The Legal Aspects of Blockchain Technology: Smart Contracts, Intellectual Property and Data Protection: Part I

This blog series is based on a chapter for the forthcoming book entitled "Essentials of Blockchain Technology".  The chapter was written together with Martim Taborda Barata, LL.M., Senior Associate at ICT Legal Consulting International, and  lawyer registered at the Portuguese Bar Association.  Blockchain is part of the future.  Some consider it a revolutionary technology and others see it ...

PERSONAL DATA PROTECTION AND THE USE OF INFORMATION TO FIGHT ONLINE-TERRORIST PROPAGANDA, RECRUITMENT, AND RADICALIZATION: PART III

In this third blog post of my exploration into the matter based on an upcoming publication for CRC Press, part of the Online Terrorist Propaganda, Recruitment, And Radicalization Book Project that I wrote together with Dr. Milda Macenaite, I will specifically explore the legal data protection framework. The primary legal instrument in the EU regulating personal data processing in the law enforcement, i.e., in ...

5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR

The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...

4th EDPB Plenary session recap

On 16 November the European Data Protection Authorities gathered for the 4th plenary session of the European Data Protection Board and yesterday, 19 November, a summary of some of the most important aspects discussed at the meeting was published providing an update on the EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. Here are the main ...

EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities

On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...

Big data, smart data, my data, your data: Smart data protection by design (Part 1)

“The oil of the 21st century”, “the fuel of the digital economy”, the “data gold rush”. There’s no doubt that data is playing an ever-more important role in both the global society and the economy. The former Article 29 Working Party, renamed European Data Protection Board on 25 May 2018, when the GDPR became directly applicable ...

Scenari internazionali della data protection alla luce del nuovo Dlgs 101/2018

Intervistato da Federprivacy, spiego gli scenari internazionali della data protection alla luce del nuovo D.lgs. 101/2018, durante una pausa della mia docenza al Master Privacy Officer e Consulente della Privacy. Guardate qui.

The importance of the Records of processing activities (Art. 30 GDPR)

A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and ...

100 cross-border cases in the Internal Market Information System (IMI) under investigation: consistency is paramount

After the second plenary meeting of the European Data Protection Board, which took place on 4 and 5 July 2018, a substantial increase in the number of complaints received by Supervisory authorities has emerged.  In fact, at present there are approximately 100 cross-border cases in the Internal Market Information System (IMI) under investigation. The first results ...

Let’s not forget about Data Protection by Design

One month after the EU's General Data Protection Regulation has become directly applicable in all EU Member States, I would like to take the opportunity to consider the importance of what I deem to be a fundamental pillar of privacy and data protection: Data Protection by Design/Default (“DPbD”). What is data protection ‘by design’ and ‘by default’? ...