News – Page 43 – Privacy Design®

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

Contact information for Data Protection Authorities around the world
Number of formal notices notified each year since 2014
Number and type of sanctions notified each year since 2014
Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
List of notifications of personal data breaches received by the CNIL
List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
Number of complaints received annually by the CNIL since 1981
etc.

July 1, 2020July 1, 2020

Blog post: What’s in a CNAME?

The perils of letting third party trackers use your CNAME / subdomain.
https://www.simoahava.com/web-development/whats-in-a-cname/

July 1, 2020July 2, 2020

Germany: SDM 2 – first three modules published

The German Data Protection Authorities are developing a Standard Data Protection Model (SDM), as a guideline for data controllers.
They just published the three first modules – on “Documentation”, “Logging” and “Data deletion”.
So “Data deletion” is obviously a priority to them.

https://www.datenschutz-mv.de/datenschutz/datenschutzmodell/

June 30, 2020June 30, 2020

Paper: Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers

https://unacceptable-privacy.github.io/

June 30, 2020June 30, 2020

Germany: DIGA digital health applications can’t use Standard Contractual Clauses

in German:
According to the external legal blog post below, DIGA does not allow for standard contractual clauses for transfer of data in countries without an EU adequacy decision. (Note: Not all health apps fall under DIGA).
– This leads to an impact to apps, if US Privacy Shield would not survive Schrems II in mid-July 2020 – in the context of US 3rd parties used (e.g. Google Firebase, etc).

https://www.reuschlaw.de/news/risiko-fuer-betreiber-von-gesundheits-apps-datenuebermittlung-in-die-usa-wegen-eugh-urteil-bald-unzul/

June 29, 2020June 29, 2020

Germany BfDI: Position paper on Anonymization (with focus on telecoms)

https://www.bfdi.bund.de/DE/Infothek/Transparenz/Konsultationsverfahren/01_Konsulation-Anonymisierung-TK/Positionspapier-Anonymisierung-DSGVO-TKG.html?nn=5216976

My high-level reading (I’m not a lawyer..):

Anonymization is viewed as a processing activity and requires a legal basis. (The paper argues different approaches).
Transparency obligations must be met.
Anonymization can be used as an alternative to deletion.

June 29, 2020

CNIL: Cookies and other tracking devices: the Council of State issues its decision on the CNIL guidelines

In its decision of 19 June 2020, the Council of State (Conseil d’État) essentially validated the guidelines on cookies and tracking devices adopted by the CNIL on 4 July 2019…..
https://www.cnil.fr/en/cookies-and-other-tracking-devices-council-state-issues-its-decision-cnil-guidelines

June 25, 2020

EDPS’s publicly accessible electronic register of decisions taken by supervisory authorities.

This is the EDPS’s publicly accessible electronic register of decisions taken by supervisory authorities.

https://edpb.europa.eu/our-work-tools/consistency-findings/register-for-article-60-final-decisions_en

June 24, 2020

EMA Big data web page

https://www.ema.europa.eu/en/about-us/how-we-work/big-data#data-protection-section

also “Discussion paper on the general data protection regulation: secondary use of data for medicines and public health purposes” at
http://www.encepp.eu/events/documents/Discussionpaper.pdf

June 23, 2020

AEPD/EDPS: 14 equívocos con relación a la identificación y autenticación biométrica

14 misconceptions regarding biometric identification and authentication

https://www.aepd.es/sites/default/files/2020-06/nota-equivocos-biometria.pdf

Category: News

CNIL Open Data initiative