[IRPCoalition] Fwd: UN To Appoint Special Rapporteur for Privacy

Viktor Szabados vikszabados at gmail.com
Fri Jul 3 09:14:05 EEST 2015

---------- Forwarded message ----------
From: IAPP Europe Data Protection Digest <publications at iapp-email.com>
Date: Thu, 02 Jul 2015 22:16:18 -0600
Subject: UN To Appoint Special Rapporteur for Privacy
To: vikszabados at gmail.com

IAPP Dashboard Digest
To view this e-mail as a web page, go
here .


3 July 2015

Quick Links
Career Central
 - IAPP Privacy Training Classes
 - IAPP Annual Award Nominations

Greetings from Brussels!

I write amidst climbing temperatures this week in Brussels; we're
looking at a high of 38C over the weekend. For our North American
readership, that equates to 100.4F. The temperature is not the only
thing going into overdrive; the news here is dominated by the Grexit
question: Having defaulted on June 30 to the tune of a 1.6
billion-euro debt repayment to the IMF, the Greek government has now
announced, without forewarning, a referendum vote on cash for reforms.
Regardless of a "Yes" or "No" vote, it is a risky and potentially
catastrophic gamble for all of Europe. You have to ask where this
crisis is going to end. With Greek banks at the breaking point, you
would be forgiven for thinking that the Greek people—much like
the rest of Europe—are starting to ask questions of
 Tsipras' radical-left Syriza party. Nothing is clear, seemingly even
for the Greek government. Like many fellow Europeans, I have watched
this crisis unravel and can only hope that our politicians find a
sustainable solution in the face of this force majeure as we are
running out of time.

In other news and closer to privacy interests, this week the European
Parliament's trade committee (INTA) considered amendments to its
position on the proposed Transatlantic Trade and Investment
Partnership (TTIP). The TTIP has been dubbed a second-generation trade
deal seeking to go well beyond conventional tariffs and quotas by
strengthening the international order through regulatory cooperation.
It is true that over time, trade agreements have increasingly become a
forum for debating rules and standards between countries and economic
areas. International trade negotiations have a far-reaching scope that
now covers digital technology and Internet businesses. These
negotiations have, therefore, become a new platform for the inclusion
and development of Internet-related policies, and with
 negotiations on telecommunications, online services, regulatory
cooperation and e-commerce, there are now significant discussions on
the question of limitations of users' rights and data protection.

Although EU member states requested to exclude the issues of privacy
and data protection from the negotiations, these issues nevertheless
arise through discussions on data flows. The EU and U.S. come to the
table with fundamentally different approaches to legal standards for
data protection. On the EU side, data protection and privacy are
fundamental rights recognized under the EU Charter of Fundamental
Rights and protected by EU law, while the U.S. lacks comprehensive
data protection legislation providing similar rights. The U.S.
International Trade Commission considers data protection a "barrier to
trade" and seeks to lower data protection standards as a way to
increase U.S. export sales in the digital economy. According to the
International Trade Commission's study on digital trade in
 the U.S. and global economies, the U.S. has a "particular concern"
with regard to EU data protection requirements due to their
"strictness and difficulty to comply with."

The finalization of the GDPR may certainly impact U.S. digital
business models abroad, and as such, the U.S. is undoubtedly fully
conversant on what it would want to see provided for in an eventual
TTIP agreement. The EU did concede earlier in the year that
international data flows could be part of the TTIP negotiation, but
only once the GDPR is agreed. What remains to be seen is whether the
GDPR will satisfy the U.S. TTIP expectations. Let us not forget the
EU-U.S. trade relationship is the biggest in the world, and the TTIP
agreement will cover 40 percent of global GDP. There is arguably a lot
at stake.

