09 Jan LawBytes #27 – Privacy hotspot at CES 2019 and EDPS data breach guidelines
LawBytes #27 deals this week with the privacy heat at Las Vegas CES and the EDPS data breach guidelines for EU institutions and bodies.
Privacy – Data protection plays a key role at CES 2019
Among taxi drones, bread baking bots, foldable TV screens and underskin sensors to monitor health functions, the 2019 Las Vegas CES confirms to be one of the hottest tech-related events of the year with privacy related topics that got considerable attention.
Newcomers and worldwide leading producers “compete” during this global stage where next-generation innovations are introduced to the marketplace.
The top trending topics of this year are:
- AI-based applications, ranging from IoT wearable systems to self-driving vehicles to improve smart-cities circulation efficiency;
- 5G networks, drastically improving electronic communications potential bringing new opportunities for tech industries and major benefits for TMT service providers; and
- Privacy and cyberscurity, as after the GDPR and the California Consumer Privacy Act (CCPA) 2018 and cyber attacks, ICT players are striving to build a privacy compliant reputation towards consumers to maintain (or avoid losing) market trust.
“What happens on your iPhone stays on your iPhone” Apple says in the message to be seen by tens of thousands attending the tech show and this does not come completely out of the blue and instead can be considered as the natural outcome of a global trend.
Tech companies are adopting a
“Privacy by cool approach“
which hopefully would not just serve as new marketing weapon, but underlines the urge for organizations across the globe not only to adopt privacy compliant data handling practices, but also to prove that such practices are effectively implemented and are part of the company’s culture.
In this sense, adopting a privacy by design proactive approach confirmed to be crucial at CES 2019 for companies willing to be able to address the inconsistent regulations across multiple jurisdictions and overcome the technical limits in order to meet the markets’ needs while looking ahead toward regulations yet to come.
If you are interested in this topic don’t miss our previous posts: “Privacy by design, how to do it at the time of the GDPR?” and “EU Electronic Communications Cod and AI ethical charter“.
Data Breach – EDPS releases new notification guidelines
After the issue of the guidelines on data breach notification by private entities, the European Data Protection Supervisor (EDPS) recently issued its “Guidelines on Personal Data Breach Notification” for EU institutions and bodies.
The Guidelines outline the approach that EU institutions should take to adequately respond to a personal data breach and provide practical advice on how to comply with the data breach provisions of the GDPR for EU institutions.
Indeed, under the new Regulation (EU) 2018/1725, EU institutions and bodies have a duty to report certain types of data breaches to the EDPS.
Although the Guidelines are addressed to EU institutions, they provide an interesting insight on the EDPS point of view as they practically describe:
- what a data breach is;
- how to assess a data breach;
- how to document a data breach;
- how to communicate a data breach to data subjects; and
- how to notify a data breach to the EDPS (a template of the notification form is provided too).
Lastly, according to the EDPS, the obligation to notify the data breach should not only act as a deterrent but also encourage organizations to do everything in their power to prevent breaches from occurring in the first place and data breach related procedures shall not replace or supersede any security incident handling process or procedure, instead they should be integrated with such an incident handling process or procedure.
On this topic be sure not to miss our previous post: “Your To-Do list to get ready for a personal data breach under the GDPR“.
I am Tommaso Ricci, you can drop me a line @ [email protected]. Read the previous issues of LawBytes here and register to our newsletter. Also don’t forget to try Prisca our GDPR chatbot described HERE