Privacy-enhancing technologies
[datenrecht.ch] Leitlinien des Beratenden Ausschusses der Europarats-Konvention 108 zu “Big Data”
[Peep peep!] CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept
[Switzerland] D. Rosenthal on DSG Vorentwurf (outdated now)
[Germany, Bavaria] DPA Annual Report 2015/2016
[UK/India] – Health Company Fined by UK’s ICO
- Subcontractor based in India to process sensitive personal data without adequate data processing / data transfer grounds
- Lack of contractual definition of adequate technical and organisational measures in India
- Sensitive personal data (with high severity) sent via unencrypted email
- Sensitive personal data on FTP server without restricted access controls
- Patient found his/her data via Internet search
[Germany] Standard Datenschutzmodell
[Paper] Google DeepMind and healthcare in an age of algorithms
DeepMind acquired NHS data “without obtaining explicit consent from any of the patients” – an “inexcusable failure”
Google DeepMind and healthcare in an age of algorithms
China’s Cybersecurity Law and administration of medical devices in China
“The China Food and Drug Administration (“CFDA”) has issued guidelines aimed to implement China’s new Cybersecurity Law (“CSL”) in the administration of medical devices in China. This development is a clear signal that Chinese regulators intend to enhance cybersecurity protection in the healthcare sector.”
[UK] Subject Access Request in litigations – ruling based on current UK law
“The English Court of Appeal has ruled in two recent cases that subject access requests are generally valid, and businesses must comply with such requests, even if they are made for collateral purposes, such as collecting information for use in litigation. However, the court also clarified that the subject access regime only requires businesses to conduct a reasonable and proportionate search – not an exhaustive search.”