JD Supra published an interesting article about a situation in Germany. Data Protection Authorities had to deal with a huge amount of work and they lack a capacity to do so. For example, the Authority of the German state of Hamburg had released a report, in which it described that the lack of personnel results in a limitation in three areas: random audits, on-site visits and consumer complaints.
To tackle the problem, Germany had passed a law “that permits registered consumer-protection organizations (called Verbände) to bring suits on behalf of consumers to enjoin data-protection violations.” Under the Article 3 of the Enforcement Act, “consumer organizations can bring an action to enjoin the wrongful collection, processing, or use of a consumer’s personal data by an enterprise, so long as the enterprise collected or used consumer data “for the purpose of marketing, market or opinion research, operating a credit reporting agency, assembling personal or user profiles, trading in addresses, buying or selling data,” or for “similar commercial purposes.””
Europe: Employers may read private messages at work
The European Court of Human Rights in the Barbulescu v. Romania case held that Romanian employer had not violated the privacy rights of its employee by monitoring and reading employee’s messages.
Many authors had addressed the court’s decision. At Data protection report, the authors noted that: “The judgment of the ECHR must not be seen as carte blanche for employers to monitor their employees’ communications at work. Employers should always bear in mind that the fact that the monitoring measure is not in breach of Article 8 of the Convention does not automatically mean that such measure is indeed permitted at the end of the day. Further limitations, in particular under national, general and sector specific data protection, telecommunication and employment laws will apply and differ from jurisdiction to jurisdiction.”
Data protection issues of Smart cities
European Data Protection Law Review had published an article by Lilian Edwards from the University of Strathclyde Law School. Its name is “Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective”.
It deals with the often forgotten legal perspective on smart cities. “A key issue is the lack of opportunity in an ambient or smart city environment for the giving of meaningful consent to processing of personal data; other crucial issues include the degree to which smart cities collect private data from inevitable public interactions, the “privatisation” of ownership of both infrastructure and data, the repurposing of “big data” drawn from IoT in smart cities and the storage of that data in the Cloud.”
The authors argues that the solutions are “the ethos of Privacy by Design, a new “social impact assessment” and new human:computer interactions to promote user autonomy in ambient environments”.
Discrimination by data – a report by Federal Trade Commission
“Companies should remember that while big data is very good at detecting correlations, it does not explain which correlations are meaningful. (…) For example, one company determined that employees who live closer to their jobs stay at these jobs longer than those who live farther away. However, another company decided to exclude this factor from its hiring algorithm because of concerns about racial discrimination, particularly since different neighbourhoods can have different racial compositions.”
“Several commenters explained that some credit card companies have lowered a customer’s credit limit, not based on the customer’s payment history, but rather based on analysis of other customers with a poor repayment history that had shopped at the same establishments where the customer had shopped (…) Using this type of a statistical model might reduce the cost of credit for some individuals, but may also result in some creditworthy consumers being denied or charged more for credit than they might otherwise have been charged.”
New Network and Information Security Directive in the EU
The Permanent Representative Committee published a first draft of a new Network and Information Security Directive. The purpose of the legislation is to strengthen the security of network and information systems across the EU.
“The network and information security (NIS) directive will increase cooperation between member states and lay down security obligations for operators of essential services and digital service providers. Essential services operators are active in critical sectors such as energy, transport, health and finance. Digital services cover online marketplaces, search engines and cloud services.“