Embed Size (px)
Citation preview
eu-LISA PUBLIC
The path for the adoption of
the Privacy Shield is becom-
ing more and more difficult.
After the negative Opinions
of the Parliament and of the
Article 29 Working party, now
also the European Data Pro-
tection Supervisor (EDPS) has
expressed all its concerns
about the robustness of the
privacy guarantees contained
EU-US signs deal on police data exchange
On 2 June 2016, the European
Union and the United States
of America signed the so-
called "Umbrella agreement"
which puts in place a compre-
hensive data protection
framework for criminal law
enforcement cooperation.
The Agreement covers all
personal data (e.g., names,
addresses, criminal records,
etc.) exchanged between
police and criminal justice
authorities of the EU
Member States and the
U.S. federal authorities
for preventing, investi-
gating, detecting and
prosecuting criminal
offenses, including terror-
ism. The Umbrella Agree-
ment will provide safe-
guards and guarantees of
lawfulness for data trans-
fers, including provisions on
clear limitations on data use,
the obligation to seek prior
consent before any onward
transfer of data, the obliga-
tion to define appropriate
retention periods, and the
right to access and rectifica-
tion. Read the Umbrella
Agreement factsheet
Read the EC press release
April 2016 Issue nr. 15
DATA PROTECTION DATA PROTECTION NEWSLETTER
Issue Nr.10
HIGHLIGHTS Troubles for the Privacy
Shield
EU-US signs Umbrella
Agreement
SECURITY AND SURVEILLANCE
Myspace Data Breach
Snooper’s charter: the
remaining stages for ap-
proval
Canada: Face recognition
technology to identify
passports frauds
NEW TECHNOLOGIES EC drafts Code of Con-
duct for mobile health
app
EVENTS Data Protection Aware-
ness sessions: the out-
comes
Connect the citizens
summit in Amsterdam
SPEECHES AND PUBLICATIONS
HIGHLIGHTS
June 2016, Issue Nr.19
in the Agreement. In fact,
the Opinion on the EU-
U.S. Privacy Shield Draft
Adequacy Decision re-
leased by the EDPS on 30
May expresses mistrust
about the data transfer
framework’s ability to
protect EU citizens’ per-
sonal data in accordance
with EU law. Read the
press release.
The EDPS recognized
that the European Com-
mission’s draft adequacy
decision is an improve-
ment respect to the U.S.-EU
Safe Harbor Framework,
which was invalidated by the
Court of Justice for the Euro-
pean Union last October.
However, Mr Buttarelli cau-
tioned that “progress com-
pared to the earlier Safe
Harbor … is not itself suffi-
cient...since the Privacy
Shield “as currently designed
does not adequately include
… all appropriate safeguards”
to protect EU citizens’ priva-
cy “robust improvements are
needed” he said.
Troubles for the Privacy Shield
DID YOU KNOW
The EU-US Privacy Shield Agreement was designed to replace the Safe harbour which was struck down by the Court of Justice of the European Union (CJEU) following a complaint by privacy activist Max Schrems. The new agreement is aimed at restoring the trust of individuals in the transatlantic data transfers.
eu-LISA PUBLIC
On 31 May, Time Inc., own-
er of Myspace, confirmed
that the once-popular social
media site was hacked.
The leaked database con-
tained about 360 million
accounts with 427 mil-
lion passwords, according
to a Motherboard report.
This might be the biggest
data breach of all time. It’s
much bigger than the 117
LinkedIn passwords and
emails that leaked last
month from the 2012
LinkedIn hack and more
than the 2013 Target hack
that affected 70-110 million
customers.
MySpace has announced
that it is in the process of
notifying all affected users
and working proactively
with law enforcement au-
thorities to resolve this
issue. The data breach
countermeasures taken
includes the invalidation of
the passwords of all known
affected users and the
monitoring for suspicious
activity that might occur
on Myspace accounts.
The hack is being attribut-
ed to the Russian cyber-
hacker who goes by the
name “Peace.” This is the
same person responsible
for the LinkedIn and Tum-
blr attack too.
