Tag Archives: stakeholders

Commission Nationale de l’Informatique et des Libertés (CNIL)

Launch by the GPEN of the 2016 Global Privacy Sweep in the “Internet of Things”

A Privacy Sweep or international evaluation dedicated to verify the respect of privacy in the Internet of Things was launched the 11 of April 2016. This initiative is coordinated by the Global Privacy Enforcement Network (GPEN), the international network pursuing to strengthen cooperation between the DPAs of different countries around the world, and will examine the data protection documentation and practices related to Internet connect devices.

DPAs are free to choose the categories of products that they will examine, (smart meters, smart watches, internet-connected thermostats…). The French CNIL has declared it wants to focus its investigation that will start in May 2016 in three different categories that could impact privacy in everyday life: Smart Home devices (connected cameras that are able to detect movement or measure the quality of air or smart-fridges that inform about expired products or smart meters), health items (blood pressure or glucose monitors that collect health related data) and wellness related objects (smart watches and bracelets that collect localization data or calculate the number of steps taken daily or the calories consumed). In practice, the CNIL will assess the quality of the delivered information, the security level of the data stream and the degree of user control over the operation of its personal data (consent, the exercise of its rights, deletion of data, etc.). By contrast, the Italian Garante will focus on only one issue: the Smart Home devices. The Irish Data Protection Commissioner, for its part, will review some devices such as smart electricity meters, fitness trackers and telematics. Other topics, like the examination of privacy communications on websites in which devices that relate to smart metering systems are found, will be studied by the Belgian Privacy Commission. Focussing on non-European DPAs, the Office of the Privacy Commissioner of Canada will examine the privacy practices in health devices.

Comissão Nacional de Proteção de Dados (CNPD)

The Portuguese Data Protection Authority launches its Activities Plan for 2016

On April 2016, the Portuguese Data Protection Authority (hereinafter, CNPD) published the “Plano de Atividades CNPD 2016”. This Plan provides a legal analysis which aims to address the transition to the new European legal framework for the current and following years.

More specifically, the subsequent actions has been defined:

1. The preparation for the implementation of the General Data Protection Regulation (GDPR);

2. New enforcement measures for data processing operations in the field of public sector and marketing communications.

This document also deals with handling of personal data in some specific areas such as; the identity theft, the personal data for administrative transparency reasons and the impact of Internet of Things on citizens’ privacy.

Besides, particular mention needs to be made to the Institutional Cooperation established in part E of the Plan more precisely, the establishment of new protocols with higher education institutions (first point), the implementation of the Center Safe Internet highlighting the area of ​​prevention in the field of data protection among young people using the Internet (fourth point), the Cooperation with the Cape Verdean counterpart authority, in exchange of information and experiences of the plan, technical training, integration in the various international data protection forums and support in the preparatory work for the recognition of the adequacy of data protection level (fifth point) and the consolidation of cooperation with the Personal Data Protection Office (OPPD) in the Region of Macao (sixth point).

Agencia Española de Protección de Datos (AEPD)

Final version of the Strategic Plan approved by the AEPD

On 20 November 2015, the Spanish Data Protection Agency (AEPD) approved its “Strategic Plan” for the period 2015-2019. The Plan is the result of the public consultation process from 15 to 31 October 2015.

A specific timetable to implement a wide range of actions has been created. In this sense, the AEPD has focused on the following areas.

Strategic axis n. 1: Prevention for a more effective protection (protection of citizens, protection of minors and education, actions in relation to public administrations, certification, accreditation and audit and other prevention measures).

Strategic axis n. 2: Innovation and data protection “Confidence factor and quality guarantee”

Strategic axis n. 3: A collaborative, transparent and participatory agency (the promotion of a culture of data protection, communication tools, website and dissemination)

Strategic axis n. 4: An agency closer to privacy authorities, officers and professionals (relationships with stakeholders, SMEs, privacy and IT professionals).

Strategic axis n. 5: A more agile and efficient agency (solution for international challenges, simplification and improvement in management, digital AEPD and definition of the AEPD status and competences).

This document is the result of a public consultation from 15 to 30 October. The final version includes the elaboration of an annual report with the level of compliance with the Strategic Plan, new proposals and any corrective measures to be taken in case of non-compliance.

The report will be sent to the Constitutional Committee of Congress and made public on the AEPD website.

Agencia Española de Datos Personales (AEPD)

Developing a new Strategic Plan with stakeholders by the AEPD

On 15 October 2015, the AEPD issued its “Strategic Plan” which will be implemented during the period 2015-2018. It aims to lay the foundations for the main priorities of the AEPD and a wide variety of stakeholders such as citizens, experts in data protection, data controllers and public and private organizations have been involved in drafting it.

At this moment, the Plan has been submitted to public consultation in order to set out a series of new initiatives which are structured in the following five main strategic areas: 1. Prevention to more effective protection; 2. Innovation and privacy: trust factor and quality assurance; 3. Measures for increasing collaboration, transparency and participation; 4. A more practical-oriented programme, closer to the needs of individuals, privacy controllers and professionals; 5. Enhancing efficiency.