Privacy law

Newsletter n°80

Friday, May 29, 2020 - 12:08am

It is testing the resilience of our societies as we respond to this global crisis and try to contain its consequences, both in the short and in the long run.

Key Points: 
  • It is testing the resilience of our societies as we respond to this global crisis and try to contain its consequences, both in the short and in the long run.
  • Covid-19 outbreak is also testing fundamental rights to data protection and privacy.
  • EU Member States, EU institutions and Big Tech companies are trying to explore solutions to tackle the uncontrolled spread of the virus.
  • As a result, the EDPS established a Covid-19 task force to follow developments and to prepare for the future of data protection and privacy after Covid-19 crisis.

Anapaya is Already Delivering on the Promises of 'New IP'

Thursday, May 28, 2020 - 10:04pm

Many western countries fear the proposed changes will enable central authoritarian control over the internet itself.

Key Points: 
  • Many western countries fear the proposed changes will enable central authoritarian control over the internet itself.
  • However, Anapaya already has an operational solution that meets all these needs and more.
  • "There seems to be a lot of controversy regarding the changes to internet routing standards that were proposed at the UN.
  • It's just pure freedom, agency and privacy in an online environment and that's why businesses are choosing to use Anapaya."

Tech Talk with the Regulators – Understanding Anonymization Under the GDPR

Thursday, May 28, 2020 - 9:00pm

The General Data Protection Regulation (GDPR) has already been in existence for four years, and has been in force for two years. How can anonymization techniques under the GDPR help Data Protection Officers (DPOs) assess innovation? I hosted a webinar with Truata that featured experts from DPAs in Italy, Ireland, and the UK to find out more about their perspective. The recording is available here (link to the webinar).  ‘A revision of the 2014 opinion on anonymization techniques is in the working program of the EDPB’ In 2014, the European data protection authorities, assembled in the Article 29 Working Party provided guidance in their opinion on anonymization techniques.

Key Points: 


The General Data Protection Regulation (GDPR) has already been in existence for four years, and has been in force for two years. How can anonymization techniques under the GDPR help Data Protection Officers (DPOs) assess innovation? I hosted a webinar with Truata that featured experts from DPAs in Italy, Ireland, and the UK to find out more about their perspective. The recording is available here (link to the webinar).  

‘A revision of the 2014 opinion on anonymization techniques is in the working program of the EDPB’
    • In 2014, the European data protection authorities, assembled in the Article 29 Working Party provided guidance in their opinion on anonymization techniques.
    • Giuseppe DAcquisto, Senior Technology Advisor at the Italian Data Protection Authority, said that some adjustments to the 2014 guidance are needed because there are unexplored aspects of anonymization in the GDPR: A revision of the 2014 opinion is in the working program of the EDPB.
    • Ultan OCarroll, Deputy Commissioner for Technology and Operational Performance at the Data Protection Commission in Ireland, said: The 2014 opinion is still as valid as it ever was, if not more so.
‘Unexplored aspects of anonymization in the GDPR’
  • D’Acquisto gave three examples where in his view the use of Privacy Enhancing Technologies (PETs) could play a role.
    1. On legitimate interest as a legal ground: “Anonymization techniques can become an element in the balancing test when you want to invoke legitimate interest.”
    2. On public interest as a legal ground: “Public interest is an opportunity when used in combination with national law.” He called on national legislators to explore the possibility of including the use of privacy-enhancing safeguards in laws.
    3. On the secondary, (in)compatible use of personal data for further processing: “Rethinking the 2014 opinion is useful to explore new opportunities for data controllers.”
    • It clarifies Article 6 of the GDPR which stipulates the lawfulness of processing.
    • Recital 50 states that the processing of personal data for purposes other than those for which the personal data were initially collected should be allowed only where the processing is compatible with the purposes for which the personal data were initially collected.
    • DAcquisto stressed that value could be added to data in the interest of the public when applying anonymization techniques as safeguards for our rights and freedoms.
‘Time to focus on privacy risk management’
    • Simon McDougall, Executive Director for Technology Policy and Innovation at the Information Commissioners Office in the UK, said that it is time to focus on privacy risk management: There is a tension between risk management and hard science.
    • They struggle with the concept of residual risk and the question of what risk to accept.
    • He also explained the benefits of a layered approach to privacy risk management, rather than a focus on a single technology.
    • Think of it as a Swiss cheese notion of [stacked] risk management measures, McDougall said.
‘Legal and technical competences are complementary to each other’
    • The broader questions around innovation, sharing of data, and repurposing of data have become particularly important in the context of COVID-19.
    • Accordingly, each of the experts expressed their advice for DPOs given the developments in anonymization technologies.
    • DAcquisto suggested that DPOs should not rely on either legal or technical competence alone.
    • A holistic approach is needed with legal safeguards, technical safeguards, and a path toward compliance.
‘DPOs: do not go alone; get help’
    • DPOs need to get access to scientists and to organizational people, but also to expert advice in terms of social science, cognitive science, interface design, or mathematics, for example.
    • Do not go alone; get help, he said.
    • Its not worth carrying forward without that because youll be asked questions that you may not think about.
    • Instead of thinking this is all incredibly complicated, they should try to understand what the risks are for the individual and the organization.
    • It is possible to keep up with it so you can then have the conversation with the right expert.