On a final note, I would like to wish our U.S. readership and
membership a splendid 4th of July weekend.

mailto:pjordan at privacyassociation.org
Paul Jordan

Managing Director

IAPP Europe

Save your seat in BrusselsCAN'T-MISS KEYNOTES

IBM's Jeff Jonas and David J. Becker of the Pew Charitable Trusts are
confirmed to headline the
IAPP Europe Data Protection Congress 2015 . You're not going to want
to miss this! We're expecting the biggest Congress yet—save your
seat now.
1-3 December, Brussels

Register Now

PRIVACY COMMUNITYUN To Appoint Special Rapporteur for Privacy
The United Nation's Human Rights Council (HRC) will tomorrow announce
its appointment for a special rapporteur on the right to privacy.
President of the Human Rights Council Joachim Ruecker
announced Wednesday  that the HRC's Consultative Group ranked first
Katrin Nyman-Metcalf of Estonia, though "concerns were raised as to
whether she was the best qualified candidate for this specific
position." As such, Ruecker recommends for the job the Consultative
Group's second-rank pick, Joseph Cannataci of Malta, "who has
long-standing experience in the field of human rights." A total of
30 candidates  applied, including former German Data Protection
Commissioner Peter Schaar and Dutch DPA Chairman Jacob Kohnstamm.
Angelique Carson, CIPP/US, reports in this exclusive for The Privacy

Full Story
DATA PROTECTION—EU & FRANCEWP29's Falque-Pierrotin on Key
Digital Privacy, Security Issues
Isabelle Falque-Pierrotin of the Article 29 Working Party and the CNIL
talks with Wired about delisting, the CNIL's case against Google and
making privacy the default. Asked what the most important digital
privacy and security issue is, Falque-Pierrotin first lists "making
security issues represented as really important and as a priority for
all of the stakeholders. I'm not sure that's the case right now." And,
she continues, it is important to "convince people that data
protection is not against innovation and growth; on the contrary, data
protection contributes to confidence. It is a key factor in the
digital environment."

Full Story


SURVEILLANCE—UK"Snooper's Charter" To Move Forward
British Prime Minister David Cameron will officially move forward with
anti-terror surveillance legislation, once dubbed the "Snooper's
Charter," Politico reports. "The question we must ask ourselves is
whether ... we are content to leave a safe space ... for terrorists to
communicate with each other," Cameron said. "My answer is no, we
should not be," he continued. Tech company In.die has pledged to take
its business elsewhere. "We're not going to stay in a country where we
might be forced to backdoor our products—and possibly not even
be allowed to tell anyone about it," the company said in a statement.

Full Story
PRIVACY LAW—EU & U.S.Austrian Court Dismisses Facebook Suit;
Schrems "Will Go to a Higher Court"
Activist Max Schrems' suit alleging that Facebook's "terms of service
and data collection policies violate EU law and their consumer rights"
was dismissed by Vienna District Court, which cited lack of
jurisdiction and a blurring of personal and professional use of the
service, The Irish Times reports. "It is clear that the complainant is
using the enormous media interest in his case against Facebook ... for
the sales of his book and his career, even if it was credible that
this is a social-societal concern for the complainant," said Judge
Margot Slunsky-Jost.
The Wall Street Journal has called the dismissal "a boon for
Facebook." Schrems said he "will go to a higher court ... The court is
simply passing the hot potato on."

Full Story
PRIVACY COMMUNITY—EU & JAPAN Privacy Pro Awarded Japan's "Best
Consumer Supporter"
The Japanese Consumer Affairs Agency (CAA) has awarded Christopher
Kuner its "Best Consumer Supporter" award. At a ceremony June 26,
Kuner was awarded a medal for "services to Japanese consumers,"
according to the CAA's Takeshi Okano. Kuner, an attorney at Wilson
Sonsini Goodrich & Rosati, said he had been meeting with various
ministries in Tokyo last year to answer questions on EU data
protection law as Japan is
in the midst of reforming its privacy law  and is looking at the EU
for guidance. The CAA said Kuner has "made substantial contributions
to the advancement of the knowledge of Japanese consumers on European
personal data protection."

Full Story
SURVEILLANCE—EUWP29 Issues Drone Guidance
The Article 29 Working Party (WP29) has adopted its
Opinion on Privacy and Data Protection Issues Relating to the
Utilisation of Drones , Out-law.com reports. The opinion states
manufacturers of the burgeoning technology have a significant role to
play in helping users understand the privacy implications of its use.
Manufacturers should, for example, embrace Privacy by Design in the
production of drones. "Data protection should be embedded within the
entire life cycle of the technology," the WP29 opinion states, "from
the very early design state, right through to its ultimate deployment,
use and final disposal; such technology should be engineered in such a
way as to avoid the processing of unnecessary personal data."
Additionally, the industry could create codes of conduct to ensure
data protection is addressed.

Full Story
PRIVACY ENFORCEMENT—UKICO Annual Report Discusses Increased Powers
The Information Commissioner's Office has released its
annual report , and Information Commissioner Christopher Graham is
reflecting on "the strengthening of his regulatory powers to show how
the legislation continues to develop" toward greater data security as
well as the impact of the now 10-year-old Freedom of Information Act.
The Register reports that the total of fines issued by the ICO "has
halved compared with last year—despite the watchdog receiving
roughly the same number of complaints about data protection." The
report statistics include 14,268 data protection concerns logged with
the office, 41 data controller audits and 1,078,500 GBP in civil
monetary penalties.

Full Story
PERSONAL PRIVACY —EU & UK BBC Anti-RTBF Actions Criticized
The BBC's displeasure with the right to be forgotten and its
subsequent republishing of 182 of its Google-delisted links "needs to
be viewed with considerable caution," The Guardian opined, indicating
that Google had already found the links to be conduits to "personal
information that is inaccurate, irrelevant or out of date and holds no
public interest," and that the site "misleadingly" promoted the links.
"It was a deliberate journalistic choice that causes public shame and
has not meaningfully contributed in any way to better policy making,"
the report states, continuing, "It looks petulant, not constructive.
And in some cases, it deceptively withholds crucial details ...
without also identifying that the original story has been modified
simultaneously to remove the complainant's name.
 So much for transparency."

Full Story
ONLINE PRIVACY—EU & FRANCECNIL: 20 Websites Not Complying with Cookie Laws
French Data Protection Authority the CNIL has told 20 websites they
are failing to comply with EU cookie laws, The Register reports. The
CNIL "this week put the websites on notice for not giving users enough
information about how their activity is being tracked," the report
states, noting EU law requires websites to get "explicit informed
consent before placing cookies on browsers," and citing the CNIL's
2013 guidelines information companies on how to comply with the law.
"However, several spot-checks last year revealed that although some of
the sites have a banner informing users that cookies will be placed on
their computer, none of them waited for consent before doing so," the
report states.

Full Story
DATA PROTECTION—EUOfficials Discuss Power of Big Data,
Importance of Data Security
Big data, if used correctly, can fuel innovation, German MEP Axel Ross
and Former Secretary General of the CNIL Yann Padova argue in a report
for EurActiv."The protection of our fundamental rights must remain at
the centre of the Data Protection Regulation because it's the
foundation of our European identity and common values," the report
states. When data is harvested, "fundamental rights" and the
"innovation principle concerning companies' use of data" should be
weighed in equal measure, they argue, adding that to do so, "initial
purpose for data collection" can't be the only focus. "Instead, we
should concentrate on the use of data and on the actual consequences
for people."
Meanwhile, Switzerland Chief of Data and Information Protection
Hanspeter Thur discusses the "hydra-esque" nature of data security.

Full Story
CLOUD COMPUTING—EUWorking Party Evaluating Draft Code of Conduct
The Article 29 Working Party is examining a draft cloud computing code
of conduct and could approve a final product by the end of summer,
Out-Law.com reports. "Representatives from Microsoft, Oracle and the
Cloud Industry Forum are among those that have been involved in
drafting the code," the report states, adding that the initiative aims
to "help potential cloud computing users assess whether a cloud
provider complies with EU data protection rules and with their own
data protection obligations." The code will "also help cloud providers
demonstrate that they comply with the data protection legal framework,
particularly when providing cross-border services," the report states.

Full Story
Lobbying Efforts
According to figures published by Transparency International, Google
and its lobbyists have had more meetings with European Commission
officials than any other single company, CIO reports. Google lobbyists
have had 32 meetings between December and June, the report states,
topped only by BusinessEurope, which has 67 member companies spanning
industries and including Microsoft, Facebook, IBM, Oracle and Samsung
Electronics. The data shows more than three-quarters of lobbyists in
that timespan were corporate; 18 percent were NGOs, and two percent
were local authorities. The analysis "shows more clearly which
companies have the greatest opportunity to influence decision-making,"
the report states.

Full Story
FINANCIAL PRIVACY—BULGARIAParliament Nixes Banking Privacy After
Bank's Collapse
A year after the collapse of Bulgaria's fourth largest bank, the
Parliament has abolished the country's banking privacy laws, Reuters
reports. Corporate Commercial Bank declared bankruptcy last June,
costing the Bulgarian government approximately 3.6 billion levs. The
action by Parliament will permit disclosure on accounts, deposits and
loans of the bank's clients, and allow AlixPartners, a forensics
investigatory firm, to track and recover the bank's assets. Last
month, Bulgarian Prime Minister Boiko Borisov said all data pertaining
to the bank should be publicized so that "everything comes to light."

Full Story
HEALTHCARE PRIVACY—UKHealth Insurer Clarifies Stance on Facebook-Owned App
BBC News reports on a new pledge from health insurer Vitality after
public backlash from its use of a Facebook-owned health fitness app.
Moves, the "always on" smartphone app, measures users' health-related
activities and locations visited. Vitality said it promoted the app to
encourage healthier lifestyles for workers, but privacy groups said
the insurer should be more clear and transparent about how data is
collected and accessed. One Internet privacy academic said this could
serve as a lesson for the broader health insurance industry. Health
data, he said, "can be used against (employees) in many
ways—from obvious things like health and life insurance premiums
to less direct things like credit ratings and even potential
employment decisions."

Full Story
DATA LOSS—MALTAPolice: IDPC Dropped the Ball on Breach Investigation
After a confidential file on a Maltese police inspector was leaked to
MaltaToday and resulted in the country's Data Protection Commission
(IDPC) fining the commissioner of police, the Malta Police Association
(MPA) has called foul, MaltaToday reports, stating the IDPC didn't do
its due diligence in investigating the breach. "The IDPC implied that
the leak took place under former Police Commissioner Peter Paul
Zammit, who resigned in July 2014, but it did not seek the comment of
either Zammit or Saviour Balzan, MaltaToday managing editor, who both
denied that Zammit was the source of the leak," the report continues.

Full Story
PRIVACY MANAGEMENTBellamy and Heyder on Moving Beyond Consent
Consent is a foundational aspect of information privacy, one upon
which many data protection and privacy laws around the world are
based, and one which provides a modicum of control to individuals.
"But is consent really the best and only way in the modern Information
Age to provide meaningful control and to protect the individual?"
Bojana Bellamy, CIPP/E, and Markus Heyder, both of Hunton & Williams,
ask in this post for Privacy Perspectives. In it, they argue that
consent is not necessarily the "best or only way to empower
individuals in this day" and provide three reasons and a host of
complimentary tools organizations can use to broaden individual
control and organizational accountability.

Full Story
DATA PROTECTIONThird-Party Vendor Management: A Checklist
In the last post of this series on effective and efficient vendor
management for The Privacy Advisor, K Royal, CIPP/E, CIPP/US, closes
with an overview to help you do due diligence holistically. The
checklist includes everything from risk assessment prior to hiring a
third-party vendor to terminating a contract with one. "Take a look
through this recap and mark where you're doing well and where you
could use some improvements," Royal writes. Miss any of the earlier
chapters in this series?
Find them here  in the IAPP Resource Center.

Full Story
ONLINE PRIVACYUniting Privacy and Customization
"Computer scientists and legal experts from Trinity College Dublin and
SFI's ADAPT centre are working to marry two of cyberspace's greatest
desires" via "Privacy Paradigm," an online privacy system that aims to
both customize and protect data on popular sites and apps "so that
users signing up would know exactly how private, or otherwise, their
personal information would be," Phys.org reports. "It's a grand target
we're setting ourselves and the research is ongoing," said Trinity
Prof. Owen Conlan, "but the big-picture vision is to make the way
online services use our personal—and often
privacy-sensitive—information as transparent and easy to
understand and manipulate as possible for ordinary users."

Full Story
CYBERSECURITYEntrepreneurs, MIT Reveal "Un-Decryptable" Prototype
Two Bitcoin entrepreneurs and the MIT Media Lab have revealed a
prototype for a system called Enigma, which allows data to be
encrypted in a way that it "can be shared with a third party and used
in computations without it ever being decrypted," Wired reports.
Enigma would allow untrusted computers to "accurately run computations
on sensitive data without putting the data at risk of hacker breaches
or surveillance," the report states. "The actual data is never
revealed, neither to the outside nor to the computers running the
computations inside," said MIT Media Lab's Guy Zyskind, one of
Enigma's co-creators.

