PERSONAL DATA PROTECTION AND THE USE OF INFORMATION TO FIGHT ONLINE-TERRORIST PROPAGANDA, RECRUITMENT, AND RADICALIZATION: PART III

In this third blog post of my exploration into the matter based on an upcoming publication for CRC Press, part of the Online Terrorist Propaganda, Recruitment, And Radicalization Book Project that I wrote together with Dr. Milda Macenaite, I will specifically explore the legal data protection framework. The primary legal instrument in the EU regulating personal data processing in the law enforcement, i.e., in ...

What does no Brexit deal mean for data protection?

The ICO has prepared a guide accessible on its website outlining the key points to be considered by UK-based entities should the UK exit the European Union without a deal on 29 March 2019. The Guidance, highlights of which are illustrated below, it relevant to UK-based businesses to which the GDPR currently applies and that send ...

5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR

The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...

4th EDPB Plenary session recap

On 16 November the European Data Protection Authorities gathered for the 4th plenary session of the European Data Protection Board and yesterday, 19 November, a summary of some of the most important aspects discussed at the meeting was published providing an update on the EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. Here are the main ...

Garante Privacy: “Taking Stock Of The First 4 Months Of Implementing The GDPR”

According to the Italian DPA, the Garante Privacy, as of 28 September 2018, four months after the GDPR became fully applicable in Italy: 40,738 appointed DPO's contact information was communicated 2,547 complaints and reports were received 305 data breach notifications were made 7,200 requests to the Garante's font office were made These numbers show a significant ...

EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities

On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...

Scenari internazionali della data protection alla luce del nuovo Dlgs 101/2018

Intervistato da Federprivacy, spiego gli scenari internazionali della data protection alla luce del nuovo D.lgs. 101/2018, durante una pausa della mia docenza al Master Privacy Officer e Consulente della Privacy. Guardate qui.

Another victory for privacy as Brazilian GDPR is approved

Following approval by the Brazilian Congress of the new "Brazilian GDPR" this past July, the President of Brazil has approved the Lei Geral de Proteção de Dados Pessoais or “LGPD”, aiming to improve privacy standards and personal data protection in the country.   The new Brazilian privacy legislation, Law n. 13.709/2018, amends previous privacy-related legislation in the country, namely ...

The importance of the Records of processing activities (Art. 30 GDPR)

A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and ...

Let’s not forget about Data Protection by Design

One month after the EU's General Data Protection Regulation has become directly applicable in all EU Member States, I would like to take the opportunity to consider the importance of what I deem to be a fundamental pillar of privacy and data protection: Data Protection by Design/Default (“DPbD”). What is data protection ‘by design’ and ‘by default’? ...