Case C-136/17 GC et al v CNIL – right to be forgotten; lawful grounds for processing of sensitive data Link to judgment: http://curia.europa.eu/juris/document/document.jsf?text=&docid=218106&pageInd ex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=335023 Main issue: Four erasure requests not linked to each other and all having to do with de-linking news articles from Google search results pages, some of which contained sensitive data, were […]
Posts by Gabriela Zanfir-Fortuna
The below piece was originally published on Medium. For a version with humorous images, head to the original post. A ‘notice and consent’ privacy law puts the entire burden of privacy protection on the person and then it doesn’t really give them any choice. The GDPR does the opposite of this. There is so much […]
By Gabriela Zanfir-Fortuna and Sasha Hondagneu-Messner The Future of Privacy Forum organized a panel at the 2019 Computers, Privacy and Data Protection Conference in Brussels to discuss the limits and benefits of the right to data portability as introduced by the GDPR. This panel was chaired by Thomas Zerdick (EDPS), moderated by Stacey Gray (FPF), and […]
The session that the Future of Privacy Forum organized for the IAPP Europe Congress in Brussels on November 28, Deciphering “legitimate interests”: actual enforcement cases and tested solutions, generated great interest among privacy professionals. We had a full house attending – more than 500 participants, according to the IAPP. The panel was based on a Report published earlier this year by the FPF and Nymity.
The European Commission published a Communication on “Artificial Intelligence for Europe” on April 24th 2018. It highlights the transformative nature of AI technology for the world and it calls for the EU to lead the way in the approach of developing AI on a fundamental rights framework. AI for good and for all is the motto the Commission proposes. The Communication could be summed up as announcing concrete funding for research projects, clear social goals and more thinking about everything else.
FPF and Nymity collaborated to compile a Report on actual cases from practice and relevant guidance from the Article 29 Working Party and individual Data Protection Authorities (DPAs) concerning the use of “legitimate interests” as a lawful ground for processing under EU data protection law. Our aim is to help organizations better understand how to use and apply legitimate interests as a lawful basis for processing, while at the same time contributing to enhanced personal data protection for individuals.
Computers Privacy and Data Protection conference (CPDP) kicks off this week in Brussels, and the theme this year is “The Internet of Bodies”. The conference will gather 400 speakers for 80 panels to set the stage for the privacy and data protection conversation in Europe for 2018. And this is such an important year for data protection – not only the General Data Protection Regulation becomes applicable in May, but also the text of the new ePrivacy Regulation will likely be finalized.
Details on the EU-US privacy engineering workshop were published in European Data Protection Supervisor’s latest newsletter. This workshop was organized by the Internet Privacy Engineering Network (IPEN), Future of Privacy Forum, KU Leuven and Carnegie Mellon University, on November 10, in Leuven.
The nature of the digital economy is as such that it will force the creation of multi-competent supervisory authorities sooner rather than later. What if the European Data Protection Board would become in the next 10 to 15 years an EU Digital Regulator, looking at matters concerning data protection, consumer protection and competition law, having “personal data” as common thread? This is the vision Giovanni Buttarelli, the European Data Protection Supervisor, laid out last week in a conversation we had at the IAPP Data Protection Congress in Brussels.
Searching for effective methods and frameworks of de-identification often looks like chasing the Golden Goose of privacy law. For each answer that claims to unlock the question of anonymisation, there seems to be a counter-answer that declares anonymisation dead. In an attempt to de-mystify this race and un-tangle de-identification in practical ways, the Future of Privacy Forum and the Brussels Privacy Hub joined forces to organize the Brussels Symposium on De-identification – “Identifiability: Policy and Practical Solutions for Anonymisation and Pseudonymisation”.