After a first read through of the leaked Commission proposal for a new data protection regulation (Draft Regulation) that was published by (it is not meant to be officially published until the end of January), I remembered a speech by Viviane Reding's Chief of Cabinet who said that the Commissioner for Justice was very impressed by German data protection rules. This might help in explaining several provisions of the Draft Regulation. Take for example the rules on data processing. After some scandals on data leakages at data processors,Germanytightened the requirements for the contract on data processing to cover several specific details of data security. Article 27 of the  Draft Regulation takes up this idea and requires controller and processor to stipulate several rules and precautionary measures in their agreement, as that the controller may only act on instructions from the controller and that its staff must have committed themselves to … Continue Reading ››
The ICO has today  published its promised "half term report" on organisations' compliance with the new cookie consent rules, along with updated practical guidance.   On third party cookies, which the ICO acknowledges is "one of the most challenging areas" for compliance, the ICO states that it is still working with industry and other DP regulators to find the right answers on this complex issue. The new version of the guidance replaces  and expands on the 10 page version published back in May.   As well as providing more practical illustrations of the various possible consent options(pop ups, footer bars, terms and conditions, settings led and feature led consent) it  sets out the ICO's likely enforcement stance when the "amnesty" period ends in May 2012.  In line with the ICO's Regulatory Action Strategy,  any formal action taken for cookie breaches would need to be proportionate - but the tone of the guidance and the … Continue Reading ››
The Statewatch website has published what appears to be a draft of the Proposal for a Regulation to replace the current Data Protection Directive.  The   draft for the proposal is still at the inter-service consultation stage, i.e. doing the rounds of the different DGs with a potential interest in the proposal.  So, the final draft of the proposal (not due to make its official appearance until January)  might differ from the version currently on the Statewatch site - and of course, assuming this version is authentic.... However, with those caveats in mind, following the FT's teaser at the weekend, those eager for a preview of the content may not be able to resist taking a look.  There are 116 pages to trawl through, but notably:
  • the proposal is for a Regulation, not a Directive, therefore directly applicable in and binding on Member States
  • for proposals on sanctions, see Chapter 8 (and for … Continue Reading ››
FT readers will have already seen FT's report (4/12/11) that it  has had a sneak preview of the eagerly awaited  draft Data Protection Directive.  The most headline grabbing issue is the possible introduction of fines of up to 5 % of global turnover for privacy breaches.   If that doesn't make data protection exciting, nothing will! Remember that the new Directive still has a long way to go.  When the proposal is published officially and in full - expected to be in January - there will be much for data protection practitioners (in every sector and every practice area)  to analyse. The likely headline issues and broad areas for reform were well signposted in the Commission's Communication of November 2010.  Just how these broad proposals translate into the detail of the first draft remains to be seen - but if "stronger sanctions" in the Communication translates into "fines of 5% of global … Continue Reading ››
Datonomy attended the event "Datendialog" hosted by Google in Berlin on 24 November, where many interesting speakers discussed the current situation and future of privacy, but also openness. Blogger and Science Fiction author Cory Doctorow described the current situation of many free internet offers as "privacy bargain", in which users traded their personal data for services. The deal, however, would be one-sided and never negotiated. Therefore, Doctorow called for technical measures that would prevent companies from tracking users with cookies and compared the situation to pop up windows, the widespread use of which decreased after Mozilla, as first browser, started offering a tool to block these windows. In his words, cookie managers could be the new pop up blocker. Federal data protection commissioner Peter Schaar said that German data protection law needed to be amended especially with regard to the question of applicable law. If companies systematically offered services in Europeand collected … Continue Reading ››
At a recent roundtable event hosted by theBrusselsoffice of Olswang LLP, Datonomy heard a range of perspectives on data protection issues in the context of social network sites (SNS). Around 50 members of the Belgian Institute of In-House Counsel attended the event. Iain Stansfield from Olwang's Londonoffice set the scene and demonstrated through a number of practical examples what can go wrong for companies that are active on SNS – and further, what can go wrong when they are not active. Besides the risks, there are of course clear advantages of being social online and Iain discussed the need to find a balance between being social on the one hand and complying with the law on the other hand. Christine De Keersmaeker from Olswang'sBrusselsoffice explained what social media do to your Intellectual Property, how they affect trade marks and copyrights and how trademark and copyright holders can deal with the threats of social … Continue Reading ››
Facebook encounters more and more problems with Germany's Data Protection Commissioners. Only last month, the Data Protection Commissioner of Schleswig Holstein, Thilo Weichert, announced proceedings against public authorities and companies in Schleswig Holstein that use Facebook’s Like-Button on their websites (see Datonomy post of 6th October). Mr. Weichert criticised that the Like-Button enabled Facebook to track users even if they had not clicked the button. Now, Johannes Caspar, Hamburg's Commissioner for Data Protection and Freedom of Information (HmbBfDI) has conducted an investigation into Facebook's use of cookies, which enable Facebook to recognise its users even if they are not logged in or if they visit a third party website that uses an embedded Like-Button. According to Caspar, Facebook had reasoned that it uses cookies mainly for security reasons, such as youth or password protection. However, the Commissioner claims that this was essentially not true as most functions were optional and only … Continue Reading ››