Latest Articles

As we reported in May 2014, the Federal Trade Commission (FTC) convened stakeholders to explore whether health-related information collected from and about consumers — known as consumer-generated health information (CHI) — through use of the internet and increasingly-popular lifestyle and fitness mobile apps is more sensitive and in need of more privacy-sensitive treatment than other consumer-generated data. One of the key questions raised during the FTC’s CHI seminar is: “what is consumer healthinformation”?  Information gathered…
On the third anniversary of the EU Commission’s proposed new data protection regime, the UK ICO has published its thoughts on where the new regime stands. The message is mixed: progress in some areas but nothing definitive, and no real clarity as to when the new regime may come into force. The legislative process involves the agreement of the European Commission, the European Parliament and the Council of Europe (representing the governments of the member…
On 12 June 2014, in a letter from the Article 29 Data Protection Working Party to the President of the European Parliament, the Working Party has defended, and urged the EU institutions to discuss, Binding Corporate Rules for Processors (BCR-P) in respect of the forthcoming EU General Data Protection Regulation. In its letter, the Working Party clarifies its views on BCR-P, outlines the safeguards that BCR-P offer and addresses concerns that have led some to…
On May 30, 2014, the European Union’s Article 29 Data Protection Working Party adopted “Statement on the role of a risk-based approach in data protection legal frameworks” (WP281).  The Working Party, made up of EU member state national data protection authorities, confirmed its support for a risk-based approach in the EU data protection legal framework, particularly in relation to the proposed reform of the current data protection legislation.  However, with a view to…
On April 10, 2014, the European Union’s Article 29 Data Protection Working Party adopted ‘‘Opinion 05/2014 on Anonymisation Techniques’’ (WP216).  The Working Party, made up of the national data protection authorities of the EU member states, acknowledges that there is no one-size-fits-all solution and that most anonymisation techniques have inherent limitations. However, the publication of the Opinion is timely, as ever-increasing amounts of data are being captured via devices and networks, stored cheaply and interrogated…
On the heels of 2014 predictions from the U.S.-based Of Digital Interest (ODI) editorial team, following are some predictions from our London-based editor, Rohan Massey: Security breaches Recent security breaches concerning consumer data in the retail industry have demonstrated the damage breaches of this kind can have on a business’ brand, with potential impact on share price. Such breaches highlight the pressing need for robust data security measures, and the commercial importance these issues can…
Data Protection Day 2014 (January 28) aims to raise awareness around what kind of data is collected about individuals, how it is used and why. In marking this year’s Data Protection Day, Vice-President Viviane Reding, the EU Justice Commissioner, is calling for “a new data protection compact for Europe.”  Reding continues to focus on EU data protection reform, with the objective of the swift adoption of the current draft Regulation and believes it…
On December 4, 2013, the Article 29 Data Protection Working Party (Working Party) endorsed the data protection reform package presented by the European Commission, strongly encouraging all relevant parties to adopt the reform package and determine a final text prior to the end of the term of the current EU legislature. The Working Party notes the challenges that are brought about by technological developments in the digital economy and globalization, leading to a simultaneous need…