Standard Post with Image

European Parliament Threatens Suspension of Privacy Shield

On July 5, the European Parliament adopted a non-binding resolution recommending the suspension of the EU-U.S. Privacy Shield as an approved framework for transferring personal data from the EU to the U.S. if the U.S. is not fully compliant with the program by September 1, 2018.

The Privacy Shield is an agreement between the U.S. and EU allowing businesses to transfer personal data to the U.S. from the EU in compliance with EU data protection requirements. The Privacy Shield is necessary because the European Commission has previously determined that the United States’ existing privacy laws do not provide an adequate level of data protection as required by EU data protection laws. The inadequacy determination notwithstanding, the Privacy Shield is one of several approved and lawful bases for transferring data between the U.S. and the EU. Without one of these lawful bases, the European Parliament has determined that data transfers between the U.S. and EU are not sufficiently protected and violate EU and member-state laws.

Find out more on this topic here
Standard Post with Image

CJEU ruled against collection of data by religious communities

The Court of Justice of the European Union (CJEU) has recently stated that religious communities such as Jehovah's Witnesses are considered data controllers when collecting information in the process of door-to-door preaching. The CJEU declared that “The fact that door-to-door preaching is protected by the fundamental right of freedom of conscience and religion enshrined in Article 10(1) of the Charter of Fundamental Rights of the European Union, does not confer an exclusively personal or household character on that activity because it extends beyond the private sphere of a member of a religious community who is a preacher”. The position of the Court is supported by EU data protection laws and the Court holds that the organised and coordinated collection of personal data is not necessary for the religious needs. Furthermore, no written guidelines or instructions are given to the members of the communities, in violation of the requirement for privacy policies and guidelines. The Court concludes that these finding cannot be called into question by the principle of organisational autonomy of religious communities guaranteed by Article 17 TFEU.

Find the press release of the CJEU here:

Full text of the judgement here:
Standard Post with Image

Italian’s Personal Data Protection Authority presents the Report on the activities carried out in 2017

On July 10, the Italian’s Personal Data Protection Authority presented the Report on its activities carried out in 2017. The Report contains an analysis on the implementation of privacy legislation in Italy. Additionally, it contains prospects towards which the Authority intends to move with the aim of ensuring a more effective protection of personal data and of providing responses to the challenges posed by new economic models based on data exploitation and the increased need to protect people's fundamental rights. Among the main actions undertaken by the Authority in 2017, are the consolidation of the protection of personal data through transparency and the fight against cyberbullying. In particular, the latter has been developed fostering measures and procedures for the removal of offensive content from the web and allowing the activation of a timely intervention network. The application of the EU GDPR is described in details in the Report. It is worth noting that the Italian DPA has consistently worked with peer EU Authorities in the elaboration of important guidelines. Concerning its supervisory activities, the Authority lists the investigations on a number of dossiers and on data breaches. Conclusively, the Report elaborates on the need for transparency of the Public Administration procedures and in the health sector. The Italian DPA celebrates its twentieth year of activity in 2018.

The report is available, in Italian language, here
Standard Post with Image

New Zealand's Privacy Act to be changed

A new bill on data protection was introduced in New Zealand on March 20. The bill implements measures against the loss of data and promotes people’s confidence that their personal information is secure and will be treated properly. The law follows similar changes taken by the Australian government in February 2018 and will replace the 1993 Privacy Act of New Zealand. The latter did not have mandatory data breach notification regulations. With the new bill, companies will be required to notify data breaches to the Privacy Commission increasing security of data storing and sharing. In addition to data breach notification obligations, the bill aims at strengthening cyber-security through the implementation of measures such as employees’ education, privacy disclosures and security policies.

The original document is available here

A description of the ameliorations introduced by the bill is available here:

Find the 1993 Privacy act of New Zealand here:
Standard Post with Image

India’s cryptocurrency ban has come into force

The ban on cryptocurrency of the Reserve Bank of India (India’s Central Bank) has come into force on July 6, 2018. The related statement of the Bank forbids the provision of services of crypto-related businesses. Since its issuance on the 5th of April, companies have tried to remove the ban petitioning a decision of the Supreme Court to that extent. The related proceeding is still ongoing, and the next hearing in the case is scheduled for July 20. A governmental regulation against cryptocurrencies is expected in early July.

Find the RBI’s original Statement on Developmental and Regulatory Policies here
    Page 1 of 70