Standard Post with Image

Italian DPA declares as illicit employees’ personal data retention

In its 2016 Annual Report, the Italian DPA (the Garante per la protezione dei dati personali) has underlined the importance to prohibit the processing of employees’ personal data by companies, especially of the data collected through companies’ e-mail service.  In particular, the Report recalled an important proceeding in which the Italian Authority established the unlawfulness of the systematic retention of electronic communications through corporate email accounts.  Basically, the Garante per la protezione dei dati personali considered such activities in contrast with the principles of necessity, relevance and pertinence.

Find the 2016 Annual Report of the Italian DPA (in Italian language) here

Find here the decision in the cited proceeding (in Italina language)
Standard Post with Image

EU Commission questionnaire for the Privacy Shield annual review

The European Union Commission has issued a questionnaire addressed to trade associations and other groups to collect information related to the Privacy Shield annual review.  In particular, answers to the questionnaire, which are due by July 5th, will be used to inform the annual review of the function, implementation, enforcement and supervision of the Privacy Shield.

Standard Post with Image

OAIC publishes a Draft document on “Notifying individuals about an eligible data breach”

The Office of the Australian Information Commissioner (OAIC) has published a Draft that intends to represent a resource explaining when a company must report a breach of an eligible data.  This duty is based on compliance obligations that will start having effect on 22 February 2018. The document lists key points of the system, the main compliance principles to be respected, and provides guidance on the notification process.  The Draft is open for comments and feedback due by July 14, 2017.

The Draft is available here
Standard Post with Image

China’s Cybersecurity Law is now effective

Cybersecurity Law of the People’s Republic of China took effect on the 1st of June, and is expected to have a significant impact on both domestic and foreign companies operating on the Chinese mainland.  This Law cover a broad variety of topics such as the use of internet, information and communications technologies, the use of personal data, and national security.  The Law is reported to be part of a far-reaching plan taken by the Chinese Government in order to strengthen its global network.

The text of the law (in Chinese) is available here
Standard Post with Image

Amsterdam University says e-Privacy Regulation needs significant revisions

The Amsterdam University has published a report on the actual state of the EU e-Privacy Regulation.  The researchers of the Institute for Information Law found the Regulation inapt mainly in the areas of location tracking, browser and default settings, tracking walls, and of the confidentiality of communications.  In their opinion, the General Data Protection Regulation could be undermined by the location tracking proposal contained within the e-Privacy Regulation that would allow such tracking.  The main recommendation of the experts of the Amsterdam University is to submit Wi-Fi or bluetooth signals tracking under the informed consent regime with only few limited exceptions.

The report is available online at the European Parliament website here