The current Polish Data Protection Commissioner (DPC) will remain on his post for another, second term after the Polish Parliament confirmed his nomination on 25 July 2014. The decision did not come as a surprise: Wojciech Wiewiórowski was the only candidate for the post and has an excellent background for the role. Just like during the previous nomination process four years ago, EDRi member Panoptykon monitored the process, to ensure its transparency to the public. However, as there was only one – undisputed – candidate for the role, the scope of the monitoring activities was reduced.
Italy's data privacy watchdog said Google Inc had agreed to it conducting inspections at its Californian headquarters, the first time a European Union regulator will make checks on the company inside U.S. territory.
Friday's announcement represents the latest privacy challenge for the company in the EU and underscores the willingness of the 28-member bloc to ensure its citizens' data are treated according to EU law, even when held in foreign jurisdictions.
Google has been under investigation by several EU data protection authorities (DPAs) since it consolidated some 70 existing privacy policies into one in March 2012, combining data collected on individual users across its services, including YouTube, Gmail and social network Google+.
On June 11, the Dutch Data Protection Authority commented on eID (source document in Dutch), a proposed new standard for online identification for access to both corporate and government services. The authority expressed concerns about the shared responsibility and accountability for the platform and noted that the Data Protection Act requires the appointment of a single responsible party.
Since July 2014, the Dutch Data Protection Authority has received 111 requests to delist search results on a person's name in a search engine. The right to de-list information from the index of a search engine follows a ruling by the European Court of Justice in the case Google Spain (C-131/12). All requests related to Google. In 32 cases the Dutch DPA has mediated between Google and the data subject. In 24 cases the search results were delisted.
Effective 1 January 2017, Dutch data protection law requires organizations to notify the Dutch Data Protection Authority within 72 hours of “a breach of security […] which results in a significant chance of severe detrimental effects or has severe detrimental effects for the protection of the private life". The data subject must also be informed if “the breach probably will result in adverse effects on their private life”. These obligations only apply if the Dutch Data Protection Act applies, for instance in situations wherein a Dutch entity is data controller.