20 Feb LawBytes #33 – Canadian guidelines on privacy consent and Malta blockchain cybersecurity consultation
LawBytes #33 deals with the Candian guidelines on privacy consent and the consultation on blockchain industry cybersecurity launched by the Maltese financial regulator.
Privacy – the Canadian data protection authority issues new guidelines on obtaining privacy consent
Under privacy laws, organizations are generally required to obtain meaningful consent for the collection, use and disclosure of personal information.
However, advances in technology and the use of lengthy, legalistic privacy policies have hindered the control and personal autonomy that should be enabled by such consent.
In order to fix the “consent dilemma” the Privacy Commissioners of Canada, Alberta and British Columbia have jointly issued guidelines to help organizations to find innovative and creative solutions for developing a consent process that respects their specific regulatory obligations as well as the nature of their relationship with their customers.
Examining the current state of consent, including challenges and potential solutions the guide provides practical and actionable guidance and sets out seven guiding principles to obtain meaningful consent:
- Emphasize key elements
- Allow individuals to control the level of detail they get and when
- Provide individuals with clear options to say “yes” or “no”
- Be innovative and creative
- Consider the consumer’s perspective
- Make consent a dynamic and ongoing process
- Be accountable – stand ready to demonstrate compliance
The guidelines came into effect in January 2019 and are now applied by the above mentioned Privacy Commissioners when evaluating organizational conduct. Although this document is not applicable within the EU legal framework, it provides interesting globally-applicable suggestions for companies willing to find alternative and innovative solutions to obtain a valid and solid legal basis for the processing of personal data.
If you are interested in this topic don’t miss our previous posts: “How privacy consent changes with the GDPR?” and “Legitimate interest and privacy consent, how to use them under the GDPR?“.
Fintech – the Maltese Financial Authority launches a consultation on its cybersecurity guide for blockchain industry
Recent technological advancements such as blockchain (also known as distributed ledger technology) foster innovation within the financial services industry, but they also introduce new cybersecurity issues.
Confirming its leadership in the legal framework around virtual financial assets, the Malta Financial Services Authority (MFSA) has recently issued a short guide which provides a minimum set of best practices and risk management procedures to be followed in order to effectively mitigate cybersecurity risks associated with new technologies such as blockchain.
The MFSA is seeking feedback from the crypto-industry community before proceeding with the adoption of the guidance. The document in now open to consultation from stakeholders until the 8th of March.
Maybe Malta, which is known as a “blockchain island” due to its crypto-friendly politics, is leading the blockchain regulation rush, but it definitely is not the only government which has taken a supportive stance toward the blockchain and crypto industries.
States are competing on a global scale to become the next hotspot for cryptocurrency companies and as previously discussed here, the blockchain technology will unleash its full disruptive potential in key business sectors in 2019, so better be ahead!
If you are interested about this topic be sure not to miss our previous post: “Blockchain regulation rush continues” and “Cyber attacks business risk and crypto-assets challenges“.
I am Tommaso Ricci, you can drop me a line @ [email protected]. Read the previous issues of LawBytes here and register to our newsletter. Also don’t forget to try Prisca our GDPR chatbot described HERE