Vault Health Selects Workpath, the Only Healthcare Worker Dispatch Platform, to Deploy and Manage Thousands of Healthcare Workers to Oversee At-Home COVID-19 Tests

Thursday, May 28, 2020 - 3:07pm

Vault Health, a startup specializing in healthcare for men, has already been using Workpath to dispatch mobile healthcare workers to its patients for blood testing.

Key Points: 
  • Vault Health, a startup specializing in healthcare for men, has already been using Workpath to dispatch mobile healthcare workers to its patients for blood testing.
  • Since early May, Vault Health has been providing FDA EUA approved saliva tests from RUCDR Infinite Biologics and Spectrum Solutions across the United States.
  • Vault chose Workpath's HIPAA-compliant, mobile healthcare management platform to seamlessly schedule and manage Vault healthcare providers' digital supervision of patients who require a COVID-19 saliva test.
  • Vault has the capacity to process over 30k tests a day in all 50 states.

STARK's CEO Stefan Leipold Was Accepted Into Forbes Business Council

Wednesday, May 27, 2020 - 7:00pm

NEW YORK, May 27, 2020 /PRNewswire/ -- STARK's CEO Stefan Leipold (inventor of the original, patented world's first Magnetic Privacy Screens with Camera Shutter for Apple and Microsoft devices), has been accepted into the Forbes Business Council, the foremost growth and networking organization for successful business owners and leaders worldwide.

Key Points: 
  • NEW YORK, May 27, 2020 /PRNewswire/ -- STARK's CEO Stefan Leipold (inventor of the original, patented world's first Magnetic Privacy Screens with Camera Shutter for Apple and Microsoft devices), has been accepted into the Forbes Business Council, the foremost growth and networking organization for successful business owners and leaders worldwide.
  • Stefan Leipold was vetted and selected by a review committee based on the depth and diversity of his experience.
  • "We are honored to welcome Stefan Leipold into the community," said Scott Gerber, founder of Forbes Councils, the collective that includes Forbes Business Council.
  • As an accepted member of the Council, Stefan has access to a variety of exclusive opportunities designed to help him reach peak professional influence.

The Center for Health Affairs and ecfirst Partner to Help Hospitals Navigate COVID-19 Cybersecurity, Compliance Risk

Tuesday, May 26, 2020 - 8:30pm

CLEVELAND, May 26, 2020 /PRNewswire/ -- The Center for Health Affairs today announced a new partnership with ecfirst, a regulatory compliance security training provider.

Key Points: 
  • CLEVELAND, May 26, 2020 /PRNewswire/ -- The Center for Health Affairs today announced a new partnership with ecfirst, a regulatory compliance security training provider.
  • This partnership will help Northeast Ohio hospitals navigate increased cybersecurity and compliance complexities by offering education events, certification training programs and on-demand consulting to address HITRUST, HIPAA, NIST and more.
  • About The Center for Health Affairs: With a rich history as the nation's first regional hospital association, The Center for Health Affairs ( www.neohospitals.org ) has served as the collective voice of Northeast Ohio hospitals for more than 100 years.
  • The TRACERSM cyber portal, complimentary, from ecfirst, provides a platform for cyber and compliance risk management.

