Tuesday, April 26, 2016

Obtaining users’ consent on IoT devices

1. Introduction

The number of IoT devices is growing daily. Although the estimates of the current number of connected smart devices vary, it is indisputable that all the sensors produce unimaginable amounts of data. We have come from smart phones and smart fridges to smart everything. The aim behind all the data collection is to improve users’ daily life. However, as with many good things, IoT also have side effects: they may pose risk to users’ privacy and security. For this reason, the regulators believe users should be adequately informed about the possible risks to make an informed decision on the use of the novelty.

Monday, September 28, 2015

Dark clouds over Safe Harbor

I wrote about a year ago about an Ireland’s data protection case, in which an Austrian data protection activist Max Schrems challenged the Irish Data Protection Authority (DPA) to review how Facebook Ireland handles his personal data, in particular the transfer of personal data to the US.

The Irish DPA claimed that as Facebook is Safe Harbor certified, the DPA is bound by the European Commission (Commission) decision on Safe Harbor. During the proceedings, the judge has asked the Court of Justice of the European Union (CJEU) if national DPAs may conduct an independent evaluation of a third country’s level of data protection although the Commission has evaluated this third country as adequate. A few days ago, the Advocate General published his Opinion on the Case C-326/14.

Read more »

Wednesday, June 3, 2015

Privacy and Big Data in the Cloud

Any company involved in personal data processing by means of cloud computing services should be evaluating their data processing activities in order to single out any potential data protection risks.

This white paper addresses three data protection requirements that could service providers should be focusing on: the controller/processors classification of the parties involved, data security, and notifications of data breaches. 

Wednesday, May 13, 2015

Big Data transfers in the absence of Safe Harbor

Safe Harbor is a data transfer mechanism for United States companies to ease the transfer of personal data between the EU and the US.

At the moment the future of Safe Harbor is anything but certain. It s currently being reviewed by the Court of Justice of the European Union; the mechanism is being politically challenged and is undergoing a process of re-negotiation, with EU Regulators wishing to make it more secure.

Read more »

Tuesday, April 28, 2015

Cookie Rules in the EU

Cookie rules are defined in the e-Privacy Directive 2002/58/EC, as amended by the 2009 Citizens’ Rights Directive, in Article 5 that regulates confidentiality of communications. Electronic communication service providers should not listen, tap, store or carry out any other form of surveillance without obtaining users’ prior informed consent.