The purpose of this article is to summarize the lessons that a company can learn from the Morrisons Case with regard to the level of protection that can be considered as “sufficient” and “adequate” for the protection of the personal data of their employees. [1] In our daily practice, our clients are more often than […]
English Posts
Privacy Impact Assessments: A software tool by the French DPA
The French Data Protection Authority, Commission Nationale Informatique et Liberte (CNIL), released a tool to support data controllers to be compliant with the upcoming General Data Protection Regulation (GDPR). The tool is aimed at automating the obligatory assessments of risk posed by data protection activities to the rights and freedoms of data subjects according to […]
Change is Coming in Ireland: Implementing the GDPR
With the General Data Protection Regulation (GDPR) less than a year away from implementation, Ireland’s Data Protection Commission could quickly become one of the busiest in Europe. New rules dictating that multinationals can treat any supervisory authority as their single regulating body may lead to Google, Amazon, Facebook, Twitter, LinkedIn, Microsoft, and many more tech […]
The obligatory sharing of clinical trial data in the European Union
The European Union aims at entering a new era of clinical trials by enforcing the steps towards personalized medicine. Instead of searching for the best therapy to treat a certain diagnosis, they are moving towards pursuing the best suitable individual therapy. To meet this approach, Big Data technologies have developed new therapies and potential positive […]
New fine to Facebook from the Spanish Data protection Authority
The Spanish Data Protection Authority (AEPD) has condemned Facebook Inc. to the payment of a sanction of 1,200,000 Euros for the existence of two serious and one very serious infringements of Data Protection Law. According to the Agency, Facebook treats personal data for advertising purposes without express consent of the data subjects and does not […]
Privacy at risk: Monitoring of employees and the use of (new) technologies at work
The monitoring of employees at work, or more generally the processing of data in the employment context, is a topic that has been debated for as long as the Data Protection Directive (Dir 95/46/EC – DPD) has been around. Nonetheless, due to the emergence of new technologies and changing work polices, the topic is red […]
Japan on Its Way to Data Protection Adequacy?
Data transfers to countries outside the European Economic Area are only legal if –in addition to the requirement of a legal basis or the data subject’s consent– an adequate level of data protection in that country can be guaranteed. One way this can be achieved is an Adequacy Decision of the European Commission. The Commission […]
Data Protection in the era of Brexit
One of the most controversial matters to be addressed within the context of Brexit, has created uncertainty in the data protection realm. Although United Kingdom is leaving the European Union, there seems to be a general consensus to maintain constant data flows between the UK and the EU. On August 24 2017, the UK government […]
Your Heart Rate Data Can Land You in Jail
This so happened in Ohio last fall, when a man was convicted of aggravated arson and insurance fraud based on evidence provided by the data from his cardiac pacemaker. A man, whose house had burnt down, was investigated against after traces of fire accelerant had been found by the police. The suspect claimed that he […]
Personal Data in China. A Step towards Protection.
Currently, there is no specific data protection law in China; rules relating to personal data protection are found in different laws and regulations. Some weeks ago, on 1 June 2017, the new Cybersecurity Law entered into force. We already wrote about it here. Recently, a new draft of a Standard called “Information security techniques – […]
What do They Know, and How are You Being Tracked Online?
We have heard on how companies are tracking our data, and we have a vague idea on where and when our personal data is being gathered. However, corporate surveillance has been in constant development providing more information about a person than ever before. As an internet user, how much do you know about your personal […]
Fines to Facebook and WhatsApp for breach of privacy and antitrust law
€ 150 Million fine to Facebook by French Data Protection Authority Last week, the French Data Protection Authority (DPA) has condemned Facebook Inc. and Facebook Ireland to the payment of a € 150 million fine. The sanction is part of a joint investigation carried out by the data protection authorities of France, German Land of […]
“Obamacare for the Internet” – Republicans Push to Abolish Net Neutrality
The Federal Communications Commission (FCC) is the US regulatory authority that ensures compliance with the principles of net neutrality, which were established by the Commission’s Open Internet Order in February 2015. Net neutrality means that all content on the internet shall enjoy the same priority, i.e. Internet service providers and any authority regulating the Internet […]
Data protection impact assesment (DPIA)
The most recent document provided by the Article 29 Working Party (29 WP) provides guidelines for further comprehension on when and how to conduct a DPIA. The main goal of a DPIA is to: “describe the processing, assess the necessity and proportionality of a processing and to help manage the risks to the rights and […]
UK Home Office tracks “immigration offenders” through health system data
NHS Digital and the Home Office: the relationship The outgoing head of the UK’s Health and Social Care Information Centre (“NHS Digital”) claims to have repeatedly been pressured by the Home Office to provide them with the personal data of immigrant patients. In an interview with the Health Service Journal earlier this month, Kingsley Manning […]