It is estimated that 70% of employers now screen the social media profiles of job candidates as part of their recruitment process. In light of these practices, last month the Article 29 Working Party issued a series of guidelines in an attempt to safeguard the privacy of job applicants. The Working Party has warned employers that they should not assume they can process data gathered from an individual’s social media profile just because it is publicly available. The guidelines recommend that there should be legal grounds to justify this type of processing, such as legitimate interests. Employers are also advised to consider whether the social media profiles of job applicants are ‘related to business or private purposes’ as this can be an important indication of the legal admissibility of the data inspection. In addition, the Working Party has indicated that applicants should be informed if social media screening will take place, … Continue Reading ››
One of Europe’s most senior lawyers, Advocate General Bot, today declared the EU-US Safe Harbour regime invalid. His opinion has profound implications for organisations transferring personal data to the US or importing personal data from Europe. Olswang explains the practical implications for companies transferring personal data from Europe to the US. What is safe harbour? The Data Protection Directive (95/46/EC) requires companies which collect personal data relating to EU citizens to retain such data within the European Economic Area unless it is being transferred to a jurisdiction which ensures ‘adequate’ protection for such personal data. Adequacy can be established in a number of ways, one of which is a declaration of approval of a particular jurisdiction’s regime for protecting personal data by the European Commission. In a decision of 26 July 2000, the European Commission declared that the safe harbour scheme established with the US provided adequate protection of personal data and … Continue Reading ››
Welcome to the latest edition of Olswang's Cyber Alert (PDF available here), a regular round up of regulation, best practice and news from our international cyber breach and crisis management team. Q2 has seen the publication of several major reports into the current threat landscape. In this edition we review:
- the Ponemon Institute’s tenth annual study into the cost of data breaches which gives insight into the measures that can reduce the cost of breaches – and those responses which can actually be counter-productive in terms of cost;
- PwC’s 2015 breaches survey which reveals that one third of businesses are still failing to assess cyber risk; and
- The first annual report of the UK Computer Emergency Response Team with its analysis of the key threats of the past year and its predictions for the year ahead.
- Germany’s adoption … Continue Reading ››
European regulators need to get a tighter grip on civilian drone use, which may include requiring hobbyists to register their equipment, a House of Lords committee has said. Drones, or small unmanned aircraft, are becoming an increasingly common sight in our skies (click here to read our previous post) and calls are growing for extra rules to govern their use. Yesterday (Thursday 5 March) the House of Lords’ European Union Committee issued a paper titled Civilian Use of Drones in the EU, which contained a series of recommendations for regulators. Data recommendations Key recommendations from a data viewpoint include:
- Creating an online database through which commercial pilots can provide details of their flights to inform other airspace users. Operators could use the database to inform the public of their data protection policies.
- In the long term, requiring all drone use, including leisure use, to be registered on a central database … Continue Reading ››
Olswang supporting new technology and innovation: I presented on drone law to the Security and Defence Interest Group of Cambridge Wireless yesterday, hosted jointly by Olswang and the Knowledge Transfer Network. Despite being half term week we had a full house thanks to the great programme put together by Nicholas Hill of Cambridge Wireless’s Security & Defence SIG. Speakers included Nicholas Hill of Plextek Consulting; Professor Jim Scanlan of the University of Southampton’s Aerospace Division; Alan Brooke, Unmanned Aircraft Systems lead for the Centre for Applied Science & Technology of the Home Office, and myself. Is 2015 the year of the commercial drone? Drones – also known as small unmanned aircraft; remotely piloted aircraft systems, and a growing number of similar acronyms, continue to make news. They have come a long way from their military origins and took centre stage at the annual Consumer Electronics Show in Las Vegas in January. Some commentators … Continue Reading ››
The UK Competition regulator, the Competition and Markets Authority, has just launched a call for information into the commercial use of consumer data. Given the exponential rise of data as a business asset in the digital age, competition regulators and commentators have been talking about personal data as a potential anti-trust issue for some time; this inquiry is a first step in the direction of potential competition intervention in an area hitherto the preserve of privacy regulators. Businesses wishing to share information with the CMA (and the wider world) about how they collect and monetise data have until 6 March to respond. The CMA published its “Call for information: the commercial use of consumer data” on 27 January. The purpose of the fact-finding exercise is to “understand the potential for the collection and use of consumer data to generate concerns, both in terms of competition and markets, as well as … Continue Reading ››
The 2014 Year End Newsletter looks at: I. Article 29 Working Party publishes Opinion on "Internet of Things" II. Data protection and competition law - statement by the Federal and State Commissioners for Data Protection III. Are IP-addresses personal data? - German Federal Court of Justice ask ECJ IV. Data processing for marketing: new guidelines V. Outlook on current draft laws and recommended reading A brief summary of each point is below - to read the full newsletter, please click here. I. Article 29 Working Party publishes Opinion on "Internet of Things" The WP29 considers IoT as generally permitted, but clearly states that any stakeholder is responsible for data protection. Despite of consent requirements and transparency obligations, personal data should be aggregated to the greatest extent possible and the principles of privacy by default and privacy by design shall be applied by the stakeholders. II. Data protection and competition law - statement by the Federal and State Commissioners for Data Protection While … Continue Reading ››