The Brazilian DPA (Autoridade Nacional de Proteção de Dados – ANPD), has published a study on the use of personal data for research purposes. The study seeks to establish parameters that can help and guide both teaching and research institutions that process personal data and public entities and bodies responsible for analysing access requests and...
EKZ Bibliotheksservice, one of the largest library services in Germany, has suffered a ransomware attack blocking eBooks, audio books, and electronic magazines. The public cannot order books and other materials from EKZ presently. The LockBit criminals have announced to have published EKZ stolen data on the dark web, presumably as the ransomware hasn’t been paid. ...
After declaring Google Analytics is illegal, the Austrian DPA has declared Google’s IP anonymisation an insufficient protection measure for data transfers between the EU and the US. The Authority has also rejected the notion of a “risk based approach” had been submitted by Google. Find the decision, redacted by the NGO None of Your Business...
The Office of the Privacy Commissioner of Canada adopted a joint statement underlining that the heads of Canada’s privacy protection authorities recommend new laws to delineate when the use of facial recognition by police is acceptable. The Facial recognition has emerged as a tool of significant interest for police agencies in Canada. Used responsibly and...
The Spanish government declared that the smartphones of the Prime Minister Pedro Sánchez and the Defense Minister Margarita Robles were infected last year with the spyware Pegasus. Manufacturers claim it is only available to state agencies. The government spokesman, in addition to announcing the opening of an investigation by the Audencia Nacional, said that the...
ISO – International Organization for Standardization has published the ISO Draft International Standard 27557 which provides guidelines for organizational privacy risk management. The document provides guidance to organizations for integrating risks related to the processing of PII as part of an organizational privacy risk management program. It distinguishes between the impact to an individual that...
According to the new directives issued by the Indian Government, organisations have six hours to report cybersecurity incidents. The requirement was proposed by India’s Computer Emergency Response Team (CERT-In) after identifying specific gaps at the origin of security incidents requiring more aggressive measures. Read more in this article from BleepingComputer.
The Danish DPA appreciates the efforts of the European Commission to secure an agreement with the United States on a plan that allows the flow of personal data across the Atlantic, yet they currently stand as a simple draft framework agreement. The draft is not yet concrete enough to make a difference to firms that...
American Headquarters: European Office:
PrivacyRules Ltd.
201 East Fifth Street
Suite 1900 – #1362
Cincinnati, OH 45202, USA
Via dei Della Robbia 112
50132, Firenze
Italy (IT)Expertise