balance (July 9, 2013)
A couple of months back, we told you about Data Dealer, a browser-based game that both tweaked the data brokerage industry and educated players about how PII is collected and sold in the global marketplace. Not long afterward, the team of open source coders and developers at Cuteacute Media who have been working on Data Dealer launched a Kickstarter campaign to raise funds that would allow them to take Data Dealer from the demo stage to a full multi-player game, and could now use a little help.
ITALY—Garante Orders Facebook To Provide Clarifications (July 5, 2013)
The Italian Data Protection Authority (DPA), the Garante, is requiring Facebook to provide clarifications by July 20 on personal data processing following recent announcements of a “bug” that caused the exposure of personal information.
Creating the Armor for the Future of Education: The Balance Between Innovation and Privacy (July 2, 2013)
Researchers, innovators and thought-leaders all over the world are thinking about education. From danah boyd to Sugata Mitra to the Aspen Institute, they’re discussing ways the Internet, social networks, mobile media and gaming technology are affecting our youth and the way they learn.
Roundup: NSA, UK Fallout Persists (July 1, 2013)
The New York Times' Kevin O’Brien writes, “Europe was in an uproar Sunday over a magazine’s charge that Washington bugged European Union offices in the United States,” and Der Spiegel has quoted German Chancellor Angela Merkel’s as saying, “The monitoring of friends—this is unacceptable. It can't be tolerated. We're no longer in the Cold War.” This roundup examines the key headlines of the past three days as well as the varying opinions now being published on the implications of the allegations of spying by U.S. and UK government programs.