This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 9 Issue: 11
(November 2012)


Peter Hustinx, the European Data Protection Supervisor (EDPS), issued an Opinion on cloud computing on 16 November 2012, clarifying and providing further guidance on how to ensure the effectiveness of data protection measures and the use of Binding Corporate Rules (BCRs), and developing best practice on issues such as data retention, data portability and controller/processor responsibilities, among others. / read more

The UK Information Commissioner's Office (ICO) published - on 20 November 2012 - its code of practice entitled 'Anonymisation: managing data protection risk'. The Code states that '100% anonymisation is the most desirable position, but it is not the test the Data Protection Act must be able to mitigate the risk of identification until it is remote'. / read more

Acting as the lead regulator, the UK ICO approved - on 29 October - American Express' Binding Corporate Rules (BCRs), which will take effect from 28 January 2013. / read more


For a while now, it has been suggested that one of the ways of tackling the risks to personal information, beyond protecting it, is to anonymise it. That means to stop such information being personal data altogether. The effect of anonymisation of personal data is quite radical - take personal data, perform some magic to it and that information is no longer personal data. As a result, it becomes free from any protective constraints. Simple. People's privacy is no longer threatened and users of that data can run wild with it. Everybody wins. However, as we happen to be living in the 'big data society', the problem is that with the amount of information we generate as individuals, what used to be pure statistical data is becoming so granular that the real value of that information is typically linked to each of the individuals from whom the information originates. Is true anonymisation actually possible then? / read more

Over the past 20 years, word processors, email systems and other technology tools have led to a user productivity revolution. Financial, human resources and customer relationship managements systems are a cornerstone to running organisations smoothly and adhering to corporate governance and company policy. However, applying the same controls to unstructured data has been a constant struggle. Gareth Meatyard, Head of Information Governance at Nuix, explores records management challenges and potential solutions. / read more

The Privacy Commissioner of Canada, jointly with the Privacy Commissioners of British Columbia and Alberta, published 'Getting Accountability Right with a Privacy Management Program' guidelines earlier this year, providing an important and practical tool for developing, improving and maintaining a privacy management program in Canada. Alex Cameron and Nicholas Robar at Fasken Martineau DuMoulin examine the key themes in the guidelines and discuss the implications for organizations subject to Canadian privacy law, including organizations based outside of Canada. / read more

With each emerging technology comes another tale of science-fiction-becomes-fact. The US Federal Trade Commission (FTC)'s recent guidance on facial recognition technology is no exception. The FTC's 22 October 2012 Report, 'Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies', presents facial recognition technology as an evolving tool with potentially serious risks, and offers guidance to industries seeking to integrate it into their businesses. / read more

On 12 September 2012, the Office for Personal Data Protection of the Slovak Republic (the Office) introduced a new Data Protection Act (the Act). Although the Act is still part of the legislative process and Parliament may eventually amend the current wording before the Act is adopted, the Act introduces many remarkable changes. Below, Zuzana Hecko, from Allen & Overy, summarises the most important ones. / read more

Google consolidated more than 60 of its privacy policies into a new set of rules that became effective on 1 March 2012. This reworking of privacy rules, which apply to popular services such as Gmail, Google Search and YouTube, was not without controversy, and at European level, the French Data Protection Authority was tasked with investigating Google's compliance with EU privacy regulations. Raphael Dana, Partner at Sarrut Avocats, discusses the result of this investigation and the Authority's recommendations. / read more

Federal and state regulators in the US are continuing to hone in on mobile device application ('app') privacy issues. As discussed below, the Federal Trade Commission (FTC) recently released new guidelines for mobile app developers, while Kamala D. Harris, the California Attorney General, continued her efforts to enforce the state's online privacy protection law. These actions are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting personal information comply with applicable federal and state laws. Mark W. Brennan, an Associate with Hogan Lovells in Washington D.C, analyses the US regulators' approach in this area, and how companies may start guiding their practices so that they are closer to compliance. / read more

The global, EU and UK data protection landscape is at a crossroads and organisations across all sectors are waking up to the fact that change is inevitable. Mike Bradford, founder and director of Regulatory Strategies, provides a summary of what he - and many other expert data protection commentators and practitioners - feel should, and indeed must, be on the strategic radars of organisations now to ensure they are in good shape for the challenges that will come under the new EU Regulations. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Canít find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed