Standard Post with Image

A case between LinkedIn and HiQ could play a leading role on the anti-hacking laws applicable to web-scraping

HiQ has scraped data from public LinkedIn profiles in order to elaborate such data and give them to the employers worried about their employees’ possible departure.  LinkedIn had warned HiQ several times considering that its activity violates the Computer Fraud and Abuse Act, and then started to limit the HiQ access to his network.  Now HiQ has claimed, in front of the Court of the Northern District of California, that its activities did not violate the abovementioned Act.  The Court decision could be fundamental to define if the anti-hacking law can be used to prevent the use of scraping tools, with high risks for companies that works with such instruments.

HiQ constantly publishes the development of the case on its website, all the documents are freely accessible at
Standard Post with Image

German Labour Court declares inadmissible evidence obtained through software for covert monitoring and control of employees in the workplace

The Bundesarbeitsgericht of Baden-Württemberg has ruled that the use of a software keylogger, which can record all keystroke inputs, on a workplace computer is inadmissible under Section 32 (1) of the Federal Data Protection Act (BDSG).  In particular, it ruled that the knowledge gained by the keylogger regarding the applicant’s privileges must not be used in judicial proceedings and that instruments for covert monitoring and control of the employee cannot be used without the suspicion, based on concrete facts, of an employee dangerous activity or other serious breach of duty.

Find the press release (in German language) at the Bundesarbeitsgericht’s website here
Standard Post with Image

Singapore PDPC inaugurates privacy initiatives to strengthen data protection confidence

The Personal Data Protection Commission (PDPC) of Singapore has announced a series of initiatives to enhance the data protection confidence of individuals and companies.  One consists in a public consultation of the review of the Personal Data Protection Act to foresee a breach notification mandate.  Others entail a new guideline on data sharing best-practices, and new plans for a Data Protection Trustmark certification framework by the end of 2018.  Furthermore, the PDPC has launched a notice of intent to participate in the APEC Cross-Border Privacy Rules System and the APEC Privacy Recognition for Processors System (APEC CBPR and PRP).

See the related PDPC media release here
Standard Post with Image

The Italian Unicredit bank suffers the data breach of 400.000 of its customers

Unicredit, one of the largest Italian banks, has announced of having suffered two cyber-attacks that would have affected the data of about 400.000 customers.  The first attack has occurred in September 2016 while the second between June and July 2017.  The bank has ensured that account passwords have not been violated while some other personal data and IBAN numbers may have been accessed.  Unicredit has announced its decision to invest of 2.3 billion euros in upgrading and strengthening its IT systems to ensure customers’ data safety and security.

The Unicredit press release is available here
Standard Post with Image

CNIL amends the single authorization on the automatic processing of personal data

The French Data Protection Authority (CNIL) has published its decision to adopt several amendments to the Decision No 2005-305 of 8 December 2005 on the single authorization of automatic processing of personal data implemented in the framework of whistleblowing schemes (AU- 004).  These amendments aim to align the Decision to the changes applied to the French law at the end of 2016.  In fact, the “Sapin II Law” has enhanced the transparency, the fight against corruption and the modernization of the economy in the French system.

The decision is available here