The Article 29 Data Protection Working Party has adopted on July 13, 2010 a report on the EU Data Retention Directive (2006/24/EC). This report is the Working Party’s contribution to the evaluation of the implementation of the Data Retention Directive by the European Commission, which is due by September 15, 2010. The report details the results of a joint inquiry made by the data protection authorities about the compliance, at the national level, with the obligations of telecom providers and Internet service providers with both the Data Retention Directive and articles 6 and 9 of the EU e-Privacy Directive (2002/58/EC).
Filed under Cédric Laurant, English, EU Law, Europe, European Union, Marie-Andrée Weiss, Outlines, Reports & Surveys · Tagged with access control, access request, Article 29 Data Protection Working Party, authentication, back-up, biometrics, cloud computing, cloud computing system, confidentiality, contractual clauses, Council of Europe Recommendation R(87)15, data deletion, data security, data security breaches, data security principles, digital signature, dual authentication, encryption, EU Data Retention Directive, EU Directive 95/46/EC, EU e-Privacy Directive, European Commission, European data protection authorities, external audit, handover procedures, in-house policies, integrity, law enforcement authorities, LEA-accessible systems, log integrity, log retention, logs, mutual assistance and cooperation, mutual authentication, non-repudiation, outsourcing, password, personal data, retained data, retention period, security audit, security certification, security policy, security standards, self-regulation, sensitive information, sensitive personal information, system administrator, system maintenance, technical and organizational security measures, third party certification, tracking, traffic data, warrant
On April 29, 2010, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union. One of these repercussions is that German organizations exporting personal data to the United States should check if the U.S. data importer does indeed comply with the Safe Harbor Framework. Security plan recommendations will provide for a useful guideline to E.U. data exporters to help them comply with the Safe Harbor’s Security Principle.
Filed under Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, North America, United States · Tagged with adequacy requirement, adequate level of data protection, Article 25 (EU DP Dir.), Article 26(2) (EU DP Dir.), Article 29 Data Protection Working Party, Best Buy, Binding corporate rules, Bundesdatenschutzgesetz, co-regulation, contractual clauses, data exporter, data importer, data security breaches, data security plan, Düsseldorfer Kreis, DSW, due diligence, encryption, EU Directive 95/46/EC, European Commission, European data protection authorities, German Federal Data Protection Act, Germany, independent auditing firm, information security, ISO, ISO 27000, loss, misuse, personal data, personally identifying information, privacy policy, RealNetworks, reasonable security measures, Safe Harbor Framework, Safe Harbor Security Principle, Safe Harbor self-certification, Safe Harbor self-certified organizations, self-regulation, sensitive personal information, third countries, transborder data flows, unfair and deceptive practice, US Department of Commerce, US Department of Transportation, US False Statements Act, US Federal Trade Commission, US Food and Drug Administration
The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance
Posted by "Security Breaches" Administrator on July 9, 2010 · 2 Comments
On April 29, 2010, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union. One of these repercussions is that German organizations exporting personal data to the United States should check if the U.S. data importer does indeed comply with the Safe Harbor Framework. Security plan recommendations will provide for a useful guideline to E.U. data exporters to help them comply with the Safe Harbor’s Security Principle.
Rate this:
Filed under Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, North America, United States · Tagged with adequacy requirement, adequate level of data protection, Article 25 (EU DP Dir.), Article 26(2) (EU DP Dir.), Article 29 Data Protection Working Party, Best Buy, Binding corporate rules, Bundesdatenschutzgesetz, co-regulation, contractual clauses, data exporter, data importer, data security breaches, data security plan, Düsseldorfer Kreis, DSW, due diligence, encryption, EU Directive 95/46/EC, European Commission, European data protection authorities, German Federal Data Protection Act, Germany, independent auditing firm, information security, ISO, ISO 27000, loss, misuse, personal data, personally identifying information, privacy policy, RealNetworks, reasonable security measures, Safe Harbor Framework, Safe Harbor Security Principle, Safe Harbor self-certification, Safe Harbor self-certified organizations, self-regulation, sensitive personal information, third countries, transborder data flows, unfair and deceptive practice, US Department of Commerce, US Department of Transportation, US False Statements Act, US Federal Trade Commission, US Food and Drug Administration