info@edpo.com
January 11, 2021
Putting data privacy back into citizens’ hands
[#DataControl #DataSubjects #PrivacyEnhancedDashboard]
“How do we finally give EU citizens back control of their own data? The answer could lie in a novel Privacy-Enhanced Dashboard developed under the EU-funded PoSeID-on project.
The GDPR is a great step forward for data privacy, but it still leaves users with little means to monitor and control how exactly their data is being used. The PoSeID-on (Protection and control of Secured Information by means of a privacy enhanced Dashboard) project team aimed to fill the gap with what they call a “Privacy-Enhanced Dashboard”. With this platform, consumers can retake control over their own data, and decide how much they want to share and with whom.
[…] One key innovation is the securitisation of our open architecture, by means of permissioned blockchain and smart contracts. This provides accountability, transparency and compliance with data protection law. Concretely, the dashboard traces all transactions. It registers user consent and grants a contextual guarantee of data erasure and reduction in identity traceability, all thanks to the mechanism of ‘burnable pseudo-identities’.”
To read more: Click here
Singapore police can obtain Covid contact-tracing data for criminal investigations, minister confirms
[#Singapore #Covid19Data #DataPrivacy #CovidAppData]
“Singapore police are “empowered” to obtain COVID-19 data from TraceTogether to assist in criminal investigations, a government minister told parliament.
Desmond Tan, the Minister of State for Home Affairs, said yesterday that the country’s Criminal Procedure Code allows police to use the data for investigations. This is despite the privacy notice for TraceTogether users stating data will only be used for the purpose of contact tracing during the COVID-19 pandemic.
[…] When asked by Aljunied GRC MP Gerald Giam if allowing SPF to access TT data violates the privacy notice, Mr Tan stated that the TT data is only to be used for contact tracing and fighting COVID-19, but authorised police may use the Criminal Procedure Code “for the purpose of criminal investigation, and for the purpose of the safety and security of our citizens.”
To read more: Click here
Thousands of EU domains registered to UK users ‘suspended’ after Brexit
The registry has informed EURACTIV that ‘a few minutes’ into the new year, thousands of .eu domains belonging to UK users had been downgraded to a so-called ‘suspended’ status.
This means such domains ‘do not have any functional features’ such as email or basic website services. In addition, no UK-based registrant is now able to obtain a .eu domain.
Ahead of the new year changes, one case has raised particular attention among observers – that of the Leave.EU domain, with speculation mounting as to whether the website would remain online.”
To read more: Click here
EU-UK Trade and Cooperation Agreement: Implications for data protection law
The UK shall not be treated as a third country for an interim period of four to six months from 1 January 2021. This is to allow time for the European Commission (EC) to finalise its adequacy assessment of the UK. The purpose of the adequacy assessment is for the EC to decide whether the UK provides “essentially equivalent” protection for personal data as the EU and, therefore, whether transfers of data may be permitted without the need for organisations to take further measures.
[…] Whilst the interim period is welcome, organisations must remember that this respite only applies in respect of data transfers. Organisations still need to appoint an EU and / or UK representative and update their privacy notices accordingly. Also, it is by no means “a given” that the UK will be afforded adequacy status. It is therefore important to use this time to consider which data transfer mechanisms and technical, organisational and contractual measures may need to be implemented in order to legitimise transfers of data from the EEA to the UK.”
To read more: Click here
Council of the EU Released a (New) Draft of the ePrivacy Regulation
[…] Once approved, the ePrivacy Regulation will set out requirements and limitations for publicly available electronic communications service providers (“service providers”) processing data of, or accessing devices belonging to, natural and legal persons “who are in the [European] Union” (“end-user”). The regulation aims to safeguard the privacy of the end-users, the confidentiality of their communications, and the integrity of their devices. These requirements and limitations will apply uniformly in all EU Member States. […]
Similar to the ePrivacy Directive, the ePrivacy Regulation will include provisions that apply alongside those in the GDPR to the processing of personal data collected by electronic communication service providers. This explains the need to align some of the ePrivacy Regulation’s provisions with the GDPR.”
To read more: Click here
Find the draft here.
WhatsApp to Require Users to Share Data With Facebook Via New Privacy Policy
[…] If you live in Europe, WhatsApp says no data will be shared with Facebook under the new privacy policy. “There are no changes to WhatsApp’s data-sharing practices in the Europe arising from this update. It remains the case that WhatsApp does not share European Region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or ad,” wrote Niamh Sweeney, WhatsApp’s director of policy for the EMEA market.”
To read more: Click here