Read more here
MySpace Data Breach: 427 millions passwords leaked
Snooper's charter: the remaining stages for approval
The Snooper’s charter, has
been widely criticized ever
since it was proposed by
Home Minister Theresa
May in 2015, because it pro-
vides investigative agencies
the authority to conduct
mass surveillance over
citizens .
It is likely that Mrs Theresa
May will have to make
some privacy concessions in
order to see her bill ap-
proved by the Parliament.
There is a lot at stake. If
the Snooper Charter will
pass the scrutiny of the
British MPs, the public
trust in UK tech services
will be undermined and this
could determine the loss of
trust in freedom of expres-
sion and privacy online –
trust that would be impos-
sible to regain.
Read more here
On Monday 6 and Tuesday
7 June, British MPs will de-
bate in the House of Com-
mons the remaining stages
for the approval of the con-
troversial Investigatory
Powers Bill. The Bill, nick-
named Snooper Char-
ter, will provide a new
framework to govern the
use and oversight of investi-
gatory powers by law en-
forcement and the security
and intelligence agencies.
Page 2
SECURITY and SURVEILLANCE
“ 360 million accounts
with 427
million passwords
stolen”
SECURITY and SURVEILLANCE
DID YOU KNOW That if you want to check if you have an account that has been compromised in a data breach, visit the website haveibeenpwned.com The website is run by Troy Hunt, a web securi-ty expert, who had the idea of creating an open source tool including huge amount of hacked data. In the era of data breaches, a great busi-ness idea.
DID YOU KNOW That the Investigatory Pow-er Bill (nicknamed Snooper Charter) requires web and phone companies to store records of websites visited by every British citizen for 12 months for access by po-lice, security services and other public bodies. Moreo-ver, Makes explicit in law for the first time the powers of the security services and police to hack into and bug computers and phones. Read more here
DID YOU KNOW That when you choose your password you should follow the tips of the Guide to pass-word security. Ideally, each of your passwords would be at least 16 characters, and contain a combination of numbers, symbols, upper-case letters, lowercase let-ters. How Secure is my Password? To see if your password is secure enough click here. The website tells you how many seconds, days or years an hacker might take to crack your credentials.
eu-LISA PUBLIC
Canada: Face recognition technology to identify passports frauds
mendations, on 7 June 2016,
the European Commission
has drafted its Code of Con-
duct on privacy for mobile
health apps and submitted
for comments to the Art 29
Data Protection Working Par-
ty. Once approved by the
independent EU advisory
group, the Code will be ap-
plied in practice: App devel-
opers will be able to voluntar-
ily commit to follow its rules,
which are based on EU data
protection legislation.
The EC said the Code was
developed with all par-
ties in mind, including
SMEs and individual
developers who may
not have access to legal
expertise. It is expected
to raise awareness of
the data protection
rules in relation to
mHealth apps, and
facilitate and increase
compliance at the EU.
Read more here.
New apps are being devel-
oped at the speed of light
and legislators around the
world are busy revising ex-
isting, or drafting new, data
privacy legal frameworks.
Last February the Article 29
Working Party stressed the
need to create an intelligi-
ble legal framework for da-
ta processing apps, in par-
ticular for those collecting
and processing health data
(“mHealth apps”).
Following the WP29 recom-
Page 3
SECURITY and SURVEILLANCE SECURITY and SURVEILLANCE
NEW TECHNOLOGY
EC drafts Code of Conduct for mobile health apps
using biometrics — physical The photo-matching idea
emerged from concerns that people wanted by the Canada
Border Services Agency might use fake names to obtain
genuine Canadian travel documents from the Immigration
Department's passport program, say internal memos re-
leased under the Access to Information Act.
"Genuine Canadian passports and other travel documents
are of high value to persons who seek to establish false
identities," says a memorandum of understanding between
the border and immi-
gration agencies.
Read more here.
On 8 June, the Canada’s
Federal government offi-
cials revealed they used
facial recognition technol-
ogy to identify 15 suspects
wanted on immigration
warrants, who all used false
identities to apply for travel
documents.
