stefan – Page 44 – Privacy Design®

September 8, 2020

EDPB: Guidelines 8/2020 on the targeting of social media users (v1, 2-Sep-2020, for public consultation)

Version 1.0
Adopted on 2 September 2020
Version for public consultation

https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_202008_onthetargetingofsocialmediausers_en.pdf

September 8, 2020

Swiss-US PrivacyShield is dead (08-Sep-2020)

US-Privacy Shield is no longer listed as adequate in list maintained by Swiss Federal Data Protection Office. (updated 8-Sep-2020)
https://www.edoeb.admin.ch/dam/edoeb/de/dokumente/2020/staatenliste.pdf.download.pdf/20200908_Staatenliste_d.pdf

EDöB’s assessment on 8-Sep-2020: https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-80318.html

September 8, 2020

LfDIBW: Orientierungshilfe SchremsII (7-Sep-2020)

https://www.baden-wuerttemberg.datenschutz.de/wp-content/uploads/2020/08/Orientierungshilfe-Was-jetzt-in-Sachen-internationaler-Datentransfer.pdf

September 8, 2020

Declassified FISA court ruling on NSA and FBI personal data collection

The recently declassified ruling by FISA Court James Boasberg about NSA and FBI violations of privacy in collecting personal data from tech and telcos,

Full text here:
https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2019_702_Cert_FISC_Opinion_06Dec19_OCR.pdf

September 8, 2020September 8, 2020

CNIL guidance on data deletion and retention

In July 2020, the CNIL (DPA for France) published guidelines on data retention (Guide pratique – Les durées de conservation). https://www.cnil.fr/sites/default/files/atoms/files/guide_durees_de_conservation.pdf

These reflect early CNIL recommendations from 11-Oct-2005 on the archiving of personal data.
They aim to provide practical help to define the data retention rules and periods.
Similar to DIN-66398 (German industry standard on data retention/deletion) they don’t include guidance on specific data categories. https://din-66398.de/

However, CNIL does define data retention periods in separate dcouments (“Référentiel”). Up to now, two such Référentiels have been published for the health sector:

Recherches dans le domaine de la santé – https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_recherches_dans_le_domaine_de_la_sante.pdf
Traitements dans le domaine de la santé (hors recherches) – https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_traitements_dans_le_domaine_de_la_sante_hors_recherches.pdf

September 7, 2020

Guidelines 07/2020 on the concepts of controller and processor in the GDPR (succeeds WP169)

The EDPB just published the long-awaited successor of WP 169 of 2010:
Guidelines 07/2020 on the concepts of controller and processor in the GDPR

https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/guidelines-072020-concepts-controller-and-processor_en

September 4, 2020September 4, 2020

CNIL Audits – Control Charter (Privacy Inspection)

The DPA for France has published its Control Charter that explains how it conducts privacy inspections.

https://www.cnil.fr/fr/controles-de-la-cnil-une-charte-pour-tout-comprendre

Link to the actual document (in French)
https://www.cnil.fr/sites/default/files/atoms/files/cnil-charte_des_controles.pdf

September 3, 2020September 3, 2020

New Health Apps Section on HHS.gov/HIPAA

OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.

The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including: