In a month that has seen US politicians claim that is "losing the war" against international cyber attacks, and yet more household names report hacks on their systems, Datonomy has been looking at the practical obligations that the EU's proposed new Directive on Network and Information Security could bring for businesses, and considering similar measures which are coming into force in Asia. As if the escalating levels of threat are not enough (take your pick of this month's news coverage – how about the "Eight billion hacking attacks a day" headline from ITV here )  governments around the globe are proposing new legal obligations and sanctions to compel organisations to get their cyber defences in order and notify the authorities when their systems have been compromised. The EU officially unveiled its cyber strategy and Directive on Network and Information Security at the start of the month. This … Continue Reading ››
Datonomy's Spanish correspondents have just posted an analysis of a recent ruling by the AEPD over Google's autocomplete function, Google Suggest. The full analysis, which spans not only data protection but wider issues of defamation, intermediary liability and freedom of speech, is well worth a read over the weekend. For Datonomy readers short of time, here's a lunchtime synopsis provided by our Iberian  Datonomists,  Blanca Escribano and Marcos Garcia-Gasco. The latest AEPD ruling In May 2012, a citizen addressed a claim before Spain's DP authority, the AEPD.  Google's autocomplete function paired his name with the term "gay", which he found a potential door of defamation against him. Now, a decision against Google has been issued by the AEPD, which recognises the data subject's right to object.

 How does Google Suggest work?

As Datonomy readers will be familiar, Google's autocomplete function helps users to find information quickly by predicting and displaying searches that might be similar to … Continue Reading ››

Earlier this week, a new set of online behavioural advertising (OBA) rules came into effect, aiming to secure transparency and control for web users. The new rules will be enforced by the ASA. As OBA is typically administered by the use of cookies, these rules supplement existing opt in and transparency rules for cookies under the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (Regulations), which are enforced by the ICO.

As Datonomy readers are no doubt aware, OBA is a form of targeted advertising whereby third party advertising networks partner with websites from whom they collect data on users’ web viewing behaviour, in order to deliver them advertising that is more likely to be of interest. To illustrate by way of example, one of the Datonomy Home Team admits to being practically stalked by advertising for a particular brand of luxury handbag, as a result of … Continue Reading ››
Following wide range criticism from the opposition, the unions and various data protection officials, the German government coalition last week eventually withdrew its highly disputed bill for a new employee data protection regime in Germany. The bill, which the government had originally published in August 2010 and which had been substantially amended twice since then, was supposed to introduce new rules for the collection, processing and use of employee data prior to and during an employer-employee relationship. Amongst the most disputed regulations of the bill were various provisions which, subject to certain restrictions, allowed for
  • the use of tracking systems for the location of employees;
  • pre-recruitment medial examinations;
  • video surveillances of non-publicly accessible business premises;
  • the collection, processing and use of biometric data; and
  • the collection, processing and use of data generated through the use of telephone, internet or other telecommunication services.
According to senior government officials, additional discussions with the relevant stakeholders shall now take place before … Continue Reading ››
The latest responses by the UK government and the ICO to the EU reform proposals will (mostly) resonate with businesses concerned about some of the more far-reaching changes. The latest developments and time line Datonomy has been taking stock of two recent UK developments: the Government's response to the Justice Select Committee's opinion on the European Data Protection framework proposals published by the MOJ on 11 January, and the "latest views from the ICO" 2 –pager  on 22 January. Datonomy readers are no doubt au fait with the intricacies of the EU legislative process, but may nonetheless enjoy the blog post by Deputy Commissioner David Smith with its helpful insight into the current state of play and user friendly time line. Despite the strength of the European Parliament's support for the Commission's proposals, it still has a way to go, procedurally speaking. And not everyone shares the EP's wholehearted support for every aspect … Continue Reading ››