On 8 June 2017, Article 29 Data Protection Working Party (“A29WP”) adopted Opinion 2/2017 on personal data processing at work. Building on and complementing previous guidelines (namely Opinion 8/2001 and the 2002 Working Document on the surveillance of electronic communications in the workplace), the Opinion makes a new assessment of the balance between legitimate interests of employers and privacy expectations of employees, in view of recent technological progresses enabling increasingly invasive employees’ personal data processing.
Legal tips for the cloud
Being aware of the legal aspects of cloud computing can help the adoption of cloud computing. Cloud computing can offer a more efficient option for services like data storage and email services with end users having their data stored in a remote location by a third party cloud provider. This model is often much cheaper than investing in servers and software, but it does come with risks. Users need to be sure the contract they sign really meets their needs, gives precise information regarding ownership, access, privacy and security, governing law, allocation of the risk and what happens if the cloud provider goes out of business.
CloudWATCH is publishing a series of informative tips for potential adopters of the cloud, indicating the right places to look for accurate and trustworthy information on this issue.
On 28 April 28 the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The following paragraphs summarise the Garante’s practical advice on each aspect.
The Article 29 Working Party (“A29WP”) has recently published its guidelines on Data Protection Impact Assessment (“DPIA”) introduced by art. 35 of EU Regulation 2016/679 (“GDPR”).
In the issue ICT Insider January 2017, we anticipated that the Article 29 Working Party (“WP29”) issued 3 guidelines on certain aspects related to General Data Protection Regulation (“GDPR”) that had given concerns since the very beginning of their publication. In its last Plenary meeting of this month, WP29 updated and approved the following guidelines:
The Information Commissioner’s Office has published for consultation its first GDPR-related draft guidance on consent under the General Data Protection Regulation.
On January 10, 2017, the European Commission issued the proposal for a Regulation on Privacy and Electronic Communications. This Regulation will repeal and supersede the current Directive 2002/58.
Cloud computing & IoT are on the rise, it is a good idea to start looking into these technologies and consider how they can and boost productivity minimizing risks.
Sometimes, clauses where an arbitration dispute resolution process is required are set in cloud computing contracts. This arbitration dispute resolution could appear as an alternative to the ordinary jurisdiction, or as a compulsory process (this assumption can not be applicable when the customers are consumers). Arbitration could be followed, as well, in case of exceeding a certain value or whether a concrete jurisdiction determined so....
Looking at news media, one cannot avoid the feeling that there is a real war going on the internet, with several active forces: armies, of course, but also raiders looking for easy money, wannabe pirates, professional and well determined attackers as well as absolute beginners without a clue. All provided with very effective weapons, compared to defences not always up to the menace.
by FABIO COATTI, ICT Legal Consulting - It's a common knowledge that the threat to IT systems is becoming increasingly versatile and subtle.
Hardly a day passes without tweets about new malware, news reports of big firms hacked or forums busy with new virus discussions, last example being the infamous CBT-Locker ransomware.