Blog

The place where we write some words

10Jul 2023

The EU-U.S. Data Privacy Framework: LONG-AWAITED, READY TO BE CONTESTED, AND RAISING MORE QUESTIONS THAN ANSWERS

By 10 Jul 2023 European Commission, GDPR, International Data Transfers, Privacy and data protection, Privacy Shield No tags Permalink

The EU-US Data Privacy Framework is finally a reality. Today the European Union announced the approval of the much-awaited Adequacy decision (see here), officially recognising the United States as a country that provides sufficient protections for the data of EU citizens which is transferred across the Atlantic. The decision comes following lengthy negotiations and a long period ...

Continue Reading...
25May 2023

5 years of the GDPR: A call for sustainability

By 25 May 2023 Corporate Social Responsibility, GDPR, Maastricht University, Privacy and data protection No tags Permalink

Today we celebrate 5 years of GDPR enforcement, the “birthday” of our revolutionary European legal data protection framework. Each year, I look forward to this anniversary and take time to reflect on the past, present, and future of data protection. While criticizing enforcement of the GDPR seems to be in vogue as of late, I remain ...

Continue Reading...
11May 2023

Training the Data Protection Authority of Rwanda

By 11 May 2023 Uncategorized No tags Permalink

Yesterday and today I have had the privilege of training the Data Protection Authority of Rwanda. We had very interesting discussions at the core of matter, e.g., on the the concept of personal data, on anonymisation, pseudonymisation, tokenisation and encryption, the operationalisation of the risk-based approach, etc. The new Rwandan law relating to the protection ...

Continue Reading...
03May 2023

3rd UM-DPCSR Permanent Stakeholder meeting

By 03 May 2023 Uncategorized No tags Permalink

This afternoon Kate Francis and I presented Principle 2 of the Maastricht University Data Protection as a Corporate Social Responsibility Framework (UM-DPCSR Framework) to the Members of the Permanent Stakeholder Group, a community of Data Protection, Intergovernmental, Education, and Business Stakeholders who are helping us to gauge the feasibility of the controls we have identified to ...

Continue Reading...
20Apr 2023

DPCSR at the 2023 Privacy Symposium in Venice

By 20 Apr 2023 Uncategorized No tags Permalink

This morning I moderated the Privacy, ESG and CSR panel at the 2023 Privacy Symposium Conference in Venice. Many thanks to panelists Immaculate Kassait, MBS (Data Protection Commissioner of Kenya), Sophie Nerbonne (CNIL), Guido Scorza (GPDP), Massimo Marelli (International Committee of the Red Cross), Cosimo Monda (ECPC), Sara Agnello (Stellantis), and Emerald De Leeuw-Goggin (Logitech). It was truly remarkable to hear representatives of Supervisory Authorities involved agree that privacy and data ...

Continue Reading...
05Apr 2023

2nd UM-DPCSR Permanent Stakeholder Group Meeting

By 05 Apr 2023 Uncategorized No tags Permalink

Yesterday we held the second meeting of the Data Protection as a Corporate Social Responsibility (UM-DPCSR) Permanent Stakeholder Group! We discussed Principle 1, comprised of five Rules. We specifically considered the application of the controls. In the coming days, we will share a survey with the Permanent Stakeholders to identify best practices in their relevant ...

Continue Reading...
14Mar 2023

1st Data Protection as a Corporate Social Responsibility (DPCSR) Permanent Stakeholder Group Meeting

By 14 Mar 2023 Uncategorized No tags Permalink

We are very happy to have kicked off the Data Protection as a Corporate Social Responsibility (DPCSR) Permanent Stakeholder Group today! Over the course of the next six months, together with this group of like-minded persons from Data Protection Supervisory Authorities, Intergovernmental Organizations, Education, and Industry, we will work to concretely improve our digital society ...

Continue Reading...
28Jan 2023

Happy Data Protection Day 2023!

By 28 Jan 2023 Privacy and data protection, Security No tags Permalink

Today is Data Protection Day, the day when we celebrate the anniversary of Convention 108 opening for signature. Convention 108 is the first legally binding international law aiming to ensure that the fundamental rights of individuals are respected in the context of personal data processing activities. Each year when January 28th comes around, I ask ...

Continue Reading...
30Dec 2022

Are the GEDI Group’s cookie banners compliant with the GDPR?

By 30 Dec 2022 Cookies, ePrivacy, GDPR, Italian Data Protection Law, Privacy and data protection No tags Permalink

In recent weeks, cookies have received a great deal of attention in Italy after Italian media conglomerate, GEDI Gruppo Editoriale S.p.A., implemented new cookie banners across a number of its websites (e.g., La Repubblica, La Stampa, Huffpost, Il Secolo XIX).  GEDI is not alone, however, as other major Italian newspapers such as Corriere della Sera, ...

Continue Reading...
13Dec 2022

Draft adequacy decision for the EU-U.S. Data Privacy Framework

By 13 Dec 2022 Uncategorized No tags Permalink

This afternoon, the European Commission announced that it has (finally) finalised its much-awaited draft adequacy decision for the EU-U.S. Data Privacy Framework. According to the Commission, the draft adequacy decision “reflects the assessment by the Commission of the US legal framework and concludes that it provides comparable safeguards to those of the EU”. The decision has been sent to ...

Continue Reading...