Danish DPA refers municipality to police for GDPR violation

Denmark’s data protection authority Datatilsynet is reporting the municipality of Lejre to the police for failing to provide an appropriate level of computer security. After the council reported a breach of personal data, Datatilsynet says it became aware the municipality’s children and young people department included information of a particularly sensitive and protective nature of […]

EC launches public consultation on cybersecurity

The European Commission (EC) is seeking the views of interested parties on its 2016 directive which called for a high level of security for network and information systems across the trading bloc. The review will include assessing whether cybersecurity has improved across the EU, identifying existing and emerging issues, and quantifying regulatory costs and benefits. […]

More than half of organisations subject to GDPR collect more data than the regulation permits, a study has found

A Data Risk and Security report released by the security software company Netwrix has revealed that companies are failing to follow GDPR and security best practices. The survey of just over a thousand respondents revealed that security professionals are often bypassing many of the six stages of the data lifecycle. While security issues are mitigated […]

South Korea hopeful on GDPR transfer exception

The South Korea-EU summit on 30 June is expected to discuss South Korea’s exemption from paying GDPR transfer fines. The exception would allow its businesses located within the EU to transfer data to South Korea without penalties. After failing to get the agreement in 2016 and 2018, South Korea has taken a number of steps […]

EDPB brings out register listing decisions

The European Data Protection Board (EDPB) has published a new register containing decisions taken by national supervisory authorities (SAs) under the One-Stop-Shop (OSS) cooperation procedure within GDPR. The European Union’s General Data Protection Regulation (GDPR) requires supervisory authorities to cooperate on cases with a cross-border component to ensure consistent application of GDPR. Up until early […]

French Health Data Hub must work with DPA, says government

France’s Council of State has ordered the Health Data Hub to share information on its pseudonymisation procedures with the country’s data protection agency CNIL. That will allow the authority to verify if the measures ensure sufficient protection of the data to prevent, as far as possible, identification of individual people, the council said. In April […]

Post-Brexit UK adequacy decision at risk due to data-sharing agreement with US

The EU’s data protection watchdog has said that the UK-US agreement entered into in 2019 could undermine the UK’s chances of receiving an adequacy decision The European Data Protection Board wrote to the European Parliament on 15 June 2020 outlining their concerns that the UK-US agreement to facilitate access to electronic evidence in criminal investigations […]

Norway drop contact-tracing app after Amnesty privacy investigation

Norway has abandoned plans to introduce a contact-tracing app to combat coronavirus after Amnesty investigation revealed its live-tracking capabilities Amnesty International’s investigation into COVID-19 contact tracing apps across Europe, Middle East, and North Africa showed that Bahrain’s ‘BeAware Bahrain’, Norway’s ‘Smittestopp’ and Kuwait’s ‘Shlonik’ present the biggest threats to privacy due to their live-tracking capabilities. […]