LAST WEEK IN PRIVACY & DATA PROTECTION
27th Weekly Newsletter -> 7–13 January 2017
Commission Proposes New ePrivacy Directive
This week the EU Commission issued a press release stating that they propose new legislation to ensure stronger privacy in electronic communications, while opening up new business opportunities. In essence this means that the Commission proposes an update to the ePrivacy Directive.
A new ePrivacy Directive is expected to be adopted in 2017 with the aim to adapt the current electronic communications services rules to the new General Data Protection Regulation (GDPR). The provisions of the new Directive will be applicable to any company processing data in connection with communications services and not just to traditional telecommunication providers. This practically means that even the so called over-the-top (OTT) service providers, who use communications is an ancillary feature, will be affected by the new legislation. The new Directive is also expected to impose stricter obligations for processing of Metadata and to redefine the consent related to Cookies.
Read more HERE
Read the Press Release HERE
EU Not Satisfied With U.S. Reasoning Over Yahoo email Scanning
As we have reported the European Commission in November asked the United States for clarifications on the secret court order served to Yahoo as part of its monitoring of a new transatlantic pact facilitating the exchange of personal data by businesses. As part of the Safe Harbor Agreement the U.S. pledged not to engage in mass surveillance.
The U.S. have sent the Commission their explanation behind the email scanning but have not done so in accordance with what Commission expected. EU Justice Commissioner Vera Jourova said in an interview that she is not satisfied because the answer came relatively late and was relatively general. She pledged to make clear at the first possible opportunity to the U.S. that this is not how the Commission understands good, quick and full exchange of information.
Read more HERE
UK ICO Fines an Insurance Company for not Protecting Customer Data
The UK Information Commissioner Office this week issued a fine of £150,000 to Royal & Sun Alliance Insurance PLC (RSA) following the loss of the personal information of nearly 60,000 customers. An ICO investigation looked at the theft of a hard drive device containing 59,592 names, addresses and bank account details of customers. The hard drive also held limited credit card details of 20,000 customers, although CVC numbers and expiry dates were not affected.
ICO enforcement officers found that RSA did not have the appropriate measures in place to protect financial information by preventing the theft at its offices in West Sussex from happening. The device was stolen from company premises either by a member of staff or a contractor, the information on it was not encrypted and the device has never been recovered.
Read more HERE
Read the Monetary Penalty Notice HERE
For privacy jobs and vacancies follow @dprecruitment