Data Protection as a Corporate Social Responsibility

I've been saying it for quite some time, but it is becoming ever-more clear that Data Protection in itself can represent a new form of Corporate Social Responsibility. No present or forthcoming legal framework (whether it be the EU’s much-discussed General Data Protection Regulation or new competition rules) will ever be able to effectively regulate our ...

Wojciech Wiewiórowski (EDPS) on Civil society organisations as allies of DPAs

Earlier this week in his blog, Wojciech Wiewiórowski (Assistant Supervisor at the EDPS) discussed the importance of civil society organisations as strategic allies of European DPAs because they play an important role in the practical application of data protection principles by "empowering individuals to assert their rights and holding data controllers accountable for their actions." Wiewiórowski pointed out ...

The New Surinamese Privacy and Data Protection (SPDP) Law

On 3 May 2018 I officially presented the Surinamese Privacy and Data Protection (SPDP) Law to the Parliament. The reaction was positive and Members of the Parliament were interested in understanding the key provisions of the SPDP Law, acknowledging the need in the country to establish the fundamental right to personal data protection and, more ...

#CoE Treaty No.108: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data

The Council of Europe Committee of Ministers has approved the modernisation of Treaty No. 108, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. The amending protocol will be formally adopted next week by the  Committee of Ministers  during their annual ministerial session on 18 May 2018 in Elsinore (Denmark). In it's Summary Report on co-operation between the ...

Coordinated approach to #ArtificialIntelligence for Europe

On April 25th the European Commission published an official communication "Artificial Intelligence for Europe {SWD(2018) 137 final}" in which it stressed the importance of having a coordinated approach to AI in order to take full advantage of the benefits that it can bring to EU member states and to society in general. In fact, in early April 24 ...

Italian DPA prohibits companies from using software that monitors employees

On 8 March 2018, the Italian Data Protection Authority banned any further processing activities of the Customer Care employees’ data, carried out by an important Italian telecommunication company through a software (namely, Salesforce Arcadia) that handled the calls to subscribers. The software not only processed n data related to the calls of the customers and their ...

The Italian Garante on the Data Protection Officer in the private sphere

On 26 March 2018, the Italian Data Protection Authority published its new “frequently asked questions”  related to the figure of the Data Protection Officer (DPO) in the private sphere. The FAQs are a useful tool that can provide addition clarification regarding the figure of DPO together with the Article 29 Working Party (“WP29”) Opinion on ...

#Art29WP Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

In its Position Paper the Article 29 WP provides us with clarification with respect to the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR. The Article 29 WP's position on the derogation from this obligation, specifying that the derogation provided by Article 30(5) is not absolute and that in fact, the article ...

#Art29WP publishes Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR

On 11 April 2018, the Article 29 Working Party published its Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR. The document updates the WP 107 and outlines cooperation procedures in line with the GDPR. Some important points to consider: binding corporate rules are to be ...

GDPR Workshop in Amsterdam

Only 24 business days before The European General Data Protection Regulation (wet AVG) will enter into effect. Though many companies approach compliance activities as a purely legal matter, the GDPR is more than a necessary business requirement. In this GDPR Workshop, hosted by ICT Legal Consulting International, Professor Dr. Paolo Balboni will present a strategic ...