Category: News

https://sfia-online.org/en/sfia-8/all-skills-a-z

and specifically:

• Personal data protection PEDP
  https://sfia-online.org/en/sfia-8/skills/personal-data-protection
• Information assurance INAS
  https://sfia-online.org/en/sfia-8/skills/information-assurance
• Information security SCTY
  https://sfia-online.org/en/sfia-8/skills/information-security

Job profiles, future skills

https://www.cnil.fr/fr/fuite-de-donnees-de-sante-sanction-de-15-million-deuros-lencontre-de-la-societe-dedalus-biologie

https://www.cnil.fr/fr/intelligence-artificielle/intelligence-artificielle-de-quoi-parle-t-on

The PDPC has published a new Guide on Basic Anonymisation to provide more practical guidance for businesses on how to appropriately perform basic anonymisation and de-identification of various datasets through a simple 5-step anonymisation process.

https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/Guide-to-Basic-Anonymisation-31-March-2022.ashx

Nice clarifications (Singapore):

Anonymisation

• refers to the conversion of personal data into data that cannot be used to identify any individual. PDPC views anonymisation as a risk-based process, which includes applying both anonymisation techniques and safeguards to prevent re-identification.

De-identification

• refers to the removal of identifiers (e.g. name, address, National Registration Identity Card (NRIC) number) that directly identify an individual.
  De-identification is sometimes mistakenly equated to anonymisation, however it is only the first step of anonymisation. A de-identified dataset may easily be re-identified when combined with data that is publicly or easily accessible.

Re-identification

• refers to the identification of individuals from a dataset that was previously de-identified or anonymised.

https://www.cr-online.de/blog/2022/03/31/trans-atlantic-data-privacy-framework-trotz-u-s-supreme-court-entscheidung-in-fbi-v-fazaga/

Good summary article by Katharina Koerner

https://iapp.org/news/a/privacy-and-responsible-ai/

• Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
  https://iapp.org/news/a/standardization-landscape-for-privacy-part-1-the-nist-privacy-framework/

• Standardization landscape for privacy: Part 2 — ISO/IEC
  https://iapp.org/news/a/standardization-landscape-for-privacy-part-2-iso-iec

The Spanish Data Protection Agency (AEPD) has published a checklist to help data controllers quickly identify and determine whether the process and documentation they are following to carry out a Data Impact Assessment contains the required elements.

https://www.aepd.es/es/prensa-y-comunicacion/notas-de-prensa/la-aepd-publica-lista-verificacion-para-ayudar-responsables-evaluaciones

Checklist:
https://www.aepd.es/es/documento/lista-verificacion-eipd-consulta-previa.docx

.. or is T-ADPF?

.. and why “Data Privacy” – and not “Privacy” nor “Data Protection”?

The EDPS already commented on Twitter that
“#EDPS welcomes, in principle, the announcement from @vonderleyen and @POTUS¨ on the new transatlantic data transfer agreement ” (see https://twitter.com/EU_EDPS/status/1507382700575010816)

Current (scant) information on the TADPF (ot TDPF) can be found at:

• EU Commission on TADPF (or TDPF) – https://ec.europa.eu/commission/presscorner/detail/en/FS_22_2100
• Whitehouse Fact Sheet on TADPF (or TDPF) – https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/
• NOYB on TADPF (or TDPF) at https://noyb.eu/en/privacy-shield-20-first-reaction-max-schrems

.. and we should probably avoid “Privacy Shield 2.0” (to avoid bad luck)

.. and Schrems III (or 3) likely still to come.

For ongoing details/news please see https://www.tdpf.eu/ (or https://www.tadpf.eu/)

ISO/IEC JTC 1/SC 27/WG 5 “Identity management and privacy technologies”
WG5 SD1 Roadmap

https://www.din.de/blob/259644/3cdbb1f16477b58f90c7ce8b87757527/sc27wg5-sd1-data.pdf