Full Story
DATA LOSS Study Finds VPNs Exposing Personal Data
V3 reports that 11 out of 14 virtual private network (VPN) providers
are exposing personal information through a vulnerability linked to
IPv6, according to a study by the UK's Queen Mary University in
London. Since the Snowden revelations, VPN providers have seen an
increase in users, the report states, with those users often seeking
to avoid mass surveillance or to circumvent censorship. "There are a
variety of reasons why someone might want to hide their identity
online, and it's worrying that they might be vulnerable despite using
a service that is specifically designed to protect them," said Gareth
Tyson, co-author of the study.

Full Story
FINANCIAL PRIVACYBitcoin's Future Dependent on Emerging Rules
Virtual currencies (VCs) are gaining the attention of regulatory
bodies worldwide because they're growing in acceptance by retailers
and consumers alike. The U.S. Internal Revenue Service, which subjects
VC transactions to income tax liability for gains in value, just like
property, is one of those regulatory bodies. But it's at the state,
national and supra-national levels where authorities are starting to
set out rules. One of those emerging rules, and the responses its
generated from VC companies and industry forums, will impact the
privacy and data protection of VC users, writes Thomas Shaw, CIPP/E,
CIPP/US, in this exclusive for The Privacy Advisor.

Full Story
PRIVACY EDUCATIONWeb Conference: For Security, Are Passwords a Thing
of the Past?
Are passwords really dead as a security measure? And if they are, what
is the future of authentication and identity management? On Thursday,
16 July, from 1 to 2:30 p.m. EDT, the IAPP will host a web conference
on new and better methods beyond the password—including
biometrics and federated identity management. In "Beyond the Password:
Modern Online Authentication," Christopher Pearson, CIPP/G, CIPP/US,
general counsel and chief security officer at Viewpost, and James
Shreve, CIPP/US, CIPT, attorney at BuckleySandler, will discuss
innovative solutions like SQRL and what the future of authentication
may hold.

Full Story
PRIVACY LAWRoundup: The EU, U.S., Canada, Qatar and More
This week's Privacy Tracker weekly legislative roundup includes a
report on Qatar's Ministry of Information and Communications
Technology's plans to introduce a digital privacy law, as well as
information on Argentina's Personal Data Protection Authority's new
rule, which includes guidance on complying with the Personal Data
Protection Law. Plus, read about the latest legislative developments
in the U.S., including how the passage of the USA FREEDOM Act may
impact cross-border data transfers, and in Canada, where the Digital
Privacy Act has received Royal Assent. And read about when you can
expect guidelines on data protection enforcement in the EU. (IAPP
member login required.)

Full Story
CYBERSECURITYBevy of Surveys Indicate Data Protection Woes
An Online Alliance survey of 1,000 company sites indicates 46 percent
"were found vulnerable to known online security threats," finding a
specific trend of weakness in Internet of Things sites, ITProPortal
reports. These results come on the heels of an additional
SANS Institute report  suggesting, "Financial services organizations
are still being breached too often, most frequently by those with
insider access," with 46 percent of respondents citing "abuse or
misuse by internal employees or contractors." In South Africa, Check
Point Software Technologies'
Security Report found, "Mobile devices are the weak link in a
company's security chain," and Romania's
Business Review reports that privacy pros now believe there isn't a
"one-size fits all" approach to security.

Full Story
DATA COLLECTION Is Data Mining Misunderstood?
Data mining is less about privacy infringement and more about
analyzing information, a distinction that Apple CEO Tim Cook missed in
a recent address, Data Mining for Dummies author Meta Brown writes for
Forbes. "Data mining is merely a form of data analysis. It's an
adaptation of statistical analysis designed to enable
non-statisticians to analyze data in a quick and informal way," she
said. "And there's the real key to privacy. The central privacy issue
is not data mining, nor any other form of analysis. It's what data is
collected, how it's used and shared and used again." Meanwhile,
Cheat Sheet reports on other reactions to Apple's view on privacy,
including those of Edward Snowden.

