In further production from the group’s June plenary session , the EU’s Article 29 Working Party, the collection of data protection authorities, released today extensive guidance relating to the privacy of employees, including a series of nine practical scenarios. Source: WP29 releases extensive employee-privacy guidance
guidance
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here ). As many of their documents, new guidelines will be influential for security and privacy engineering. Source: New NIST guidelines: security and privacy recommendations
On June 20, 2017, the UK Information Commissioner’s Office (ICO) published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests. Source: UK ICO Revises Subject Access […]
On June 20, 2017, the German Federal Ministry of Transport and Digital Infrastructure issued a report on the ethics of Automated and Connected Cars. The Report was developed by a multidisciplinary Ethics Commission established in September 2016 for the purpose of developing essential ethical guidelines for the use of automated and connected cars. Source: Germany […]
Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”). The Recommendation aims to provide guidance in response to the many questions that the Belgian DPA has received so far regarding the […]
In May, BSI Group, the national standards body for the U.K., held its most recent workshop looking at the development of standards around the use of big data. Privacy pros may find the group’s work particularly relevant as BSI approaches guidance, in particular, for the terms and conditions organizations would use to obtain and use […]
On 11 May 2017 the Spanish data protection authority (AEPD) in association with ISMS Forum Spain, published, a code on data protection best practices in relation to Big Data. It provides an analysis of the current legal framework and of the implications associated with the use of Big Data in light of the General Data Protection Regulation. Source: […]
In April European Data Protection Supervisor (EDPS) published necessity toolkit. The toolkit is designed to help policymakers identify the impact of new laws on the fundamental right to data protection and determine the cases in which the limitation of this right is truly necessary. Source: Privacy-friendly policymaking made easier: EDPS issues the necessity toolkit
Article 29 Working Party has published draft guidance on data protection impact assessments (DPIA). Its full text of is available on the Working Party’s website. Comments to draft guidance can be submitted by 23 May 2017. Source: Article 29 Working Party Issues Guidance on Data Protection Impact Assessments