The challenging job of Supervisory Authorities under the GDPR

How can the General Data Protection Regulation (GDPR) be effectively enforced so as to uphold fundamental rights and freedoms and at the same time, allow for the free flow of data within the Union? This is a question I have been pondering since well before Monday’s publication of the Irish Council for Civil Liberties’s (ICCL) 2021 report on the ...

The UK’s “data challenge” to the EU

This blog post is a re-elaboration of my interview this morning with Luca Bertuzzi, Digital & Media Editor from EurActiv, available here. Today the UK unveiled its “post-Brexit global data plans to boost growth, increase trade and improve healthcare”, which also include a multi-billion pound partnership with the US, Australia and the Republic of Korea.  Secretary of State ...

How data minimization, data quality, and storage limitation can help in the fight against climate change

Over the last 20 years, access to cheap computational capacity has increasingly led to the harvesting of more and more personal data, without having to worry too much about costs related to data storage and processing activities. For this very reason (and all too often), data sets are offhandedly replicated, databases are left unmanaged, and the same ...

Two-sided control

What was promised by the GDPR (Art. 80 and Rec. 142) is now a reality! Following Schrems’ filing of 422 complaints to ten EU Data Protection Authorities yesterday for cookie-related violations, it is now clear that the data protection compliance posture of companies will be checked not only by Supervisory Authorities but also – de facto and actively – by privacy organisations and associations patrolling the internet to proactively find ...

Habemus UK adequacy!

After many debates, lots of speculation, and negotiations, the Adequacy decisions for the United Kingdom have been approved and Personal Data can continue to flow freely from the EEA to the UK after 30 June 2021. In my opinion, it is both right and reasonable that the decisions have been adopted, given that the ...

Would a US federal privacy law re-establish trusted EU-US data flows?

You might be aware that early last month US Congresswoman Suzan DelBene, Representing Washington's 1st District, introduced the Information Transparency and Personal Data Control Act – in her words “legislation that would create a national data privacy standard to protect our most personal information and bring our  laws into the 21st Century.”   Important aspects of the Information Transparency and Personal Data ...

AI & Cybersecurity: Reflections on a multidimensional relationship

Earlier this month I was a guest on Episode 47: Innovation and Tech Zoom In of the European Edition of the Breaking Banks Podcast Moderated by Ajit Tripathi. The podcast looks at “European Unicorns, Startups, Founders, Regulators and Leaders innovating the rapidly evolving Fintech scene, with some of the world’s most well-known hosts and influencers in fintech. Produced in cooperation with FintechStage.” LISTEN ...

The importance of having a coordinated incident response plan in place

This is true not only in monetary terms, but information security could even be a question of life and death.   In September 2020, a breaking article confirmed the inevitable - the first death caused by a ransomware attack. The alleged victim is a woman who necessitated urgent medical care and had to be re-rerouted to another hospital as a ...

Italian Data Protection Authority fines Wind 17 million Euro and Iliad 800,000 Euro

The Italian Data Protection Authority has continued its investigation into telephone operators following a significant number of complaints related to marketing activities, fining Wind Tre Spa approximately 17 million Euro for unlawful data processing. In the course if its investigation, the authority found that users had been contacted by SMS, email, fax, phone and automated calls in absence of having ...

Privacy “Nutrition Labels”, Transparency, and Data Protection as a Corporate Social Responsibility

Last week Apple announced an important strategic step forward in the protection of the privacy and data protection rights of its users by way of an enhanced privacy feature that it has called a "Privacy Nutrition label".  Using icons in combination with clear and simple language, the information provided by way of Apple’s pop-up "label" ...