On August 19, 2014, more than one year after the first draft bill of an IT Security Act, the German Federal Ministry of the Interior has published the new draft bill of the Act, aimed at boosting the security of information technology systems. The full title of the legislation is “Entwurf eines Gesetzes zur Erhöhung der Sicherheit informationstechnischer Systeme" (IT Sicherheitsgesetz) (“IT Security Act
”). The new rules are still subject to change but look likely to come into force in early 2015.
In fact, the IT Security Act will not be an individual law, but will amend the Act on the Federal Office for Information Security, the Telecommunication Act, the Telemedia Act and the Act on the Federal Criminal Police Office as well as the Act on the German Federal Office of Information Security. The IT Security Act contains five central topics and provides for:
Our quarterly IT and data protection newsletter keeps you informed of current legal issues, decisions and events in the technology sector in Germany. We hope you enjoy reading.
This edition covers the following topics.
I. Canvas Fingerprinting – Tracking without Cookies
II. District Court of Berlin: WhatsApp must provide terms and conditions in German, and improve the legal notice
III. „No-Spy decree“ of the German Federal Ministry of Interior requires guarantee in procurement procedures
IV. German Supreme Court: Collection of minors’ personal data for marketing purposes in the course of a competition is not permitted
V. ECJ: Copies on the user’s computer screen as well as in the ‘cache’ of a computer’s hard disk, created in the course of viewing a website, do not infringe copyright
This is the link to the full version
The European Union Agency for Fundamental Rights has published a Handbook of European data protection law, to which I was a contributor.
This handbook is designed to familiarise legal practitioners who are not specialised in the field of data protection with this area of law. It provides an overview of the European Union’s and the Council of Europe’s applicable legal frameworks.
The Handbook can be found here.
The first edition of Olswang's Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team has been published.
Please click here
for a printable PDF version. In this first edition we cover:
In the last few months we have seen news headlines ranging from the international operation against the GameOver Zeus botnet, to state-sponsored hacking, arrests over the BlackShades malware, and the release of the latest Information Security Breaches Survey
, not to … Continue Reading ››
The latest responses by the UK government and the ICO to the EU reform proposals will (mostly) resonate with businesses concerned about some of the more far-reaching changes.
The latest developments and time line
Datonomy has been taking stock of two recent UK developments: the Government's response
to the Justice Select Committee's opinion on the European Data Protection framework proposals published by the MOJ on 11 January, and the "latest views from the ICO" 2 –pager
on 22 January.
Datonomy readers are no doubt au fait
with the intricacies of the EU legislative process, but may nonetheless enjoy the blog post
by Deputy Commissioner David Smith with its helpful insight into the current state of play and user friendly time line.
Despite the strength of the European Parliament's support
for the Commission's proposals, it still has a way to go, procedurally speaking. And not everyone shares the EP's wholehearted support for every aspect … Continue Reading ››
Datonomy has been reading the draft report of Rapporteur Jan Philipp Albrecht on the proposed Data Protection Regulations – all 215 pages of it! The full report (available here
) was discussed today by the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament and although it is not binding on the Committee or on the Parliament itself, it will carry significant weight during the upcoming negotiation phase of the draft Regulation.
What is clear from the report is that both the Commission and the Rapporteur are strongly supportive of radical reform to the current data protection regime. After the report was published Vivianne Reding, EC Commissioner for justice, fundamental rights and citizenship, tweeted that she is "looking forward to swift adoption by both EP [the European Parliament] and Council
" of the new data protection regulation. Momentum is building.
Although the UK's Information Commissioner handed out monetary penalties for serious breaches of the Data Protection Act for the first time this week, a new survey has suggested that UK consumers support even tougher sanctions for organisations that are guilty of losing personal data.
In a poll of 5000 consumers, conducted for LogRhythm by OnePoll, 62 percent of consumers felt that organisations should receive large fines for data loss with 31 percent going as far as to suggest company directors should be subject to criminal proceedings.
Further information about the survey and its findings can be found at the following URL: