Discover and read the best of Twitter Threads about #eudatap

Most recents (14)

Birgit Sippel mentioning how "some Member States" **coug cough** France **coug cough** are ready to ignore primary and secondary EU law #EUdataP
She mentions the @laquadrature case and the fact that the French Conseil d'État is encouraging to disregard CJEU law. She asks what the Commission is planning to do if that were to happen.
Read 13 tweets
And the text fo the long awaited #DigitalServicesAct Proposal is here! One day early, thanks to @SamuelStolton and his sources. One key thing to note is that the DSA is clearly without prejudice to both the GDPR and the ePrivacy Directive...… 1/n #DSA
which technically means that it applies on top of them and in case of conflict, the provisions in the #GDPR and the ePrivacy Directive prevail. There are 2 areas of interaction that immediately pop-up. First, the rules on recommender systems and online advertising 2/n #DSA
Both of these certainly rely on processing of personal data. But it seems there is broad convergence between the existing #EUDataP regime and the proposed #DSA, especially in relation to transparency and rights to explanation 3/n #DSA
Read 13 tweets
The EU Commission published the draft of the new #SCC for international data transfers today. Below, a first summary on the draft:

In short, the SCC now include “most” of the GDPR’s provisions. They will help large groups and limit business opportunities for SME. #EUDataP #GDPR
The main part is Section II – Obligations of the parties:
It contains detailed obligations on complying with GDPR requirements for Importers and – mainly – Exporters in Clauses 1, 4-9.

