This is a short article I wrote for the BEERG (Brussels European Employee Relations Group) weekly newsletter on some interesting recent developments on data protection, particularly the criticisms of the Irish Data Protection Commission. Though unconnected, I had a short Twitter exchange with renowned privacy advocate, Max Schrems, on a related topic, a few days later.
In early December one of the five directors at Belgium’s Data Protection Authority (APD/GBA) resigned, citing the same concerns about a “lack of independence” at the authority which the EU Commission had raised several weeks earlier.
In November VRT (public-service broadcaster for the Flemish Community of Belgium) ran a story saying that the European Commission was commencing infringement proceeding against Belgium claiming that:
some members of the APD/GBA cannot currently be considered free from outside influence, as they either report to a management committee dependent on the Belgian government, have participated in government projects for the detection of COVID-19- contacts, or are a member of the Information Security Committee.
I wrote this article for BEERG‘s weekly newsletter on Sept 23rd. The Newsletter goes to approx 1,000 senior HR professional across the EU and US.
I have been deeply involved in monitoring the development of the data privacy and protection issue since first working on the early legislative passage of the General Data Protection Regulation through the European Parliament and Council. This article features a link to an article I wrote for the EurActiv news-site in late 2012 on the complexity of GDPR’s employee data provisions.
I have added some extra paragraphs in this version that are pertinent to the Irish domestic situation and – not for the first time – I finish an article with my favourite LBJ saying/quote
This was the week when the stark reality of the Schrems II judgement became clear. When the rubber hit the road.
In last week’s BEERG Newsletter I portentously observed that the already complex position around Standard Contractual Clauses (SCCs) and other methods of transferring personal data to the US was about to become more complex. Little did we realise how quickly that would happen.
The Irish Data Protection Commission made a preliminary move to halt Facebook’s use of SCCs to cover the transfer of data from the EU to the US. Facebook has some 400m+ user in Europe. Facebook went to court.
Within days, the text of Facebook’s affidavit to the Irish High Court appeared online. Its contents fueled headline speculation in respected broadsheet newspapers and reputable media outlets that Facebook was threatening to quit the EU unless its concerns were addressed.
This column appeared on Broadsheet.ie on September 24th and looks at the current government’s ongoing issues with grasping the critical importance of data and data privacy to our continuing economic growth and development. While the governments response to the Data Protection Commissioner’s findings that it broke its own laws in expanding the scope of Personal Service Cards shows a cavalier attitude to data protection, the total inadequacy of the states response to real cyber-security threats is frightening. The State must immediately given the Defence Forces a lead role in building cyber security capacity and give it the resources right now, including the ability to recruit and train the next generation of cyber security experts.
Twenty years ago (last Sunday) the first ever episode of The West Wing premiered on US TV.
Though anyone who has ever served in government can confirm that The Thick of It or Yes, Minister are more realistic portrayals of life along the corridors of power, The West Wing still represents the ideal, the way we would like to think it is.
This is due, in part, to the excellent characterisations, but it is mainly down to the quality of writing. The dialogue not only fizzed, it was informed by actual policy debates.
There were prescient. Much of it is still cogent despite all that has happened in the intervening two decades.
This is a brief overview of some data protection issues for business to watch out for in 2018. It first appeared in this week’s BEERG weekly newsletter under the heading: #GDPR – 132 Days to go… but there is a lot more ahead.
Note my GDPR countdown clock to the right (or below on Mobiles) of the screen
Derek Mooney writes: No one needs reminding that the General Data Protection Regulation, 2016/679 (GDPR) the EU’s new pan European data protection law comes into force on May 25 – in 132 days, or 94 business days, (from Jan 12) 2018 will be the year of data protection as everyone -regulatory authorities and individual organisations alike – struggles to get used to the new regime.
Will Data Protection Authorities and individual companies be able to source sufficiently experienced Data Protection Officers to oversee the new laws? And if having the GDPR come into effect in 2018 is not a sufficient strain, you can add the issue of what happens to data transfers to the UK post Brexit?