Data protection standards
Filter resources
-
ePrivacy: Private data retention through the back door
Blanket data retention has been prohibited in several court decisions by the European Court of Justice (ECJ) and the German Federal Constitutional Court (BVerfG). In spite of this, some of the EU Member States want to reintroduce it for the use by law enforcement authorities – through a back door in the ePrivacy Regulation.
Read more
-
Passenger surveillance brought before courts in Germany and Austria
EDRi members Gesellschaft für Freiheitsrechte (GFF, Society for Civil Rights) and Epicenter.works have taken legal action against the mass retention and processing of Passenger Name Records (PNR) before German and Austrian courts and authorities. The European PNR Directive (Directive 2016/681) requires airlines to automatically transfer their passengers’ data to state authorities. There, the data are […]
Read more
-
Facebook’s commitments on ToS: Much ado about nothing?
On 9 April 2019, the Directorate-General for Justice and Consumers of the European Commission (DG JUST), together with the Consumer Protection Cooperation (CPC) Network, cheered at the new Facebook commitments to amend its Terms of Services (ToS). The amendments should address the concerns already raised by national competition authorities about the current ToS. They should […]
Read more
-
Will Serbia adjust its data protection framework to GDPR?
After a process that took more than five years, the National Assembly of Serbia finally adopted a new Law on Personal Data Protection in November 2018. The law closely follows EU’s General Data Protection Regulation (GDPR), almost to the point of literal translation into Serbian of some parts of the text. That was expected, due […]
Read more
-
Protecting personal data world wide: Convention 108+
Almost one year after the General Data Protection Regulation (GDPR) entered into force in the European Union (EU), the question often arises about what could other countries around the world do to protect their citizens’ personal data. Although there are countries that have data protection laws in place, many still do not, or have laws […]
Read more
-
Facebook Custom Audience illegal without explicit user consent
Online shops and marketers routinely share customer data with Facebook to reach them with targeted advertising. Turns out that in many cases this is illegal. A ground-breaking decision by a German Data Protection Authority (DPA) recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.
Read more
-
GDPR incompatibility – the blind spot of the copyright debate
The debate around the Copyright Directive reform has been intense. Former Article 13, which became Article 17 in the text voted by the European Parliament on 26 March, created the greatest controversy between stakeholders arguing about the so-called “value gap” in the creative sectors, upload filters, and a new platform liability regime, among others issues. […]
Read more
-
EU Council Presidency outlines future counter-terrorism priorities
A note produced by the Romanian Presidency of the Council of the European Union sets out the EU’s response to terrorism since 2015. It highlights the main measures adopted and calls for a “reflection process on the way forward” in a number of areas including “interoperability and extended use of biometrics”; implementing the EU Passenger […]
Read more
-
Czech BBA: Facebook and iROBOT the worst privacy intruders of 2018
The 14th Czech Big Brother Awards – anti-awards for those who have done the most to threaten personal privacy in 2018 – were announced on 14 February 2019. A jury of nine technology experts, lawyers and journalists chose the worst privacy intruders based on suggestions made by the general public. The Awards in four different […]
Read more
-
Light at the end of the cyber tunnel: New IoT consumer standard
In February 2019, positive advancements were made regarding security standards in consumer Internet of Things (IoT) devices: The European Telecommunications Standards Institute (ETSI) published a standard numbered TS 103 645, more appealingly named “Cyber Security for Consumer Internet of Things”. Under this new standard, compliant products will be expected to have unique passwords, a vulnerability […]
Read more
-
ApTI submits complaint on Romanian GDPR implementation
In November 2018, the RISE Project case showed that the Romanian Data Protection Authority (ANSPDCP or Romanian DPA) was unprepared to respond to cases that involve both the right to freedom of expression and the right to privacy. RISE Project’s investigative journalism story #TeleormanLeaks was an important signal that the General Data Protection Regulation (GDPR) […]
Read more
-
ICANN and GDPR – nowhere near compliance
The Internet Corporation for Assigned Names and Numbers (ICANN) Initial Report of the Expedited Policy Development Process (EPDP) on the Temporary Specification for generic Top Level Domain (gTLD) Registration Data Team makes for difficult reading. This is because, though it contains a serious attempt at complying with the General Data Protection Regulation (GDPR) compliance, it […]
Read more