Singapore PDPC inaugurates privacy initiatives to strengthen data protection confidence

The Personal Data Protection Commission (PDPC) of Singapore has announced a series of initiatives to enhance the data protection confidence of individuals and companies.  One consists in a public consultation of the review of the Personal Data Protection Act to foresee a breach notification mandate.  Others entail a new guideline on data sharing best-practices, and new plans for a Data Protection Trustmark certification framework by the end of 2018.  Furthermore, the PDPC has launched a notice of intent to participate in the APEC Cross-Border Privacy Rules System and the APEC Privacy Recognition for Processors System (APEC CBPR and PRP).

See the related PDPC media release here

German Labour Court declares inadmissible evidence obtained through software for covert monitoring and control of employees in the workplace

The Bundesarbeitsgericht of Baden-Württemberg has ruled that the use of a software keylogger, which can record all keystroke inputs, on a workplace computer is inadmissible under Section 32 (1) of the Federal Data Protection Act (BDSG).  In particular, it ruled that the knowledge gained by the keylogger regarding the applicant’s privileges must not be used in judicial proceedings and that instruments for covert monitoring and control of the employee cannot be used without the suspicion, based on concrete facts, of an employee dangerous activity or other serious breach of duty.

Find the press release (in German language) at the Bundesarbeitsgericht’s website here

The Italian Unicredit bank suffers the data breach of 400.000 of its customers

Unicredit, one of the largest Italian banks, has announced of having suffered two cyber-attacks that would have affected the data of about 400.000 customers.  The first attack has occurred in September 2016 while the second between June and July 2017.  The bank has ensured that account passwords have not been violated while some other personal data and IBAN numbers may have been accessed.  Unicredit has announced its decision to invest of 2.3 billion euros in upgrading and strengthening its IT systems to ensure customers’ data safety and security.

The Unicredit press release is available here

CNIL amends the single authorization on the automatic processing of personal data

The French Data Protection Authority (CNIL) has published its decision to adopt several amendments to the Decision No 2005-305 of 8 December 2005 on the single authorization of automatic processing of personal data implemented in the framework of whistleblowing schemes (AU- 004).  These amendments aim to align the Decision to the changes applied to the French law at the end of 2016.  In fact, the “Sapin II Law” has enhanced the transparency, the fight against corruption and the modernization of the economy in the French system.

The decision is available here

Google Inc. moves before a U.S. Court against a Canadian SC ruling

The Canadian Supreme Court (SC) has hit hard the American tech giant obliging it to undo the Google search results connected with pirated products.  Considering that such a ruling could be extremely dangerous for Google, if globally recognised, the American company is now trying to push back.  It has filed an injunction in front of the US District Court for Northern California.  The injunction argues that a request of global removal of search results would violate US law, and second that Google could not be obliged to comply with the Canadian ruling.

The ruling is accessible here