As shared by the Commissioner for Data Protection, Helen Dixon, “The progress the DPC has made in 2020 provides a solid platform on which to build across our enforcement and complaint-handling functions in particular. The GDPR must be understood as a project for the now, but equally for the longer-term. The DPC intends to continue as a leader in its full implementation.”
According to the recently released cybersecurity guidance from the National Security Agency (NSA), as cybersecurity professionals defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats, embracing a Zero Trust security model and the mindset necessary to deploy and operate a system engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services.
Released in February of 2021, Norton Rose Fulbright’s 16th Annual Litigation Trends Survey highlights up-to-date insight on key US dispute trends including the changes and challenges presented by the COVID-19 pandemic. Additionally, in the areas of cybersecurity and data protection, the survey report notes that disputes have increased over the last several years, with 2020 being no exception. According to the survey report, 44 percent of respondents feel more exposed than they did 12 months prior and respondents report that past attacks have disrupted operations, with others sensing that their company size or industry makes them targets.
According to the recent article from European Digital Rights (EDRi), biometric surveillance dehumanizes us into lifeless bits of data, depriving us of our autonomy and the ability to express who we are. This is even more dangerous when applied to people who reach our countries escaping from violence, economic disasters, and environmental catastrophes. Meeting human beings with biometric surveillance technologies destroys our humanity.
According to Monique Verdier, the deputy chairperson for the Dutch Data Protection Authority, “Facial recognition makes us all walking bar codes. Your face is scanned every time you enter a store, a stadium, or an arena that uses this technology. And it’s done without your consent. By putting your face through a search engine, there is a possibility that your face could be linked to your name and other personal data. This could be done by cross-checking your face with your social media profile, for example.”
Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images.” PACS centralizes functions surrounding medical imaging workflows and serves as an authoritative repository of medical image information.
The recently adopted EDPB guidelines on examples regarding data breach notification complement the Article 29 Working Party guidance on data breach notification by introducing more practice-orientated guidance and recommendations. The guidelines, adopted on January 14, 2021, and available for public commentary, aim to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment.
According to the European Commission, the Digital Services Act is a comprehensive set of new rules, which regulate the responsibilities of digital services. Together with the Digital Markets Act, it will create a safer digital space for users of digital services, protecting their fundamental rights online. The Acts will also create a level playing field so that digital businesses can grow within the single market and compete globally.
According to the European Commission, the proposed Regulation on Data Governance (Data Protection Act) will create the basis for a new European way of data governance that is in line with EU values and principles, such as personal data protection (GDPR), consumer protection and competition rules. It offers an alternative model to the data-handling practices of the big tech platforms, which can acquire a high degree of market power because of their business models that imply control of large amounts of data.
This new report, “Data Retention Revisited,” published by the EDRi, critically revisits the question of data retention and concludes that the ongoing aspirations to reintroduce a data retention obligation in the EU remain in violation of EU law as long as the strict necessity of data retention is unproved and no genuinely targeted retention obligation is considered.