Dutch data protection authority investigate on GDPR compliance progress of government bodies
The Dutch data protection authority (AP) reported on a press release that from the initial list of 400 public sector organizations, 4% of them had not yet appointed a Data Protection Officer (DPO) by the deadline of June 1, 2018, noting that “almost all audited public sector organizations have already notified a DPO to the AP.” The 400 hundred institutional bodies audited included municipalities, provinces, water boards, ministries and a number of independent administrative bodies. The AP is supervising the progress made since the introduction of the General Data Protection Regulation (GDPR) in May 2018. Under the GDPR, all authorities and public organizations must appoint an independent DPO to guaranty compliance with the privacy legislation. The AP also announced it will broaden its audit to the private sector and begin verifying whether companies such as health insurers and hospitals have appointed DPOs or are keeping a register of processing activities, as required by the GDPR.Link to the press release of the Dutch Autoriteit Persongegevens (AP) (Dutch language)
Cybercrime New Amendment Law in the UAE
The Cybercrime new amendment was published on August 13, 2018 and increases the range of imposed sanctions against violators. It also introduces new measures, such as probation and restriction on using electronic mediums, obligatory deportation, among other hefty sanctions.
The new amendment elaborates on serious electronic crimes incidents that can potentially undermine the public safety, facilitate heat, promote or support terrorismactivities and/or organizations. In fact, the existing Cybercrime Law which was enacted in 2012 included major sanctions but our reading of this Amendment intends to deal with the negative effect of misusing online platforms, such as website or social media accounts, on national security, social stability and harmony between people who come from different backgrounds, i.e. color, race, religion and ethnicity livening in the local communities.
Identity fraud drops in the UK, but it is not enough
According to Cifas, the UK’s leading fraud prevention service, the number of identity frauds in the UK dropped with 5% in the first semester of 2018 compared to the same period in 2017. Considering that the average number of scams has been steady for the last four years, this is a promising development. However, even if the volume of identity fraud attacks against bank account holders decreased with 12% and attempts to obtain mobile phone contracts declined with 34%, identity fraud against online retail accounts and fraudulent applications for credit and debit cards increased with 24% and 12% respectively. This shows that fraudsters are still capable of adapting quickly to elude new security measures.The new Cifas figures are available here
The Danish Data Protection Agency has declared that they are going to tighten up their practice regarding the enforcement of requirements for security when transmitting personal data by e-mail. In the past it has only been mandatory for public authorities to use encryption when transmitting confidential and sensitive personal data by email via the internet and it has been the Authority’s practice to recommend, rather than to require, that the private sector use encryption. However, as a result of the General Data Protection Regulation’s risk-based approach to information security, and also taking the technical developments of the last decade into consideration, the Danish Data Protection Agency has decided that the requirement to use encryption when transmitting confidential and sensitive personal data by email shall now apply equally to the private sector. The Danish Data Protection Agency recognizes that this change in practice will entail significant adjustments for the private sector and therefore has stated that the new practice will not be enforced before 1 January 2019.
For more information on this or any other data protection issue in Denmark, please contact Ruth Caddock Hansen at [email protected]
Brazil adopts Data Protection Law
Today Brazil adopted a Data Protection Law (LGPD), but not without controversy. The law, which will enter into force in 18 months and will make Brazil one of 128 countries to have adopted such legislation, comes without crucial provisions. The most discussed deficiency consists in the absence of a Data Protection Authority, vetoed by the Brazilian President Temoer who has said that the authority will be created through a separate bill. The law touches most of the main principles of other Data Protection Regulations, such as provisions on privacy by design and by default, recording of data processing activities, as well as the duty to conduct data protection impact assessments, to notify data breaches and to appoint a data protection officer.The law is available here (Portuguese only)