Tag Archives: Sweep

Commission Nationale de l’Informatique et des Libertés (CNIL)

CNIL issues Internet Sweep Outcomes on Connected Devices
On September 23, 2016, the French Data Protection Authority (CNIL) issued the outcomes of the Internet sweep on connected devices that was created last May to evaluate the quality of the information that operators provide to end users but also the level of user empowerment and the degree of security of the personal data.
This initiative, announced by the CNIL last April, organised by the Global Privacy Enforcement Network (GPEN), lies within a coordinated online audit to analyse the impact of ordinary IT- devices.
It was made up of data protection authorities throughout the world and more than 300 connected devices were examined and audited. Specifically in France, 12 connected devices were tested by the CNIL in the field of home automation, health and well-being and this administrative regulatory body concluded that:
1. Users of connected devices are not adequately informed of the processing of their personal data as the product did not provide users appropriate information about how their personal data will be processed.
2. Users have an acceptable degree of control over their personal data as the personal data was subject to the user’s consent.
Like the other DPAs, the CNIL announced that it reserves the right to conduct more inspections in order to assess the compliance of connected devices to the French Data Protection Act.

Data Protection Commissioner (Ireland)

GPEN Sweep – Internet of Things

“A Sweep of how Internet of Things (IoT) devices use personal data, and how users are kept informed, is being undertaken this week by 29 data protection authorities around the world.

In Ireland, the review will involve an in-depth look at IoT devices available to users in this jurisdiction such as smart electricity meters, fitness trackers and telematics, and consider how well companies communicate privacy matters to their customers.

The combined results of the Sweep will be published in September. Authorities will also consider action against any devices or services that are found to be breaking data protection laws.

The work is coordinated by the Global Privacy Enforcement Network (GPEN) and follows previous reports on online services for children, website privacy policies and mobile phone apps. GPEN is an informal network of data protection agencies from around the globe. Its aim is to foster cross-border cooperation among privacy regulators in an increasingly global market in which commerce and consumer activity relies on the seamless flow of personal information across borders. Its members seek to work together to strengthen personal privacy protections in this global context. For more about the Global Privacy Enforcement Network, please click on the following link: https://www.privacyenforcement.net/

Autoriteit Persoonsgegevens

International privacy scan apps for kids

The Dutch Data Protection Authority (CBP) has participated in an international scan focused on apps and websites for children. 29 different privacy regulators from around the world participated in the scan. All have held their own national scan. They have nearly 1500 of the most popular apps and websites in total under the microscope. 67% apps collected personal data on children. Also many of the apps and websites provide links to content which the fall outside the safe online environment of the app.

CBP concludes its from its state scan inter alia, that for most apps it is not possible to assess what the app actually does, what personal data are processed by it, and for what purpose. Parents should be able to find comprehensive information in the app store to download in an easy way.

The international scan is organized by the Global Privacy Enforcement Network (GPEN), an international alliance of privacy authorities. When the scan is looking at privacy issues such as the provision of information in the app store, the personal data to be entered when installing and or using ad networks.

Agencia Española de Protección de Datos (AEPD)

First sectoral inspection in Europe on cloud services in the educational field

On 22 July 2015, the Spanish Data Protection Agency (AEPD) published the First Sectoral Inspection Plan as a result of the progress of new technologies that affects the data in schools, especially through Cloud Computing.

The AEPD identifies the main actors involved in the cloud service performance in the education sector. It verifies the guarantees adopted and, in particular, the security measures implemented by each of the operators in order to ensure the security and integrity of the data.

It concludes with a series of relevant facultative recommendations intended to change the digital environment, the further development of new models in a respectful frame with the Spanish Data Protection Act (LOPD) and alerting stakeholders on the necessary compliance with Spanish legislation on data protection.