Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc.
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service.
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation.
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks.
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act.
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list.
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing.
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls.
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker.
The Year’s Top 10 Stories in The Privacy Advisor (December 20, 2013)
While this may have been the year of Edward Snowden, it’s not surprising here in the IAPP offices to see that the year’s top stories focused on the practical aspects of privacy. But there was quite a bit of news, wasn’t there?
Striking the Balance—Privacy versus Security and the New White House Report (December 19, 2013)
The Snowden revelations have had a significant impact on trust in the government, international relations and how we view privacy. On December 18, a Presidential Commission released a report reviewing the government surveillance program in the aftermath of the Snowden disclosures.
ITALY—DPA Resolution Provides More Protection for Traffic Data (December 17, 2013)
With many concerns about the management of both telephone traffic data and electronic communication traffic data retained for justice purposes, by means of a first resolution, the Italian Data Protection Authority (Garante) has forbidden certain unlawful data processing to a foreign company by prescribing to the latter a set of technical and organizational measures.
Federal Judge Rules NSA Phone Metadata Collection Program Likely Unconstitutional (December 17, 2013)
A federal judge has ruled that the U.S. National Security Agency’s phone metadata collection program is likely unconstitutional, Politico reports. U.S. District Court Judge Richard Leon, an appointee of former President George W. Bush, said the program appears to violate the Fourth Amendment and the Justice Department has not successfully demonstrated that the program has thwarted terrorism. This roundup looks into the ruling and gathers together media reactions.
Ten Years and Two Terms Later, A Look at Peter Hustinx’s Legacy (December 17, 2013)
European Data Protection Supervisor (EDPS) Peter Hustinx’s second five-year term ends this month, and a new leader will soon be appointed. It is worth taking time to note that those who live and breathe European data protection nearly universally agree Hustinx leaves behind both a sterling reputation and an agency that’s evolved into an influential and highly respected supervisory authority since its establishment in 2004. In this exclusive, Angelique Carson, CIPP/US, speaks with Willem Debeuckelaere, Chris Doxsey, Dimitrios Droutsas, Sophie in ‘t Veld, Billy Hawkes, and Christopher Wolf about the legacy Hustinx leaves behind and the shoes his successor will have to fill.
CPO, Activist, Former NSA Counsel Square Off at DPC (December 17, 2013)
The most fiery discussion at the IAPP Data Protection Congress in Brussels came during its final session, with IAPP VP of Research and Education Omer Tene doing his best to referee a conversation between former NSA General Counsel Stewart Baker, anonymous Internet platform Tor’s Jacob Appelbaum, Vodafone CPO Stephen Deadman and Ralf Bendrath, policy advisor to German MEP and Data Protection Regulation Rapporteur Jan Philip Albrecht. Publications Director Sam Pfeifle details some of the highlights from the session, “Have You Been NSA’d? Government Access and the New EU Regulation.”
THE NETHERLANDS—Dutch DPA Gets Power To Fine (December 12, 2013)
Dutch Data Protection Authority (CBP) Chairman Jacob Kohnstamm told the audience of the National Data Protection and Privacy Conference in Rotterdam on December 11 that his office will get the power to fine organizations in both the public- and the private-sector for violations of the Dutch Personal Data Protection Act (WBP). The fine could be as high as 780,000 euros, or about U.S. $1 million, per violation.
Keynote: Forget Notice and Choice, Let’s Regulate Use (December 12, 2013)
There are few privacy principles more generally ingrained than the ideas of notice and choice for consumers. However, said Viktor Mayer-Schönberger from the IAPP Data Protection Congress keynote stage, “The naked truth is that informational self-determination has turned into a formality devoid of meaning and import.” He suggests that rather than giving up on privacy, “what we need is a new protection mechanism. A paradigm adjustment to ensure privacy in the age of Big Data.”
EU, U.S. Officials Indicate Potential Privacy Agreement at Data Protection Congress (December 11, 2013)
The keynote stage at the IAPP Data Protection Congress in Brussels became a diplomatic back-and-forth as Constantijn van Oranje-Nassau, Head of Cabinet of Vice-President of the European Commission, Commissioner for the Digital Agenda Neelie Kroes, delivered the European Commission’s view of data protection and then was followed by an address from U.S. Federal Trade Commissioner Julie Brill. Reading between the lines, writes Publications Director Sam Pfeifle, there were reasons to be encouraged that Safe Harbor and the free flow of data between continents will continue.
Top Six Inadequacies Found During Privacy Audits (December 10, 2013)
Would you be able to guess the top six failure points found in Osborne Clarke’s last 20 privacy audits? At the IAPP Europe Data Protection Congress, that is exactly what attendees were tasked with doing, in a Family Feud/Family Fortunes
-style challenge of determining just what the “Survey says.” Publications Director Sam Pfeifle details just what the top failure points highlighted during the “Audit Programmes” session were—noting some of the results were not what attendees expected.
Where Things Stand Now (December 5, 2013)
Reforming the outdated EU legislative framework governing data protection was always going to be a daunting task.
Big Data Jobs Board Sees Privacy Jobs Growing Fastest (December 4, 2013)
While Big Data jobs are growing at a 26-percent clip, privacy jobs as a subset of those Big Data roles are growing even faster. Such are the findings at iCrunchData.com, a Big Data-focused jobs board that this year has begun tracking Big Data positions throughout the entire U.S. through its Big Data Jobs Index.