e-Identification could be introduced in ID cards as early as 2016
Thu 26 Mar 2015, 21:03

Electronic identification and electronic signatures could be integrated into the new ID cards that will be issued from 2016 onwards. The Ministry of Transport, Information Technologies and Communications announced that the technical requirements for such transition have been met and that electronic identifiers ensure the highest possible level of security and data protection and that the transition to new ID cards would be in full compliance with the newly adopted Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation).

Second High-level Conference on the EU Cybersecurity Strategy
Fri 22 May 2015, 14:20

The conference is organised on the 28 May by the European Commission and it will discuss trust and security in the digital world. The conference will be opened by Gunther Oettinger, Commissioner for Digital Economy and Society.

The Conference will be an opportunity to explore the way forward regarding the proposal for a Network and Information Security Directive, the EU cybersecurity industrial strategy and the next steps for capacity building for cyber defence and fighting cybercrime.

Registration is open and the agenda is available here.
Austrian court rejects Facebook privacy case
Wed 1 Jul 2015, 19:20

A court in Vienna declines to hear a legal case involving allegations that Facebook has broken EU data privacy laws. The court rejected the case brought by Max Schrems saying that it lacked jurisdiction in the matter.

WiFi tracking and the ePrivacy Directive in Denmark
Wed 1 Jul 2015, 19:20

Citizens are increasingly being monitored and tracked by public authorities and commercial interests. Many carry digital devices which, by design, emit a unique identifier, such as the WiFi Media Access Control (MAC) address of a smartphone. Even though the MAC address does not directly reveal the identity of a person, it can be used for recognising individuals between different sensor points and tracking their movements. With a sufficient number of sensors, an almost complete profile of a person’s movement in a city can be obtained without consent.

The Danish Business Authority, which is the regulatory authority for the Danish transposition of the ePrivacy Directive, initially indicated in media comments that these systems were subject to Article 5(3) of the ePrivacy Directive and that consent was required. There is no practical way that the required consent could be obtained, so this would effectively have forced the Danish municipalities to stop their traffic monitoring projects.

In January 2015, a formal request to the Danish Business Authority about the collection of MAC addresses was submitted and the Danish Business Authority rendered a formal decision on the matter which reversed its initial position that the consent requirement of Article 5(3) applies to these systems.

Facebook is ordered by Hamburg privacy authority to allow pseudonyms
Wed 29 Jul 2015, 11:04

Facebook was ordered by Hamburg privacy authority to allow users to have accounts under pseudonyms on the social network. The company rejects such a decision and argues that the Irish regulator has jurisdiction over its compliance with EU privacy law. The Irish privacy regulator in 2011 audited Facebook and found its name policy was in line with Irish law.

Status update on data retention in the EU following the CJEU ruling (April 2015)
Wed 29 Jul 2015, 12:54

In December 2014 ORG prepared a table showing the status of data retention in the EU, following the CJEU's decision in the Digital Rights Ireland case. We have now updated the table to show the position in April 2015.

The table can be found here.