5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR

The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...

4th EDPB Plenary session recap

On 16 November the European Data Protection Authorities gathered for the 4th plenary session of the European Data Protection Board and yesterday, 19 November, a summary of some of the most important aspects discussed at the meeting was published providing an update on the EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. Here are the main ...

Garante Privacy: “Taking Stock Of The First 4 Months Of Implementing The GDPR”

According to the Italian DPA, the Garante Privacy, as of 28 September 2018, four months after the GDPR became fully applicable in Italy: 40,738 appointed DPO's contact information was communicated 2,547 complaints and reports were received 305 data breach notifications were made 7,200 requests to the Garante's font office were made These numbers show a significant ...

My contribution at ENISA’s Security of Personal Data Processing Event

Last month I attended ENISA's Security of Personal Data Processing Event in Athens, Greece. The event was organised together with the Digital SME Alliance and the Hellenic Data Protection Authority. During the day experts in the field, including myself, shared their advice and journey of complying with the General Data Protection Regulation with a focus ...

ICO’s report updates investigation into the use of data analytics in political campaigns

On 6 November 2018 the ICO published it's report to Parliament (Investigation into the use of data analytics in political campaigns A report to Parliament 6 November 2018). The detailed report serves as an update to the ICO's ongoing investigation into the use of data analytics for political purposes which commenced in May 2017 and whose ...

EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities

On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...

MEPs demand full audit on Facebook – resolution on the use of Facebook users’ data by Cambridge Analytica and the impact on data protection

In light of the  Facebook-Cambridge Analytica scandal, this past Thursday (25 October 2018) MEPs called for a full audit on Facebook in addition to new measures against interference in elections. The (non-binding)  resolution (European Parliament resolution of 25 October 2018 on the use of Facebook users’ data by Cambridge Analytica and the impact on data protection (2018/2855(RSP)) adopted ...

BIG DATA, SMART DATA, MY DATA, YOUR DATA: SMART DATA PROTECTION BY DESIGN (PART 4)

Part 4. Core International Data Protection Principles: Collection limitation, lawfulness and fairness The principle of collection limitation with respect to personal data establishes that data should be collected by way of fair and lawful means, with the knowledge and when appropriate, the consent of the data subject as so to limit indiscriminate data collection. In the Smart ...

BIG DATA, SMART DATA, MY DATA, YOUR DATA: SMART DATA PROTECTION BY DESIGN (PART 2)

Part 2. Legal compliance = primary enabler of Smart Data and Data protection by design and by default  As stated in the introductory post in this blog series,  my aim is to develop a sound legal methodology for the generation of  #SmartData from #bigdata in order to allow us to successfully harness value in massive datasets ...

Big data, smart data, my data, your data: Smart data protection by design (Part 1)

“The oil of the 21st century”, “the fuel of the digital economy”, the “data gold rush”. There’s no doubt that data is playing an ever-more important role in both the global society and the economy. The former Article 29 Working Party, renamed European Data Protection Board on 25 May 2018, when the GDPR became directly applicable ...