Clauses 2 and 3 describe the process of analyzing third countries’ laws.
Clause 2 requires warranting the GDPR’s obligations: The Parties need to conduct an audit based on specific circumstances on the law in the third countries. Documentation and supplying the audit to the Supervisory authorities on request is necessary.
Read 12 tweets
Petit thread #privacy sur l'annonce de la fermeture de #Fidzup, attribuée par son CEO à la mise en demeure de la @CNIL dans son article Medium :… #GDPR #EuDataP
Dans sa lettre, O. Magnan-Saurin indique 2 fois qu'il ne remet pas en cause le fond de la procédure. Mais de petits indices laissent penser qu'il n'a pas forcément saisi ce fond : il indique que les données collectées par Fidzup sont des données "non nominatives et anonymes".
Si c'était bien le cas, la loi Informatique et Libertés (seule applicable à la procédure de 2017 contre Fidzup) n'aurait pas trouvé à s'appliquer. Les données collectées sont bel et bien des données personnelles : c'est bien sûr tout leur intérêt pour les clients de Fidzup !
Read 19 tweets
Hey Privacy peeps! Are you lost on the #GDPR implementation? Here is a the State of play in the Member States: cc #EUdataP #privacy #RGPD. If you have comments or any update, let me know. @EU_EDPB is it possible to have an official list on your website?
AT: The law covering both the GDPR and the Law EnforcementDirective has been adopted by Parliament and enteredinto force on 25.5.2018. The text can be found under the following link:…
Moreover, AT has adopted two amendments to the new data protection law, which likewise enteredinto force on 25.5.2018. The texts can be found under the following…
Read 37 tweets
Here is a little thread you need to know about the #GDPR and accountability 👇👇
#eudatap #privacy
Chapters 2, 5 and 9 #GDPR contain the rules for processing personal data. However, 100% compliance with these rules is impossible in practice. #eudatap #privacy
So, during the #GDPR negotiations, the EU Council of Ministers pushed hard on the accountability principle enshired in Chapter 4. They called it "the risk-based approach". #eudatap #privacy
Read 16 tweets
Irish data protection authority: U.S. law doesn't provide remedy for unlawful processing of personal data. There is no way of knowing when or by whom personal data has been accessed.
Irish data protection authority: U.S. legal regime doesn’t legal remedies such as access, erasure or rectification of the data. The Ombudsperson mechanism is not enough to make up for these "deficiencies."
Reminder: The Ombudsperson mechanism is also used for the #PrivacyShield.
Read 91 tweets
Steadily approaching #GDPR anniversary and I see two big & fundamental issues everyone is really struggling with:
1️⃣Lawful grounds for processing
One is as old as #EUdataP law itself but the #GDPR has injected new impetus. The other is yet to be learnt properly. Thread⬇️
There are three grounds for processing that get 99% of the attention:
1️⃣Consent seems easy & solid, but it is the most difficult.
2️⃣Contractual necessity is yet to be explored & debated properly.
3️⃣Legitimate interest is seen as the holy grail but remains largely misunderstood.
The standards for valid consent will eventually be settled by #CJEU but it is clear that #GDPR raises the bar well above what has become common practice (think cookie banners & ‘take it or leave it’ approaches). So consent is bound to become the residual option, not the default.
Read 6 tweets
How is & how should #EUDataP of #journalism #media develop under #GDPR? Here are some thoughts based on a talk I gave to @sciencespo and @HECParisLaw late last year.…
(1) State law remains highly divergent but the great majority recognise that qualified DP requirements and partial DPA supervision should apply to journalism.
(2) This law, the GDPR itself and the EU Charter all point to a continued, albeit sensitive role, for DPAs here. But these agencies have many other demands and remain highly resource constrained.
Read 6 tweets
@winfriedveil @PrivacyMatters @WieseSvanberg @hartzog It is not me or you who ultimately say #EUDataP is about control or not. We are not talking about an intellectual construct here, but about a fundamental right distinct than privacy, protected at constitutional level in the European Union. A constitutional order which 1/14
@winfriedveil @PrivacyMatters @WieseSvanberg @hartzog is guaranteed by the Court of Justice of the EU, which beautifully laid out in several of its cases what this right is and is not. Look for example at para 48 in Nowak, where the Court explains that data protection principles are “reflected” 2/14
@winfriedveil @PrivacyMatters @WieseSvanberg @hartzog in accountability obligations of the controller & in the rights that are conferred to the person to know about the processing, see the data, to request correction and even to object. Speaking of the right to object, it’s one of clearest manifestations of control in #EUDataP 3/14
Read 14 tweets
1. Good piece on where business is up to on #GDPR & personalisation:… However, #ePrivacy Directive sets out cookie consent req unless "strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested"
2. There is significant EU case law on "strict necessity", as well as some on "explicit" & "specific" consent. It does not really suggest a "take-it-or-leave-it" rather than opt-in approach to additional "services"/"intrusions" (depending on your perspective) is OK/"debatable".
3. Rather it strongly points to such an approach being NOT legally OK. That may be inconvenient to #ecommerce & even v silly on the part of #EUDataP. However, those factors alone cannot change the meaning of v specifically crafted law, albeit law widely bent (or ignored) online.
Read 5 tweets
When people agonise about being ‘ready’ for #GDPR, think about this: How can anyone be ready when we are all still debating which lawful grounds for processing (consent/contractual necessity/legitimate interests) apply to some of the most common uses of data? 1/4
Aside from obvious cases, determining the lawful ground for processing is a critical aspect of #EUdataP which is extremely difficult to get right, because it rests on the correct legal interpretation of complex concepts like ‘consent’, ‘necessity’ & ‘rights and freedoms’ 2/4
But since under #GDPR you have to reveal which lawful ground you rely on, everyone is taking a view which may or may not be right in the end. We simply don’t know with 100% certainty and it will take years of enforcement and court decisions to know for sure. 3/4
Read 4 tweets
Back in Brussels 🇪🇺 after 3 weeks in DC & NYC 🇺🇸

High on my 'To do' list:

Catching up on avalanche of news on #CambridgeAnalyticaFiles.
Starting here:

‘I made Steve Bannon’s psychological warfare tool.’

Meet @chrisinsilico, the data war whistleblower.

#CambridgeAnalyticaFiles #CambridgeAnalytica
#InformationWarfare #BigTech #BigData…
Read & follow @carolecadwalla for outstanding reporting on the big, dark tangled web of Brexit, Trump, Russia -- and how Facebook, Cambridge Analytica, WikiLeaks, Bannon, the Mercers, are involved.

#CambridgeAnalyticaFiles #BigTech #BigData…
Read 19 tweets
Wide debate on #eprivacy right now. I see a lot of misunderstandings, let me clarify a few things (& further info:
Should I not be asked before my emails are accessed and used? Don't you think the same? Is this asking too much? #eprivacy
New #eprivacy rules = more flexibility for all businesses to process communication data w/ user consent. Under current rules #telecoms can't
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!