Irish DPC issues guidance on anonymisation and pseudonymisation
Ireland's data protection authority published guidance on the use of data anonymisation and pseudonymisation.
More →
Latest Posts
NHTSA releases guidelines for cybersecurity of cars
National Highway Traffic Safety Administration (NHTSA) has released best practice guidelines for vehicle cybersecurity. Guidelines are aimed to car makers and their purpose is to help improve car security. However, 22 pages document is non-binding – there’s no regulatory imperative requiring that car makers meet these standards. Full article and guidelines
More →
ICO publishes guidance on privacy notices under GDPR
UK’s Information Commissioner’s Office (ICO) has published guidance on privacy notices under EU General Data Protection Regulation (GDPR). GDPR introduces new requirements for controllers on notifying data subjects about processing of their data. GDPR requires privacy notices to be understandable and accessible. ICO’s guidance provides best practice on communicating privacy information to individuals. Access guidance
More →
Dynamic IP address is personal data, rules CJEU
Yesterday (October 19, 2016) the Court of Justice of the European Union (CJEU) issued its judgment in case Patrick Breyer v. Bundesrepublik Deutschland, in which court recognizes that dynamic IP addresses registered by websites are personal data. CJEU followed the Opinion of the Advocate General delivered earlier this year. In its decision CJEU concluded that […]
More →
EDPS issues opinion on Big Data
On September 23 the European Data Protection Supervisor (the “EDPS”) Giovanni Buttarelli published his opinion “Coherent enforcement of fundamental rights in the age of big data”. This opinion is part of an ongoing project, launched in March 2014 with the EDPS’ “Preliminary Opinion on Privacy and Competitiveness in the Age of Big Data”.It addresses the concern […]
More →
CISPE publishes Code of Conduct for Cloud Infrastructures Services
Cloud Infrastructure Services Providers in Europe (“CISPE”) – a relatively new coalition of more than 20 cloud infrastructure providers operating in Europe – has recently published its first Code of Conduct for Cloud Infrastructures Services. The CISPE Code of Conduct: Gives a framework to comply with the General Data Protection Regulation Excludes the reuse of […]
More →
World’s biggest Internet hub sues German government over surveillance
On September 9, 2016, the operator of the world’s largest Internet hub, De-Cix, filed lawsuit against the German government to stop mass surveillance by the German intelligence agency Bundesnachrichtendienst (BND). De-CIX is challenging the legality of orders from the BND to implement monitoring of communications flowing through its Frankfurt Internet exchange point. De-CIX insists that […]
More →
UK government breached personal data security 9,000 times in a year, watchdog reveals
UK’s National Audit Office (NAO) has found that government has breached personal data security nearly 9,000 times in a year. Most of breaches – about 6,000 – are on HMRC. NAO found that 17 largest departments recorded 8,995 data breaches in years 2014-2015, but reported to the Information Commissioner (ICO) only 14 incidents. Although not […]
More →
The geographical scope of application of the right to be forgotten
Michel Reymond has published a paper “Hammering Square Pegs into Round Holes: The Geographical Scope of Application of the EU Right to Be Delisted” where he explores the extraterritorial effects of the decision of Court of Justice of European Union (CJEU) in so called Google Spain case. In that case CJEU recognized “right to be forgotten” or, according Michel […]
More →