Full Story
BIOMETRICSChurches Using Facial Recognition To Monitor Attendance
Churches are joining the widening group of entities using
facial-recognition software to track people, RT reports. In four
months, approximately 30 churches around the world have started using
a facial-recognition software called Churchix, according to Moshe
Greenshpan, the CEO of Face-Six, which sells the technology. Churchix
uses CCTV footage or photos to match churchgoers against a database of
high-resolution pictures collected by a church. It can be used to
monitor attendance, alert church officials if members stop coming to
services or screen for people banned from the church, the report

Full Story
PRIVACY IN PRACTICEMonitoring Your Privacy Program: Risk Assessments
and Documentation
So far in this exclusive series for The Privacy Advisor on monitoring
your privacy program, three industry leaders—one from a
consulting firm, one from healthcare and one from IT—have given
valuable insights on how to effectively monitor your privacy program
and what organizations should focus on when developing a comprehensive
program. Now, Deidre Rodriguez, CIPP/US, summarizes major themes that
have surfaced, regardless of industry. "The recommendations for
developing a monitoring program center around risk assessments; the
importance of documenting your monitoring activities; training, and
continuous monitoring throughout the life cycle of the program,"
Rodriguez writes.

Full Story
ONLINE PRIVACY"Revenge Porn" Searches Axed
Google's move to delist "revenge porn" from its search engines is a
healthy step forward for the right to be forgotten, The Guardian
reports. "Google has shown that the world won't be knocked off its
axis if the company goes beyond protecting financially relevant
information ... and takes aggressive steps to remove links to socially
relevant information that can harm autonomy, reputation and emotional
well-being," the report continues. Governments and corporations share
a duty to "invest in data protection rights," the report states,
noting those rights "will evolve through information-specific
categories" and it's less about being totally forgotten but rather
made "obscure" online.

Full Story
ONLINE PRIVACYListening Tool Now Optional for Chromium Users
user consternation  regarding Google Chromium's listening software,
Google has made the feature optional, Business Insider reports. While
the service in question "uses the computer's microphone to listen out
for the 'OK, Google' hotword to trigger voice searches," users were
not given the ability to opt out, the report states. Some expressed
concern "Google was downloading a 'black box' onto their machines that
was not open source and therefore could not be verified to be doing
what it said it was meant to do," the report continues. "As of the
newly landed r335874, Chromium builds, by default, will not download
this module at all," Google said in response, adding that if a user so
chooses, the service can be obtained via the company's web store.

Full Story


All Current Job Listings
Build your privacy skills! New two-day European data protection
training classes are headed to London. Your class includes everything
you need to get started. And if you decide to aim for a credential,
you'll have a head start.
17-18 September

Learn More Now

Hurry! The nomination period for the 2015 HP-IAPP Privacy Innovation
and IAPP Privacy Vanguard Awards closes in two weeks. Don't miss this
opportunity to give recognition where it's deserved. Deadline: 15 July

Submit A Nomination

Upcoming Events
7 July

IAPP KnowledgeNet

Barcelona, Spain

9 July

IAPP KnowledgeNet

Munich, Germany

9 July

IAPP KnowledgeNet

Paris, France

29 September-1 October

Privacy. Security. Risk.

Las Vegas, NV, U.S.

1-3 December

IAPP Europe Data Protection Congress 2015

Brussels, Belgium

19-21 February 2016

Second International Conference on Information Systems Security and
Privacy—ICISSP 2016

Rome, Italy

Digest Contributors

Pascale Gelly

Rocco Panetta

Bruno Rasle

Henriette Tielemans

Contributor Bios

Copyright(c) 2000-2015 International Association of Privacy Professionals.
The views in this eNewsletter, if any, are those of the authors and
are not necessarily those of the IAPP.

This email was sent to:vikszabados at gmail.com
75 Rochester Ave., Suite 4, Portsmouth, NH 03801 USA +1 603.427.9200

We respect your right to privacy -
view our statement  -
view the ExactTarget statement

Manage Subscriptions  |
Update Profile  |
One-Click Unsubscribe

vikszabados at gmail.com
+41 79 734 47 83

More information about the IRP mailing list