Dispatches From The IAPP Europe Data Protection Conference

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLPThe International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event.

Irish Data Commission Plans Cooke Banner Guidance

Irish Data Protection Commissioner Helen Dixon says the commission has completed a search and sweep of website cookie banners and will publish guidance on the subject using examples from the field as best practices and examples of what not to do.

Regulators Predict Next Frontiers in Privacy Regulation

  • Ulrich Kelber, German Federal Commissioner for Data Protection and Freedom of Information: Artificial Intelligence.
  • Helen Dixon, IDPC: genomics and personal health and connected cars.
  • Marie Laure Denis, president of French Data Protection Authority, CNIL: facial recognition and the associated technological, societal and ethical risks.

Regulators List Enforcement Priorities

Helen Dixon, IDPC

  • Majority of resources is dedicated to handling individual complaints.
  • Key sectors in complaints are social media, banking and telcos.
  • Majority of complaints are regarding access requests ignored completely or only partially responded to.
  • There has been a big increase in erasure requests.
  • DPC has not been able to set its own enforcement priorities. NGOs like Quadrature du Net and NYOB are setting the tone.
  • Fines are only one aspect of enforcement, not the most important.

Wojciech Wiewiórowski, assistant supervisor, European Data Protection Supervisor

  • We try not to be only complaints driven.
  • Ban of operations is a more important tool than fines.

Mathias Moulin, director of the Protection of Rights and Sanctions Directorate at CNIL

  • 70% of the complaints are from private sector
  • The goal isn’t to sanction, it’s to obtain compliance. If infringement is substantial, then yes, but the first move is not to sanction.

Karolina Mojzesowicz, deputy head of data protection at the European Commission

  • Sanctions need to be proportionate but also dissuasive.
  • Fines are helpful and useful tool.

EPDB Revising WP29 Guidance on Data Controller, Data Processor Concepts

CNIL’s Nana Botchorichvilli provided an update that the EDPB is currently revising the WP29 guidance on the concepts of “data controller” and “data processor.”  The guidelines will:

  • define the concepts and address the consequences of the status.
  • explain what the Article 28 Data Processing Agreement should contain and how it should be implemented
  • describe how a joint controllership relationship should be formalized: the form, the allocation of responsibilities, how to address the data subject right and how to communicate this to data subjects
  • focus on practical examples and illustrations.

Draft guidelines are expected Q1 2020.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide