Category: Privacy and Data Protection

With the approaching of May 25, 2018, the number of (self-professed) “Certified DPOs” is growing at an astonishing pace.

Many of the companies that fall within the GDPR’s scope must to include in its ranks this role but HR or Legal department are in the completely in the dark when it comes to set forth the criteria to evaluate a candidate’s fitness for the job.

“Certifications” or “Privacy Master Degree” ownership are a few ways the candidates try to lure a company into hiring them. Continue reading “The “certified” DPO and how to spot a useless one”

The extra-territorial aspect of the GDPR has been designed mimicking the criminal law approach enforced to punish crimes committed abroad by a national citizen. But while this approach works for criminal law, it doesn’t for civil (in the Continental meaning of the word) law that is strongly based on the jurisdiction (meant as “geographical limit to the power of a sovereign State) concept. Under this principle, a law can’t extend its reach outside the boundaries of the State that passed it. Continue reading “About GDPR and Extraterritoriality”

According to Il Sole24 Ore (the Italian financial daily newspaper), the Agenzia delle entrate (the public body entitled to the processing of Italian citizen’s tax information – about 20 billion, says the newspaper) has been shut down because of a bug allowing unrestricted access to those tax related information.

This is a clear infringement of the data protection by design and by default rule, as well as evidence that a poor security check has been done before opening the server to the Internet. But the Italian Data Protection Authority, instead of starting an investigation, just “asked for information”, a rather odd behaviour if compared to the attitude showed by the Authority toward the private sector.

I wonder if the DPA will use the very same light approach when a similar – and maybe less threatening – even should happen to some non public entity.

A couple of weeks ago the European Data Protection Supervisor ? released the call for application CA6/2017 to hire a data and social scientist Continue reading “The European Data Protection Supervisor on HowTo Give GDPR-related Information when Hiring”

Thanks to professor Raymond Wacks, possibly the world leading authority on privacy and privacy-related issues, I had the chance to read a more-than-500-pages-long privacy decision issued by the Indian Supreme Court last August 27. Definitely, a text that worth to be read. Continue reading “A landmark decision about privacy from Indian Supreme Court?”