All posts by Carsten Kociok

Datonomy considers the Germany authorities’ reaction to the PRISM affair, and the wider practical consequences this could have for international transfers being made under the auspices of U.S. Safe Harbor and model contracts. After the reports about extensive surveillance activities by foreign and European intelligence services, especially by the American National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) and possible transfers of personal data to them by American companies, European data protection authorities are raising their voices. In a letter dated 13 August 2013, the chairman of the Article 29 Working Party expressed his deep concern to the Vice-President of the European Commission, Viviane Reding, urging her to seek for more clarification from the U.S. as well as announcing the intention of the European data protection authorities to conduct own investigations regarding the compliance of foreign and European intelligence programs with EU data protection principles. Concrete actions have … Continue Reading ››
Draft rules coming into effect next month for communications service providers on when and how to notify data security breaches are the clearest indication yet of the obligations proposed for all data controllers under the draft General Data Protection Regulation. The new telco-specific regime includes some welcome concessions on when deadline for notifying regulators starts, and the circumstances when individuals need to be notified. Datonomy analyses the new rules. Who is the new regulation aimed at? Last week, the European Commission presented a new draft Commission Regulation on the measures applicable to the notification of personal data breaches under the E-Privacy Directive 2002/58/EC. This Regulation (like the notification requirements under the 2002 Directive) applies only to “providers of publicly available telecommunications services” and will come into force in August 2013. According to the E-Privacy Directive, telecom companies, internet service providers and other providers of publicly available electronic communications services (“CSPs”) are … Continue Reading ››
Following wide range criticism from the opposition, the unions and various data protection officials, the German government coalition last week eventually withdrew its highly disputed bill for a new employee data protection regime in Germany. The bill, which the government had originally published in August 2010 and which had been substantially amended twice since then, was supposed to introduce new rules for the collection, processing and use of employee data prior to and during an employer-employee relationship. Amongst the most disputed regulations of the bill were various provisions which, subject to certain restrictions, allowed for
  • the use of tracking systems for the location of employees;
  • pre-recruitment medial examinations;
  • video surveillances of non-publicly accessible business premises;
  • the collection, processing and use of biometric data; and
  • the collection, processing and use of data generated through the use of telephone, internet or other telecommunication services.
According to senior government officials, additional discussions with the relevant stakeholders shall now take place before … Continue Reading ››
The German state of Rhineland-Palatinate (German: Rheinland-Pfalz) recently caused some amusement amongst the internet community. Despite long resistance from the state's Data Protection Commissioner Edgar Wagner, Rhineland-Palatinate finally went online with its own Facebook fan page in January – however, not without Mr Wagner imposing a "feedback-channel-ban" that requests all government agencies not to answer user questions on Facebook. Users who seek specific answers from the state government via its Facebook fan page are now referred to other ways of communication such as e-mail or the state's official websites. The motivation behind this is, of course, data protection. Mr Wagner wants to keep the state's fan page clear of any user interaction in order to avoid user data being generated by Facebook. According to Mr Wagner, Rhineland-Palatinate did not want to stay completely out of Facebook as the social network offered good opportunities to provide information to its citizens. The state's presence on … Continue Reading ››