1. eu-LISA PUBLIC
The path for the adoption of
the Privacy Shield is becom-
ing more and more difficult.
After the negative Opinions
of the Parliament and of the
Article 29 Working party, now
also the European Data Pro-
tection Supervisor (EDPS) has
expressed all its concerns
about the robustness of the
privacy guarantees contained
EU-US signs deal on police data exchange
On 2 June 2016, the European
Union and the United States
of America signed the so-
called "Umbrella agreement"
which puts in place a compre-
hensive data protection
framework for criminal law
enforcement cooperation.
The Agreement covers all
personal data (e.g., names,
addresses, criminal records,
etc.) exchanged between
police and criminal justice
authorities of the EU
Member States and the
U.S. federal authorities
for preventing, investi-
gating, detecting and
prosecuting criminal
offenses, including terror-
ism. The Umbrella Agree-
ment will provide safe-
guards and guarantees of
lawfulness for data trans-
fers, including provisions on
clear limitations on data use,
the obligation to seek prior
consent before any onward
transfer of data, the obliga-
tion to define appropriate
retention periods, and the
right to access and rectifica-
tion. Read the Umbrella
Agreement factsheet
Read the EC press release
April 2016Issue nr. 15
DATA PROTECTIONDATA PROTECTION
NEWSLETTER
Issue Nr.10
HIGHLIGHTS
Troubles for the Privacy
Shield
EU-US signs Umbrella
Agreement
SECURITY AND
SURVEILLANCE
Myspace Data Breach
Snooper’s charter: the
remaining stages for ap-
proval
Canada: Face recognition
technology to identify
passports frauds
NEW
TECHNOLOGIES
EC drafts Code of Con-
duct for mobile health
app
EVENTS
Data Protection Aware-
ness sessions: the out-
comes
Connect the citizens
summit in Amsterdam
SPEECHES AND
PUBLICATIONS
HIGHLIGHTS
June 2016, Issue Nr.19
in the Agreement. In fact,
the Opinion on the EU-
U.S. Privacy Shield Draft
Adequacy Decision re-
leased by the EDPS on 30
May expresses mistrust
about the data transfer
framework’s ability to
protect EU citizens’ per-
sonal data in accordance
with EU law. Read the
press release.
The EDPS recognized
that the European Com-
mission’s draft adequacy
decision is an improve-
ment respect to the U.S.-EU
Safe Harbor Framework,
which was invalidated by the
Court of Justice for the Euro-
pean Union last October.
However, Mr Buttarelli cau-
tioned that “progress com-
pared to the earlier Safe
Harbor … is not itself suffi-
cient...since the Privacy
Shield “as currently designed
does not adequately include
… all appropriate safeguards”
to protect EU citizens’ priva-
cy “robust improvements are
needed” he said.
Troubles for the Privacy Shield
DID YOU KNOW
The EU-US Privacy Shield Agreement was designed to replace the Safe harbour which
was struck down by the Court of Justice of the European Union (CJEU) following a
complaint by privacy activist Max Schrems. The new agreement is aimed at restoring
the trust of individuals in the transatlantic data transfers.
2. eu-LISA PUBLIC
On 31 May, Time Inc., own-
er of Myspace, confirmed
that the once-popular social
media site was hacked.
The leaked database con-
tained about 360 million
accounts with 427 mil-
lion passwords, according
to a Motherboard report.
This might be the biggest
data breach of all time. It’s
much bigger than the 117
LinkedIn passwords and
emails that leaked last
month from the 2012
LinkedIn hack and more
than the 2013 Target hack
that affected 70-110 million
customers.
MySpace has announced
that it is in the process of
notifying all affected users
and working proactively
with law enforcement au-
thorities to resolve this
issue. The data breach
countermeasures taken
includes the invalidation of
the passwords of all known
affected users and the
monitoring for suspicious
activity that might occur
on Myspace accounts.
The hack is being attribut-
ed to the Russian cyber-
hacker who goes by the
name “Peace.” This is the
same person responsible
for the LinkedIn and Tum-
blr attack too.
Read more here
MySpace Data Breach: 427 millions passwords leaked
Snooper's charter: the remaining stages for approval
The Snooper’s charter, has
been widely criticized ever
since it was proposed by
Home Minister Theresa
May in 2015, because it pro-
vides investigative agencies
the authority to conduct
mass surveillance over
citizens .
It is likely that Mrs Theresa
May will have to make
some privacy concessions in
order to see her bill ap-
proved by the Parliament.
There is a lot at stake. If
the Snooper Charter will
pass the scrutiny of the
British MPs, the public
trust in UK tech services
will be undermined and this
could determine the loss of
trust in freedom of expres-
sion and privacy online –
trust that would be impos-
sible to regain.
Read more here
On Monday 6 and Tuesday
7 June, British MPs will de-
bate in the House of Com-
mons the remaining stages
for the approval of the con-
troversial Investigatory
Powers Bill. The Bill, nick-
named Snooper Char-
ter, will provide a new
framework to govern the
use and oversight of investi-
gatory powers by law en-
forcement and the security
and intelligence agencies.
Page 2
SECURITY and SURVEILLANCE
“ 360 million accounts
with 427
million passwords
stolen”
SECURITY and SURVEILLANCE
DIDYOU KNOW
That if you want to
check if you have an
account that has been
compromised in a data
breach, visit the website
haveibeenpwned.com
The website is run by
Troy Hunt, a web securi-
ty expert, who had the
idea of creating an open
source tool including
huge amount of hacked
data.
In the era of data
breaches, a great busi-
ness idea.
DIDYOU KNOW
That the Investigatory Pow-
er Bill (nicknamed Snooper
Charter) requires web and
phone companies to store
records of websites visited
by every British citizen for
12 months for access by po-
lice, security services and
other public bodies. Moreo-
ver, Makes explicit in law for
the first time the powers of
the security services and
police to hack into and bug
computers and phones.
Read more here
DIDYOU KNOW
That when you choose your
password you should follow
the tips of the Guide to pass-
word security. Ideally, each
of your passwords would be
at least 16 characters, and
contain a combination of
numbers, symbols, upper-
case letters, lowercase let-
ters.
How Secure is my Password?
To see if your password is
secure enough click here. The
website tells you how many
seconds, days or years an
hacker might take to crack
your credentials.
3. eu-LISA PUBLIC
Canada: Face recognition technology to identify passports frauds
mendations, on 7 June 2016,
the European Commission
has drafted its Code of Con-
duct on privacy for mobile
health apps and submitted
for comments to the Art 29
Data Protection Working Par-
ty. Once approved by the
independent EU advisory
group, the Code will be ap-
plied in practice: App devel-
opers will be able to voluntar-
ily commit to follow its rules,
which are based on EU data
protection legislation.
The EC said the Code was
developed with all par-
ties in mind, including
SMEs and individual
developers who may
not have access to legal
expertise. It is expected
to raise awareness of
the data protection
rules in relation to
mHealth apps, and
facilitate and increase
compliance at the EU.
Read more here.
New apps are being devel-
oped at the speed of light
and legislators around the
world are busy revising ex-
isting, or drafting new, data
privacy legal frameworks.
Last February the Article 29
Working Party stressed the
need to create an intelligi-
ble legal framework for da-
ta processing apps, in par-
ticular for those collecting
and processing health data
(“mHealth apps”).
Following the WP29 recom-
Page 3
SECURITY and SURVEILLANCE
SECURITY and SURVEILLANCE
NEWTECHNOLOGY
EC drafts Code of Conduct for mobile health apps
using biometrics — physical The photo-matching idea
emerged from concerns that people wanted by the Canada
Border Services Agency might use fake names to obtain
genuine Canadian travel documents from the Immigration
Department's passport program, say internal memos re-
leased under the Access to Information Act.
"Genuine Canadian passports and other travel documents
are of high value to persons who seek to establish false
identities," says a memorandum of understanding between
the border and immi-
gration agencies.
Read more here.
On 8 June, the Canada’s
Federal government offi-
cials revealed they used
facial recognition technol-
ogy to identify 15 suspects
wanted on immigration
warrants, who all used false
identities to apply for travel
documents.
The Liberal government
might make the facial-
recognition scheme perma-
nent to help find and arrest
people ineligible to remain
in Canada due to involve-
ment with terrorism, orga-
nized crime or human rights
violations. It's just the latest
example of federal efforts
to zero in on lawbreakers
DIDYOU KNOW
That Axl Rose, the
Guns N’ Roses front-
man, demands Google
remove 'fat' photos
from the web. The pho-
to in question was tak-
en at a concert back in
2010 and users poked
fun at the singer’s
weight gain through
the years.
Read more here
Read Axl Rose open
letter
DIDYOU KNOW
That the Article 29 Work-
ing Party is composed of
representatives of the
national data protection
authorities (DPA), the
EDPS and the EC. The
Group provides the Com-
mission with expertize
on data protection.
4. eu-LISA PUBLIC
On 7 and 8 June, the eu-
LISA Data Protection
Officer, Mr Fernando Silva,
held in eu-LISA Tallinn 2
Privacy Awareness Session:
Data Protection at eu-
LISA and Personal Data
Breach. While the first was
aimed at informing the staff
about the privacy principles
and data protection obliga-
tions and how they are be-
ing enforced and applied in
practice in eu-LISA, the sec-
ond was targeted at in-
structing the staff on how
to react in case of a data
breach. During the sessions
the DPO gave practical ex-
ample to show how the da-
ta protection legal and
compliance requirements
have an impact on the eu-
LISA staff professional envi-
ronment. The same Aware-
ness session are scheduled
for eu-LISA Strasbourg this
week.
ernments and businesses to
refine their policies and ser-
vices. Boosting connectivity
for EU citizens is therefore a
key priority for the Juncker
Commission, with the 2020
Digital Agendaand Digital
Single Market Strategy set
to boost innovation, eco-
nomic growth and jobs in
the EU.
Read more here
POLITICO’s Connected
Citizens Summit in Am-
sterdam on June 21 2016
will examine the challenges
and opportunities govern-
ments and the private sec-
tor face as they adapt their
policies and services to bet-
ter connect with citizens.
Connectivity helps patients
track their health, commut-
ers optimize their trips,
households manage their
consumption and citizens
engage in the democratic
process. Data allows gov-
Data Protection Awareness Sessions: the outcomes
Connected Citizens Summit, Amsterdam 21 June 2016
Page 4
EVENTS
EVENTS
DIDYOU KNOW
That the Digital Single Market strategy, adopted
by the European Commission on the 6 May 2015,
creates opportunities for new startups and allows
existing companies in a market of over 500 mln
people. Completing a Digital Single Market could
contribute € 415 billion per year to Europe's econo-
my, create jobs and transform the public services.
Read the Digital Single Market Factsheet.
DIDYOU KNOW
That on 9 November eu-
LISA adopted the Policy
and Procedure on Personal
Data Breach Handling.
The Policy is available here