Two major US organizations for civil rights, Human Rights Watch and American Civil Liberties Union, are underlining with many initiatives how the new political guidelines and actions of the Trump administration (for instance the widely known Presidential order on immigration) are putting at risk privacy rights in the US for non-US citizens and, at the… Read More: Data protection: a global political issue in the Trump era »
Computerweekly reports that Yahoo’s shareholdwers had to accep a relevant cut on the transaction with Verizon to sell Yahoo due to the security breaches that came into light over the last months: 350 M$. Not peanuts. How much security could have they bought for such an amount of money? It is interesting to take these… Read More: Consider costs of unsecurity when budgeting »
The old story of the conflict between Microsoft and a US Federal Judge concerning the access to emails stored in a server located in Ireland is still going on. The key point is the following: do the US Authorities have the right to access data stored on servers owned by a US Company regardless of… Read More: Private data protection: Microsoft, the EU and the US Supreme… »
The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More: Costs and security »
The European Commission website, in the Article 29 working party page, reports the list of the enterprises that completed the approval process of the BCR according to article 47. The list doesn’t show a reference date and this is certainly remarkable but the most relevant thing is that among the 80+ companies reported in the… Read More: Italy and binding corporate rules (BCR) »
Comments seem to appreciate the GDPR: consulting companies think of the huge amount of services that top enterprises will require; tech vendors follow. Here is the point: large banks, top insurances, international B2C operators, Telcos, large internet players, these are the ones that are expected to comply. Or to have to comply. But this is… Read More: Will SME comply to GDPR? »
We all are so concentrated on the new EU Regulation that we disregard easily what is going on in the rest of the world. Hereafter you can find some news from far east and far west: all over the world private data protection and security are getting more and more relevant for policy makers, citizens… Read More: Looking at the rest of the world »
The Commission adopted on 12 July 2016 its decision on the EU-U.S. Privacy Shield. The decision follows the decision of the Court of Justice of the European Union that, on 6 October 2015, had declared the Commission’s 2000 Decision on EU-US Safe Harbour invalid. The article 29 Data Protection working party adopted an opinion about… Read More: The new EU-US privacy shield »
When the Brexit referendum will be put in concrete actions, Great Britain will be subjected to the Chapter V of the Regulation, which defines the rules for data transfer outside UE. According to point 1 of Article 45 “A transfer of personal data to a third country or an international organisation may take place where… Read More: GRDP and Brexit »
The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More: DPO: better a service or an employee? »