Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
The Year’s Top 10 Stories in The Privacy Advisor (December 20, 2013)
While this may have been the year of Edward Snowden, it’s not surprising here in the IAPP offices to see that the year’s top stories focused on the practical aspects of privacy. But there was quite a bit of news, wasn’t there?
Striking the Balance—Privacy versus Security and the New White House Report (December 19, 2013)
The Snowden revelations have had a significant impact on trust in the government, international relations and how we view privacy. On December 18, a Presidential Commission released a report reviewing the government surveillance program in the aftermath of the Snowden disclosures.
ITALY—DPA Resolution Provides More Protection for Traffic Data (December 17, 2013)
With many concerns about the management of both telephone traffic data and electronic communication traffic data retained for justice purposes, by means of a first resolution, the Italian Data Protection Authority (Garante) has forbidden certain unlawful data processing to a foreign company by prescribing to the latter a set of technical and organizational measures.
ITALY—Garante Rules for Citizen in Case Involving Debt Collection and Pre-Recorded Telephone Message (December 17, 2013)
Panetta & Associati’s Rocco Panetta examines two recent actions by Italy’s DPA, the Garante.
Federal Judge Rules NSA Phone Metadata Collection Program Likely Unconstitutional (December 17, 2013)
A federal judge has ruled that the U.S. National Security Agency’s phone metadata collection program is likely unconstitutional, Politico reports. U.S. District Court Judge Richard Leon, an appointee of former President George W. Bush, said the program appears to violate the Fourth Amendment and the Justice Department has not successfully demonstrated that the program has thwarted terrorism. This roundup looks into the ruling and gathers together media reactions.
Ten Years and Two Terms Later, A Look at Peter Hustinx’s Legacy (December 17, 2013)
European Data Protection Supervisor (EDPS) Peter Hustinx’s second five-year term ends this month, and a new leader will soon be appointed. It is worth taking time to note that those who live and breathe European data protection nearly universally agree Hustinx leaves behind both a sterling reputation and an agency that’s evolved into an influential and highly respected supervisory authority since its establishment in 2004. In this exclusive, Angelique Carson, CIPP/US, speaks with Willem Debeuckelaere, Chris Doxsey, Dimitrios Droutsas, Sophie in ‘t Veld, Billy Hawkes, and Christopher Wolf about the legacy Hustinx leaves behind and the shoes his successor will have to fill.
CPO, Activist, Former NSA Counsel Square Off at DPC (December 17, 2013)
The most fiery discussion at the IAPP Data Protection Congress in Brussels came during its final session, with IAPP VP of Research and Education Omer Tene doing his best to referee a conversation between former NSA General Counsel Stewart Baker, anonymous Internet platform Tor’s Jacob Appelbaum, Vodafone CPO Stephen Deadman and Ralf Bendrath, policy advisor to German MEP and Data Protection Regulation Rapporteur Jan Philip Albrecht. Publications Director Sam Pfeifle details some of the highlights from the session, “Have You Been NSA’d? Government Access and the New EU Regulation.”
THE NETHERLANDS—Dutch DPA Gets Power To Fine (December 12, 2013)
Dutch Data Protection Authority (CBP) Chairman Jacob Kohnstamm told the audience of the National Data Protection and Privacy Conference in Rotterdam on December 11 that his office will get the power to fine organizations in both the public- and the private-sector for violations of the Dutch Personal Data Protection Act (WBP). The fine could be as high as 780,000 euros, or about U.S. $1 million, per violation.
Keynote: Forget Notice and Choice, Let’s Regulate Use (December 12, 2013)
There are few privacy principles more generally ingrained than the ideas of notice and choice for consumers. However, said Viktor Mayer-Schönberger from the IAPP Data Protection Congress keynote stage, “The naked truth is that informational self-determination has turned into a formality devoid of meaning and import.” He suggests that rather than giving up on privacy, “what we need is a new protection mechanism. A paradigm adjustment to ensure privacy in the age of Big Data.”
EU, U.S. Officials Indicate Potential Privacy Agreement at Data Protection Congress (December 11, 2013)
The keynote stage at the IAPP Data Protection Congress in Brussels became a diplomatic back-and-forth as Constantijn van Oranje-Nassau, Head of Cabinet of Vice-President of the European Commission, Commissioner for the Digital Agenda Neelie Kroes, delivered the European Commission’s view of data protection and then was followed by an address from U.S. Federal Trade Commissioner Julie Brill. Reading between the lines, writes Publications Director Sam Pfeifle, there were reasons to be encouraged that Safe Harbor and the free flow of data between continents will continue.
Top Six Inadequacies Found During Privacy Audits (December 10, 2013)
Would you be able to guess the top six failure points found in Osborne Clarke’s last 20 privacy audits? At the IAPP Europe Data Protection Congress, that is exactly what attendees were tasked with doing, in a Family Feud/Family Fortunes-style challenge of determining just what the “Survey says.” Publications Director Sam Pfeifle details just what the top failure points highlighted during the “Audit Programmes” session were—noting some of the results were not what attendees expected.
Where Things Stand Now (December 5, 2013)
Reforming the outdated EU legislative framework governing data protection was always going to be a daunting task.
Big Data Jobs Board Sees Privacy Jobs Growing Fastest (December 4, 2013)
While Big Data jobs are growing at a 26-percent clip, privacy jobs as a subset of those Big Data roles are growing even faster. Such are the findings at, a Big Data-focused jobs board that this year has begun tracking Big Data positions throughout the entire U.S. through its Big Data Jobs Index.