LAST WEEK IN PRIVACY & DATA PROTECTION
38th Weekly Newsletter -> 26 March — 7 April 2017
Article 29 Working Party’s Opinion on the Proposed ePrivacy Regulation
Last week the Article 29 Working Party (A29WP) issued the Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC). The A29WP first noted that the Proposed Regulation ensures that rules are uniform across the entire EU, and provides clarity for supervisory authorities and organisations alike, while ensuring consistency with the General Data Protection Regulation.
In its Opinion the A29WP first dealt with positive aspects of the Proposed Regulation and exposed EU-wide harmonisation, alignment of fines and exclusive enforcement by DPAs, extension of the scope compared to the ePrivacy Directive, and targeted application of the concept of consent. Next the A29WP explicitly outlined one aspect of grave concern related to the Regulation, namely that the protection under the GDPR is undermined by the Proposed Regulation. Other points of concern described are the territorial and substantive scope that needs to be expanded, the protection of terminal equipment the needs to be strengthened, and direct marketing issues.
Read the full Opinion HERE
Irish DPA Issues 2016 Annual Report
The Irish Data Protection Authority released its annual report for the year 2016. In it the DPA defined key developments and activities of the DPA in 2016 and also outlined main priorities for 2017 and beyond. In 2016 the data privacy complaints rose from 932 in 2015 to 1,479 in 2016, while there was a slight decrease in reported breach notifications. The consultation queries also rose significantly in 2016 and the Irish Data Protection Commissioner had more than 100 face-to-face meetings with public- and private-sector organisations. The DPC also mentioned investigations into WhatsApp and Yahoo amongst the number of legal cases, including proceedings in the Irish High Court concerning standard contractual clauses. There is no indication as to when the judgements will be delivered according to DPC Dixon.
Read more HERE
CNIL Issues Two New Press Releases
CNIL, the French Data Protection Authority, issued a pair of press releases, where it provided an update to the recent Article 29 Working Party Plenary and shared research tracking where personal data flows to in the mobile ecosystem. The releases cover the most important topics that the A29WP touched upon, such as implementation of the General Data Protection Regulation. Interesting is also the report on the research conducted by University of Trento in Italy and SAP Labs in France on “remote server locations for personal data transfers in mobile apps.”
Read more HERE
UK ICO Fines 11 Charities
The Information Commissioner’s Office (ICO) fined eleven more charities for breaching Data Protection Act for misusing their donors’ personal data. The ICO investigations found many of the charities secretly screened millions of donors so they could target them for additional funds. Some charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.
The fined charities and the amount of issued fines were:
• The International Fund for Animal Welfare — £18,000
• Cancer Support UK (formerly Cancer Recovery Foundation UK) — £16,000
• Cancer Research UK — £16,000
• The Guide Dogs for the Blind Association — £15,000
• Macmillan Cancer Support — £14,000
• The Royal British Legion — £12,000
• The National Society for the Prevention of Cruelty to Children — £12,000
• Great Ormond Street Hospital Children’s Charity — £11,000
• WWF-UK — £9,000
• Battersea Dogs’ and Cats’ Home — £9,000
• Oxfam — £6,000
Read more HERE
Read the summary of each fine HERE
For privacy jobs and vacancies follow @dprecruitment