Standard Post with Image

European Commission proposes a new European Production Order to ease the exchange of e-evidence

The European Commission has put forward a new proposal for a “European Production Order” to enhance the exchange of e-evidence (e.g. emails, texts or messages in apps) among law enforcement authorities. Instead of the 120 days currently foreseen in the European Investigation Order, the new proposal obliges communication service providers to respond to law enforcement requests within 10 days, or 6 hours in the most urgent cases. It also gives the EUs judicial authorities strong powers, such as to directly request electronic evidence from the organisations providing services in the EU, even if they are established outside of EU territory and regardless of the location of the data. An alternative measure contained in the proposal would foresee the obligation for providers not to delete needed communications in order to use them for future law enforcement actions.  The proposal has faced immediate criticism, but the Commission has introduced a number of safeguards such as the involvement of judicial authorities in the decision to exercise the new powers, the provision of additional requirements to gain specific types of data and the right of personal data protection, including the possibility to ensure the absence of violations to the EU Charter of Fundamental Rights.

The new proposals, open for feedback until the 15th of June, are available here
Standard Post with Image

EDPS seeks for a smarter use of the information sharing between EU' databases

In its last opinion, the European Data Protection Supervisor (EDPS) recalls the need for a smarter approach to sharing of information and underlines the risks related to the interoperability between different databases, especially the flow of information on data subjects in case of a data breach. For this reason, the Commission has put forward a proposal to adjust the structure and use of the EU’s existing IT databases and to provide a new interpretation of the fundamental legal principles in this sector. The EDPS is also seeking a constructive debate on information exchange in the EU, the management of interoperable databases and the protection of fundamental rights.

Find the EDPS opinion here
Standard Post with Image

WP29 on transparency and encryption

Considering it a necessity in the modern digital world, the Article 29 Working Party is working hard on digital security and has released a new statement on encryption and new guidance on transparency. The statement, focusing on the need for specific rules on the legal powers to access data by law enforcement agencies, considers as a need a strong encryption system.  It further affirms that backdoors would affect the ability for encryption to remain efficient. At the same time, the WP29’s guidance on transparency is focused on the incoming GDPR, with particular attention to its articles on transparency and on the information to be provided to data subjects.

The Statement is available here

The Guidance is available here
Standard Post with Image

Australian OAIC releases first data breaches report under the new law on mandatory notifications

The Office of the Australian Information Commissioner (OAIC) has released the first report since the introduction of the country’s mandatory data breach notification scheme. The Office has already received 63 notifications of data breaches in the first quarter of the new law, in comparison with 114 notifications during the year 2016/2017. The most targeted sector has been healthcare (24%), followed by legal, accounting and management services (16%), finance (13 %), private education (10 %), and charities (6 %). The main cause of breaches is human error (51%) but most of the remaining 50% have been the result of intentional/criminal actions, while the 3% have been caused by system faults.

The report is available at the Australian OAIC's website here
Standard Post with Image

New data breach report stresses the need for more cybersecurity education

The new Verizon 2018 Data Breach Investigations Report has raised concerns in the healthcare industry, where internal errors are the main cause of breaches. The report has found that human error is the major cause of healthcare risks because employees are three times more victims of attacks. This picture stresses the necessity of strengthening employees' education in cybersecurity.

A summary of the report is available here