Poland: Wojciech Wiewiórowski will remain DPC for the second term
Fri 1 Aug 2014, 18:32

The current Polish Data Protection Commissioner (DPC) will remain on his post for another, second term after the Polish Parliament confirmed his nomination on 25 July 2014. The decision did not come as a surprise: Wojciech Wiewiórowski was the only candidate for the post and has an excellent background for the role. Just like during the previous nomination process four years ago, EDRi member Panoptykon monitored the process, to ensure its transparency to the public. However, as there was only one – undisputed – candidate for the role, the scope of the monitoring activities was reduced.

Italian privacy watchdog says to conduct inspections at Google U.S. offices
Fri 20 Feb 2015, 22:20

Italy's data privacy watchdog said Google Inc had agreed to it conducting inspections at its Californian headquarters, the first time a European Union regulator will make checks on the company inside U.S. territory.

Friday's announcement represents the latest privacy challenge for the company in the EU and underscores the willingness of the 28-member bloc to ensure its citizens' data are treated according to EU law, even when held in foreign jurisdictions.

Google has been under investigation by several EU data protection authorities (DPAs) since it consolidated some 70 existing privacy policies into one in March 2012, combining data collected on individual users across its services, including YouTube, Gmail and social network Google+.

Dutch DPA comments on public-private online identification standard
Thu 11 Jun 2015, 16:35

On June 11, the Dutch Data Protection Authority commented on eID (source document in Dutch), a proposed new standard for online identification for access to both corporate and government services. The authority expressed concerns about the shared responsibility and accountability for the platform and noted that the Data Protection Act requires the appointment of a single responsible party.

Mediation by Dutch DPA concerning delisting of search results by Google
Wed 25 May 2016, 13:40

Since July 2014, the Dutch Data Protection Authority has received 111 requests to delist search results on a person's name in a search engine. The right to de-list information from the index of a search engine follows a ruling by the European Court of Justice in the case Google Spain (C-131/12). All requests related to Google. In 32 cases the Dutch DPA has mediated between Google and the data subject. In 24 cases the search results were delisted.

New Netherlands notification requirements will change data controllers’ view of cybersecurity
Tue 7 Jun 2016, 13:43

Effective 1 January 2017, Dutch data protection law requires organizations to notify the Dutch Data Protection Authority within 72 hours of “a breach of security […] which results in a significant chance of severe detrimental effects or has severe detrimental effects for the protection of the private life". The data subject must also be informed if “the breach probably will result in adverse effects on their private life”. These obligations only apply if the Dutch Data Protection Act applies, for instance in situations wherein a Dutch entity is data controller.

Dutch Privacy Watchdog to Nike - You Can't Just Do It
Mon 29 Feb 2016, 13:49

After an investigation by the Dutch Data Protection authority, Nike agreed to take measures to remedy any Dutch privacy violations found in the way it’s Nike+ app was designed. These include: notifying existing users of the app (and Nike+ users on the web) that height and weight are optional, and asking them for consent to retain existing data; introducing a single privacy policy with greater disclosures and a data retention period for inactive users. The Nike+ investigation provides valuable guidance for the mobile health industry regarding privacy issues.