• Google, Vodafone call for more consistency in watchdogs' GDPR enforcement, guidance
    13 March 2019
    Google and Vodafone have called for more consistency over enforcement of the EU's strict new privacy rules and over guidelines issued by national watchdogs.

    Rosario Alvarez Munoz, privacy counsel at Google, told a conference* in London that businesses understand regulators' dual role — to direct and to enforce — but stressed the importance of a harmonized approach across the EU over the General Data Protection Regulation, now in force for more than nine months.

    “We are at the early stages of GDPR enforcement, but we think that now we are moving into the next stage, and consistency is a key aspect to consider,” Alvarez Munoz said.

    By Cynthia Kroet.

    To request the full article please click here >

  • Companies using AI to see final ethical guidelines at EU summit in April
    01 March 2019
    Businesses using artificial intelligence applications will be shown a final set of ethical guidelines at a summit organized by the European Commission on April 9, MLex has learned.A high-level expert group on AI, appointed by the commission last year, is in the final stages of processing feedback received on provisional guidelines it published in December, and aims to deliver a final version to the EU executive in March.

    The aim of the April event will also be to seek overseas jurisdictions willing to showcase ethical regulatory standards around AI under a commission plan to create a coalition of international regulators to take a common approach on the emerging technology. For this, it has been considering Canada and Japan for partnerships, as MLex reported last year

    By Cynthia Kroet.

    To request the full article please click here >

  • UK-EU data-transfer deal could take 'years' under no-deal Brexit, Buttarelli says
    26 February 2019
    UK banks, insurers, airlines and others could have to wait “years” before the UK and EU reach a data-transfer agreement if they part ways next month without a Brexit deal, the EU’s internal data-privacy regulator has said.

    European Data Protection Supervisor Giovanni Buttarelli said that a no-deal scenario would mean companies would have to find alternative ways to transfer personal data between businesses that operate in the EU and the UK.

    “Companies will have to — in an interim period — transfer the data from the UK to the EU by using standard contractual clauses, binding corporate rules, certificate mechanisms, and in a limited number of cases, with consent; but then a solution needs to be found,” he told journalists today in Brussels after presenting the EDPS’ annual report.

    By Matthew Newman.

    To request the full article please click here >

  • Personal data collection gets more complex in China as tougher rules loom
    26 February 2019
    Companies that collect personal information in any capacity in the course of their operations in China are facing stricter rules, with government authorities having recently taken steps to revise data-handling standards amid rapid technological developments and increasing public concern.

    The National Information Security Standardization Technical Committee, a standards-setting body known as TC260 that is overseen by the country's Internet regulator, has drafted a revised standard offering guidance on implementing the Cybersecurity Law as it relates to handling personal information. TC260's move comes nine months after that standard, known as the Personal Information Security Specification, took effect on May 1, 2018.

    By Xu Yuan.

    To request the full article please click here >

  • Google says Ireland, not Sweden, should probe location-tracking complaints
    21 February 2019
    Any probe into Google’s collection of users' location data should be led by Ireland, the company has told Sweden’s privacy watchdog, which is investigating those practices.

    In documents seen by MLex, the US tech giant also contested claims by consumer groups in six European countries that it designs its settings to “deceive” users into consenting to the gathering of their location data.

    Under the EU’s General Data Protection Regulation, investigations into practices that affect citizens of several EU countries should be led by the national regulator where the company in question has its EU headquarters. In Google’s case, that’s Ireland — as it is for Facebook, Apple, Twitter and others.

    By Vesela Gladicheva.

    To request the full article please click here >