The Liberal government
might make the facial-
recognition scheme perma-
nent to help find and arrest
people ineligible to remain
in Canada due to involve-
ment with terrorism, orga-
nized crime or human rights
violations. It's just the latest
example of federal efforts
to zero in on lawbreakers
DID YOU KNOW That Axl Rose, the Guns N’ Roses front-man, demands Google remove 'fat' photos from the web. The pho-to in question was tak-en at a concert back in 2010 and users poked fun at the singer’s weight gain through the years. Read more here Read Axl Rose open letter
DID YOU KNOW That the Article 29 Work-ing Party is composed of representatives of the national data protection authorities (DPA), the EDPS and the EC. The Group provides the Com-mission with expertize on data protection.
eu-LISA PUBLIC
On 7 and 8 June, the eu-
LISA Data Protection
Officer, Mr Fernando Silva,
held in eu-LISA Tallinn 2
Privacy Awareness Session:
Data Protection at eu-
LISA and Personal Data
Breach. While the first was
aimed at informing the staff
about the privacy principles
and data protection obliga-
tions and how they are be-
ing enforced and applied in
practice in eu-LISA, the sec-
ond was targeted at in-
structing the staff on how
to react in case of a data
breach. During the sessions
the DPO gave practical ex-
ample to show how the da-
ta protection legal and
compliance requirements
have an impact on the eu-
LISA staff professional envi-
ronment. The same Aware-
ness session are scheduled
for eu-LISA Strasbourg this
week.
ernments and businesses to
refine their policies and ser-
vices. Boosting connectivity
for EU citizens is therefore a
key priority for the Juncker
Commission, with the 2020
Digital Agendaand Digital
Single Market Strategy set
to boost innovation, eco-
nomic growth and jobs in
the EU.
Read more here
POLITICO’s Connected
Citizens Summit in Am-
sterdam on June 21 2016
will examine the challenges
and opportunities govern-
ments and the private sec-
tor face as they adapt their
policies and services to bet-
ter connect with citizens.
Connectivity helps patients
track their health, commut-
ers optimize their trips,
households manage their
consumption and citizens
engage in the democratic
process. Data allows gov-
Data Protection Awareness Sessions: the outcomes
Connected Citizens Summit, Amsterdam 21 June 2016
Page 4
EVENTS EVENTS
DID YOU KNOW That the Digital Single Market strategy, adopted by the European Commission on the 6 May 2015, creates opportunities for new startups and allows existing companies in a market of over 500 mln people. Completing a Digital Single Market could contribute € 415 billion per year to Europe's econo-my, create jobs and transform the public services. Read the Digital Single Market Factsheet.
DID YOU KNOW That on 9 November eu-LISA adopted the Policy and Procedure on Personal Data Breach Handling. The Policy is available here
eu-LISA PUBLIC
SPEECHES AND PUBLICATIONS
07 June 2016 The EDPS launches the Accountability Initiative. Read the latest blogpost. 06 June 2016 Videos of the first EDPS-Ethics Advisory Group Workshop are available here. 31 May 2016 Big Brother, Big Data and Ethics. Read the latest blogpost by Giovanni Buttarelli.
The Newsletter goes on holiday see you next August!
SPEECHES and PUBLICATIONS
This newsletter is issued by the eu-LISA Data Protection Officer appointed in 2014 in order to:
ensure eu-LISA compliance with data protection legal framework
provide eu-LISA with guidance in data protection compli-ance
register of the data processing operations available under the share drive: \\nas-tll\Common\Data protection
notify the EDPS the risky data processing operations
cooperate with the EDPS
AUTHORS Fernando Silva Data Protection Officer Marco De Santis Assistant
CONTACTS [email protected] + 372 604 2005
SOURCES EDPS website EDEN – Europol Data Protection Experts Network
LEGAL DISCLAIMER The content herein is drafted by the DPO and is provided for
general information purposes only. The newsletter may contain links to websites that are creat-ed and maintained by other organisations. The DPO does not necessarily endorse the views expressed on these websites. Pictures: © eu-LISA
About this Newsletter
