e-Privacy Regulation: Good intentions but a lot of work to do
Wed 25 Jan 2017, 19:00

On 10 January 2017, the European Commission published its long-awaited proposal for an e-Privacy Regulation to replace the 2002 e-Privacy Directive.

The proposed draft Regulation contains a number of provisions which, if adopted and effectively implemented, should address some of the current gaps or lack of clarity in protection of the confidentiality of electronic communications and information stored on users devices.

Although the Commission has rightly identified and addressed most of the key issues and objectives in the proposal, strong forces seem to have watered down the text considerably, compared to the earlier version that was leaked in December 2016. For example, the reference to “privacy by design and by default” that was changed in Article 10 will need to be put back in order not to lower down the protections to the current “privacy by option”, options on the degree of online privacy that the browser would offer to the user.

CNIL publishes new rules on biometric access control in the workplace
Fri 30 Sep 2016, 23:50

The French Data Protection Authority announced the adoption of two new decisions, Single Authorizations AU-052 and AU-053, that will now cover all biometric access control systems in the workplace. These two new decisions repeal and replace the previous biometric decisions adopted by the CNIL and lay down the CNIL’s new position on biometric systems used to control access to the premises, software applications and/or devices in the workplace. The CNIL’s new Single Authorizations AU-052 and AU-053 anticipate the application of the EU General Data Protection Regulation in May 2018. They take into account the principles of privacy by design and privacy by default, as well as the requirement to conduct data protection impact assessments, which data controllers will have to comply with by May 25, 2018.