«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (5e et dernière partie)

"Future" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

Depuis le début de cette série, la loi française en matière de notification des failles de sécurité a déjà changé. D’autres changements sont à venir, alors que Madame Viviane Reding expose son intention d’introduire une notification obligatoire des failles de sécurité pour les services bancaires et financiers et que la Commission européenne a lancé le 14 juillet dernier une consultation sur les règles pratiques de notification des violations de données à caractère personnel. (5e et dernière partie de notre série)

Rate this:

Advertisements

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (4e partie)

"Arc-en-ciel" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

Le rapport de l’Assemblée Nationale s’interroge également sur les garanties pour la confidentialité des données personnelles dans le ‘nuage’ et détaille les procédures légales d’exportation de ces données. (4e partie de notre série)

Rate this:

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (3e partie)

"Summer Moon" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

Le rapport de l’Assemblée Nationale s’intéresse également à l’informatique dans les nuages, le ‘cloud computing’, qui présente de nombreux avantages économiques pour les entreprises, et même pour les gouvernements, mais dont l’utilisation n’est pas sans risques pour la sécurité des données personnelles. (3e partie de notre série)

Rate this:

European Data Protection Supervisor Supports General Obligation to Report Security Breaches

"Sunlight" (Photo by Luc De Leeuw; shot on Feb. 3, 2008). Available at http://www.flickr.com/photos/9619972@N08/2422737815/ (Creative Commons "Attribution-NonCommercial-ShareAlike 2.0 Generic (CC BY-NC-SA 2.0)" license.)

The European Data Protection Supervisor has recently issued an opinion on the review of the EU legal framework for data protection (Directive 95/46/EC). It expresses concerns regarding the increasing difficulties for individuals to protect the privacy of their personal data, and calls for strengthening individuals’ rights over them. This can be done, the EDPS argues, by making security breach notifications mandatory for all relevant sectors, increasing transparency of processing for data subjects, and introducing new rights, such as the “right to be forgotten” and the “right to data portability”.

Rate this:

Article 29 Data Protection Working Party reports on implementation of Data Retention Directive

The Article 29 Data Protection Working Party has adopted on July 13, 2010 a report on the EU Data Retention Directive (2006/24/EC). This report is the Working Party’s contribution to the evaluation of the implementation of the Data Retention Directive by the European Commission, which is due by September 15, 2010. The report details the results of a joint inquiry made by the data protection authorities about the compliance, at the national level, with the obligations of telecom providers and Internet service providers with both the Data Retention Directive and articles 6 and 9 of the EU e-Privacy Directive (2002/58/EC).

Rate this:

Are ‘clouds’ located outside the European Union unlawful?

A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure.
Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.

Rate this:

  • Blog authors

  • Copyright notice

    © Copyright 2010-2014 "Information Security Breaches & The Law".
    All rights reserved, unless noted otherwise under each author's post, page or other material.
    If you would like to discuss licensing terms, contact us at: info [at] security-breaches [dot] com.

  • Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.

  • The “Global Information Security Breach Professionals” Group on Linkedin

  • Wordpress Blog Stats

    • 42,813 hits