July 2020 – Privacy Design®

July 19, 2020

Assessment List for Trustworthy Artificial Intelligence (ALTAI) for self-assessment

On the 17 of July 2020, the High-Level Expert Group on Artificial Intelligence (AI HLEG) presented their final Assessment List for Trustworthy Artificial Intelligence.

https://ec.europa.eu/digital-single-market/en/news/assessment-list-trustworthy-artificial-intelligence-altai-self-assessment

July 17, 2020July 17, 2020

ICO on Assessing the Adequacy of International data transfers (July 2017?)

In case you are need for some inspiration in the wake of Schrems II..
https://ico.org.uk/media/for-organisations/documents/1529/assessing_adequacy_international_data_transfers.pdf

July 10, 2020July 10, 2020

Germany: DPA Niedersachsen: FAQ on Auftragsdatenverarbeitung (data processing)

https://lfd.niedersachsen.de/download/156382/FAQ_zur_Auftragsverarbeitung_nach_Art._28_DS-GVO.pdf

Blog article with some commentary
https://www.delegedata.de/2020/07/datenschutzbehoerde-niedersachsen-umfassende-faq-zur-auftragsverarbeitung-nach-der-dsgvo/

Interesting note on contracts.

July 10, 2020July 10, 2020

ENISA: online tool for security of personal data processing

Evaluating the level of risk for a personal data processing operation
https://www.enisa.europa.eu/risk-level-tool/risk

includes further links to risk assessment methodologies

July 7, 2020July 7, 2020

EDPS Survey on Data Protection Impact Assessments under Article 39 of the Regulation (case 2020-0066)

Interesting report that also points out the wide variety in DPIA formats and sizes.
It also talks about specific passages and questions used.

https://edps.europa.eu/sites/edp/files/publication/20-07-06_edps_dpias_survey_en.pdf

Additional EDPS guidance:

July 7, 2020July 7, 2020

CNIL Open Data initiative

https://www.cnil.fr/fr/opendata

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

Contact information for Data Protection Authorities around the world
Number of formal notices notified each year since 2014
Number and type of sanctions notified each year since 2014
Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
List of notifications of personal data breaches received by the CNIL
List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
Number of complaints received annually by the CNIL since 1981
etc.

July 1, 2020July 1, 2020

Germany: Helpers on Register of Data Processing Activities

DSK: Muster Verarbeitungsverzeichnis Verantwortlicher
https://www.datenschutz-mv.de/datenschutz/DSGVO/Hilfsmittel-zur-Umsetzung/

Kurzpapier Nr. 1 (Verzeichnis von Verarbeitungstätigkeiten – Art. 30 DS-GVO)
https://www.datenschutzmv.de/static/DS/Dateien/Publikationen/Kurzpapiere/Kurzpapier_Nr_1.pdf

(Privacy register, Privacy registry)

July 1, 2020July 1, 2020

Blog post: What’s in a CNAME?

The perils of letting third party trackers use your CNAME / subdomain.
https://www.simoahava.com/web-development/whats-in-a-cname/

July 1, 2020July 2, 2020

Germany: SDM 2 – first three modules published

The German Data Protection Authorities are developing a Standard Data Protection Model (SDM), as a guideline for data controllers.
They just published the three first modules – on “Documentation”, “Logging” and “Data deletion”.
So “Data deletion” is obviously a priority to them.

https://www.datenschutz-mv.de/datenschutz/datenschutzmodell/