EU-US Privacy Shield is now adopted by the EEA

The European Economic Area (EEA) Joint Committee has adopted the decision to incorporate the EU-U.S. Privacy Shield adequacy decision into the EEA Agreement.  The decision recognises the reliability of the mechanism permitting to transfer data from EEA Member States to the U.S. including Iceland, Liechtenstein and Norway.  The decision takes effect from the 8th of July.

The provisional text of the decision its available online in pdf format

OCR launches a video-training module for health care providers on patients’ right to access their personal data

The Office for Civil Rights (OCR) of the Department of Health and Human Services has launched a video-training program to educate health care providers on patients’ right to access under the HIPAA Privacy Rule.  The video module describes the components of the HIPAA right to access and the ways in which individuals can be more informed about their own care.  It also offers recommendations on how to integrate aspects of the right to access into medical practices.

The programme is available here (registration is need, but the programme is free of charge)

Blue Global Media, LLC agrees to settle on charges brought by the FTC for unlawful sale of consumers data

The lead generation business Blue Global Media, LLC has agreed to settle a lawsuit brought by the Federal Trade Commission (FTC) for the sale of apps containing sensitive data allegedly sold in fraud of consumers’ rights.  In its complaint, the FTC alleges that the company has operated dozens of websites that enticed consumers to complete loan applications with personal information.  These data were successively sold to a variety of subjects without verification of the security framework of the acquiring entities.  Based on the settlement, Blue Global Media has now to investigate and verify the identity of businesses to which it sold the concerned information, and must obtain consumers' express and informed consent for such disclosures.  Moreover, the settlement sees a fine for more than 4 million suspended due to Blue Global Media inability to pay such amount.

Find the FTC news and the text of the settlement here

Germany aligns its legislation to the GDPR

Germany has aligned its legislation to the forthcoming General Data Protection Regulation (GDPR).  The German Federal Data Protection Act will enter into force on 25 May 2018, changing significantly the current German Federal Data Protection Act in order to align it to the GDPR and to take into effect the Law Enforcement Directive (EU/2016/680).  EU Member States maintain the possibility to include certain derogations to the GDPR in the field of national security, prevention and detection of crime, or in other specific situations.

The new Act is available here

Dutch new law allows bulk surveillance

The Dutch Senate has passed a law to empower intelligence agencies with broader investigative powers, including the ability to gather data from large groups of people.  The so-called “tapping law” approved by the Senate is going to take effect this month.  Dutch intelligence agencies can now tap large quantities of internet data without specific motivation and without limitation.  The new law foresees a three years term for data storage and the gathered information can be exchanged with foreign counterparts.  The bill foresees as control mechanism the implementation of an oversight panel that will monitor the exercise of these new powers by competent agencies.

The related Reuters press release is accessible here