Weekly Data Privacy Alert- 8 June 2015
Monday, June 8, 2015

EU

European Data Protection Supervisor Calls for Better Regulation of Mobile Health

In a recent opinion, the European Data Protection Supervisor, Giovanni Butarelli, called for better EU-wide data protection relating to mobile health. Butarelli acknowledged the potential of mobile health for improving healthcare, but also highlighted the risks it poses for privacy and data protection. Butarelli appealed to the EU legislator to foster accountability of app designers and to encourage the application of privacy by design and by default. Butarelli announced that the Internet Privacy Engineering Network (IPEN) will be encouraged to test new best practices for mobile health and consider the global dimension of mobile health in order to reinforce cooperation between data protection authorities around the world.

UK

New Guidance Published Regarding Data Requests Under Processor BCR

The Article 29 Working Party has published some new guidance on how BCR companies should respond to data requests from foreign government authorities. The guidance has been updated to address the issue encountered by companies that are forced to be in breach of either foreign legal requirements for noncompliance or European data protection rules if they do comply with a data disclosure order.

Government Urges Business to Take Action as Cost of Cybersecurity Breaches Doubles

Government research shows the average cost of the most severe online security breaches for big business now starts at £1.46 million. The government has urged businesses to take action in light of rising malicious software attacks and staff-related breaches.

German Association Calls for Corporate Data Protection in the General Data Protection Regulation

In its recent general meeting, the German Association of Data Protection Officers called for the integration of corporate data protection into the EU General Data Protection Regulation. The federal data protection officer, Andrea Voßhoff, confirmed that Germany will promote the two-pillar model within the EU. However the state secretary from the Federal Ministry of the Interior, Cornelia Rogall-Grothe, suggested that the German government has not yet succeeded in finding support for such a model. As things presently stand, EU member states are free to choose whether companies are required to install corporate data protection officers.

Bavarian Office for Data Protection Participates in International Examination of Children’s Online Privacy

For a number of years the Global Privacy Enforcement Network (GPEN), a worldwide alliance of data protection authorities initiated by the OECD, has been carrying out privacy examinations of online services such as apps and websites. This year’s examination focuses on online privacy of children up to 13 years of age. Areas such as whether privacy policies are designed in a child-friendly manner or whether parents have the opportunity to make protective settings will be explored.

The Bavarian Office for Data Protection is one of 28 participating authorities worldwide. Following international standards, it will examine randomly selected Bavarian and international children’s apps in fields such as learning, social media, television or gaming. The results of the examination will be delivered to GPEN coordinators in the UK and Canada, and published after evaluation.

The Netherlands

Bill on Notification of Data Leaks is Passed in the Netherlands

The Bill on Notification of data leaks was passed by the Dutch Senate on 26 May 2015. The Bill will impose an obligation on data controllers in the Netherlands to notify the Dutch Data Protection Authority and affected individuals in the event of a breach. The law may also require data controllers to update agreements with their data processor to account for breach notice obligations.

Increased fines will also be imposed on both data controllers and data processors for violations of the Dutch Data Protection Act. The fines have been increased up to €810,000 or 10% of the company’s net turnover.

The Bill is expected to enter into force in 1 January 2016.

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins