Standard Post with Image

The European Data Protection Supervisor publishes a Privacy-friendly policymaking toolkit

The press release of the European Data Protection Supervisor on the Privacy-friendly policymaking toolkit stresses that it is “designed to help policymakers identify the impact of new laws on the fundamental right to data protection and determine the cases in which the limitation of this right is truly necessary”.  The document is titled Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A toolkit.

The press release is accessible here.

The toolkit is accessible here
Standard Post with Image

Irish Data Protection Commissioner publishes the 2016 Annual Report

The Irish Data Protection Commissioner has released the 2016 Annual Report.  The Commissioner reported a 50% increase in complaints lodged with the Authority with respect to the previous year, whereas there was a slight diminution of notification breaches related to the same period.  The 64 pages long document is relevant to learn about privacy trends and priorities in Ireland, a Country particularly important for the cases related to Google and Yahoo infront of the Irish High Court.  Among the 2017 Agency priorities, the GDPR-readiness stands as first.

The report can be accessed here
Standard Post with Image

The European Parliament adopts a resolution criticizing in the strongest terms the EU-US Privacy Shield

On 6 April 2017, the European Parliament voted a motion for a resolution that criticizes the adequacy of the protection of personal data of citizens under the EU-US Privacy Shield.  As known, the Shield laid down the arrangement for the transfer of personal data from the European Union to the United States.  Strong emphasis in given in the resolution to various elements of the Agreement, as it can be read in the motion: “Takes the view that these numerous concerns could lead to a fresh challenge to the decision on the adequacy of the protection being brought before the courts in the future; emphasises the harmful consequences as regards both respect for fundamental rights and the necessary legal certainty for stakeholders; […] Deplores the fact that the EU-US Privacy Shield does not prohibit the collection of bulk data for law enforcement purposes; […] Is alarmed by the recent revelations about surveillance activities conducted by a US electronic communications service provider on all emails reaching its servers, upon request of the National Security Agency (NSA) and the FBI, as late as 2015; […]eplores the fact that neither the Privacy Shield Principles nor the letters of the US administration providing clarifications and assurances demonstrate the existence of effective judicial redress rights for individuals in the EU whose personal data are transferred to a US organisation under the Privacy Shield Principles and further accessed and processed by US public authorities for law enforcement and public interest purposes, which were emphasised by the CJEU in its judgment of 6 October 2015 as the essence of the fundamental right in Article 47 of the EU Charter”.

The full text of the resolution is accessible here
Standard Post with Image

TRUSTe, Inc. agrees to settle privacy compliance violations with the NY Attorney General

The privacy compliance company has agreed to pay $ 100,000.00 and to revise its policies to strengthen privacy assessments on its clients, since the NY Attorney General Eric T. Schneiderman opened an investigation for violation of the COPPA.  The violations would have referred to the alleged TRUSTe Inc. lack of verification of the websites of “most or all” of its 32 customers for third-party tracking technology on those websites’ children’s webpages.  It is the first enforcement action targeting a privacy compliance company on children’s privacy breach.

Visit the NY Attorney General’s website to read the announcement on the settlement
Standard Post with Image

The NY Supreme Court rules that HIPAA does not apply to organ donor records

The Supreme Court of the State of New York, United States of America has decided that Health Insurance Portability and Accountability Act (HIPAA) regulations of 1996 do not apply to patient records from the New York Organ Donor Network.  The case originated from the claim of a former Network official that four patients had not been declared legally dead before their organs were harvested.  The plaintiff further argued that he had been illegally fired because he reported the events.  The NY Supreme Court ruled that the Network is not covered by HIPAA and that has to release the files related to the four patients.  The Court motivated that the defendant “failed to identify a federal regulation or case law that would prevent this Court from requiring disclosure”.

The decision is available here