On 16 February 2010, the Article 29 Working Party adopted an opinion on the concepts of data “controller and “processor”, which are crucial for determining who is responsible for compliance with EU data protection rules. The opinion provides a comprehensive analysis as well as practical examples and rules of thumb on how to approach the concepts pragmatically.
On February 5th, the European Commission decided to modify the standard contractual clauses for transfers of personal data, repealing the original decision (Decision 2002/87/EU) that introduced these clauses back in 2002. The European Commission considered it necessary to adjust the existing standard contractual clauses to meet the growing challenges of global outsourcing.
The Article 29 working party of European data protection authorities published a roadmap listing areas of future reform of privacy legislation in the EU. “Privacy by design,” increased accountability and a reduction in administrative filing obligations are among the WP29’s proposals.
As reported in the press, “the Council of the European Union has approved new legislation that would require Web users to consent to Internet cookies.” But it is not quite as clear-cut as that quote suggests. The consent requirement relates cookies that collect personal data — an important qualification — and some cookies appear to fall outside of the consent requirement. We detail the fine points of what has happened in this blog entry.
As the 31st annual International Conference of Data Protection and Privacy Commissioners wraps up in Madrid, capped by the announcement that next year’s conference will occur in Jerusalem, to be hosted by the Israeli Information and Technology Authority, some reflections: • Security vs. Privacy There continues to be a tension between the need for security from […]
American-style data security breach notification laws may be coming to the EU, affecting all companies holding personal data
The Federal Trade Commission settles with 6 companies over Safe Harbor misrepresentations and lapsed certifications.
In the United States, regulators and policy makers are taking a close look at the issues surrounding behavioral advertising and how to protect the privacy of consumers. A vigorous debate is occurring over self-regulation versus the asserted need for legislation or regulation. So it is interesting to see what is going on in Europe in the realm of self-regulation.