Questionmark Launches ‘GDPR for business professionals’ to Guard Against Fines and Breaches

Tuesday, May 26, 2020 - 1:46pm

GDPR for business professionals will tell organizations how well their people understand their responsibilities.

Key Points: 
  • GDPR for business professionals will tell organizations how well their people understand their responsibilities.
  • Only 20% believe they are fully GDPR compliant.1 Yet a breach in GDPR can incur a fine of 20million.
  • GDPR for business professionals will give organizations confidence that relevant staff members understand whats expected of them.
  • It now provides ready-made assessment content, such as GDPR for business professionals , as well as the assessment platform and professional services.

HIPAA Compliance Fast Track Released by Securicy to Help Businesses Serve US Healthcare Organizations

Tuesday, May 26, 2020 - 1:00pm

"HIPAA Compliance Fast Track provides an efficient path to become a vendor for the healthcare industry, which would otherwise be a time and resource-intensive undertaking for many businesses.

Key Points: 
  • "HIPAA Compliance Fast Track provides an efficient path to become a vendor for the healthcare industry, which would otherwise be a time and resource-intensive undertaking for many businesses.
  • "If more businesses can achieve HIPAA compliance, the healthcare industry would benefit by gaining access to innovative solutions.
  • While the requirements for HIPAA compliance can prove difficult to implement for many businesses, the HIPAA Compliance Fast Track is designed to give business leaders clear steps, compliance reporting, and a central hub for managing everything.
  • Securicy's HIPAA Compliance Fast Track includes the following tools and resources for businesses:
    Security Gap Analysis and Planning for HIPAA Compliance: This technical assessment of the current security measures and infrastructure at a business identifies gaps in compliance with HIPAA.

CUJO AI Recent Survey Reveals U.S. Internet Users' Expectations and Concerns Towards Privacy and Online Tracking

Tuesday, May 26, 2020 - 12:09pm

EL SEGUNDO, Calif., May 26, 2020 /PRNewswire/ -- CUJO AI, theleader in AI-powered Digital Life Protection services, today releaseda new report titled "Consumer Privacy and Online Tracking Perceptions 2020", revealing Internet users' privacy concerns and expectations.

Key Points: 
  • EL SEGUNDO, Calif., May 26, 2020 /PRNewswire/ -- CUJO AI, theleader in AI-powered Digital Life Protection services, today releaseda new report titled "Consumer Privacy and Online Tracking Perceptions 2020", revealing Internet users' privacy concerns and expectations.
  • CUJO AI surveyed more than 4,500 Internet users across the United States to discover:
    The survey was designed to address key topics related to privacy and online tracking: known threats, means to fight them, diverse opinions toward tracking, and responsibility.
  • Astaggering number of respondents, 65.1%, think that Internet service providers are in the position to protect them from unwanted tracking.
  • Addressing the broader concerns about privacy is more important than fighting particular threats.

ICC Launches AOKpass Declaration for COVID-19 Health Data Protection

Monday, May 25, 2020 - 11:00am

The International Chamber of Commerce (ICC) has today launched the ICC AOKpass Declaration on COVID-19 Health Data Protection .

Key Points: 
  • The International Chamber of Commerce (ICC) has today launched the ICC AOKpass Declaration on COVID-19 Health Data Protection .
  • Launched on General Data Protection Regulation (GDPR) Day in celebration of the landmark data privacy protection laws in the European Union the Declaration signals a bold vision for a post-COVID-19 world, working together for recovery, prosperity and the upholding of health data protection as a basic human right.
  • The Declaration expressly supports placing strict health data privacy at the core of COVID-19 compliance standards and verification systems, vital for recovery efforts.
  • The ICC AOKpass system, endorsed under the Declaration, will provide an international technical standard for COVID-19 compliance with strict inbuilt health data protection (also known as privacy-by-design under the GDPR).