Data Regulators Focus on Artificial Intelligence and Data Ethics at Annual International Meeting in Brussels

Achieved Compliance attended the 40th Annual International Conference of Data Protection and Privacy Commissioners which convened this year in Brussels. This meeting is the largest and most significant gathering of data protection authorities in the world. It provides an important window on the status of data protection law and regulation, the impact of new technology on privacy and what is top of mind for regulators. While companies continue to grapple with the requirements of the General Data Protection Regulation (GDPR), which took effect in May of this year, the law did not take center stage at the annual meeting of regulators. Instead, the focus of this year’s conference was artificial…

READ MORE

European Data Protection Supervisor Predicts Sanctions Coming Soon for Violations of General Data Protection Regulation

Regulators in the European Union could impose sanctions for violations of the General Data Protection Regulation (GDPR) as soon as by the end of 2018, according to European Data Protection Supervisor Giovanni Buttarelli. According to a Reuter’s news report, Butarelli said in an interview, “I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban, or to give them an ultimatum.” Regulators in France and Italy report a 53 percent increase in complaints about violations over last year, Buttarelli said, adding that enforcers have seen a sharp…

READ MORE

U.S. Federal Trade Commission Begins Hearings on Competition and Consumer Protection in the 21st Century

On September 13 and 14, the Federal Trade Commission (FTC), together with Georgetown University Law Center, will co-sponsor the first in a series of Hearings on Competition and Consumer Privacy in the 21st Century. These public forums will consider whether changes in the economy, technology, and emerging business practices warrant changes to law, enforcement and policy. Specifically, they will consider whether these changes require expansion of the FTC’s enforcement power over corporate privacy practices. At a House of Representatives subcommittee meeting on July 18, FTC Chairman Joseph Simons’ stated that the FTC’s current authority to do so, under Section 5 of the FTC Act, is inadequate. A Federal…

READ MORE

Article 29 Working Party Provides Important Guidance about Data Protection Impact Assessments

Data Protection Impact Assessments (DPIAs) are critical to companies’ successful compliance with the General Data Protection Regulation (GDPR), and to their efforts to establish responsible, effective data governance within their organizations. Article 35 of the GDPR requires companies to conduct a DPIA when processing is likely to raise “high risk” to individuals. On August 6, we blogged about the advice of the Belgian data protection authority on this aspect of the GDPR. But the Belgian DPA did not issue its recommendations in isolation. The Article 29 Working Party (the “Working Party”) late last year adopted Guidelines on data protection impact assessments and determining whether processing is “likely to result…

READ MORE

Belgian Privacy Commission Issues Recommendation on Data Protection Impact Assessments

An important aspect of the General Data Protection Regulation (GDPR) that may be new to companies is the requirement set forth in Articles 35 and 36 that they conduct data protection impact assessments (DPIAs) when embarking on new data processing activities. While some organizations may have experience with DPIAs, often referred to as Privacy Impact Assessments in the United States, many may be unfamiliar with how they should be carried out and what data protection authorities look for when they review them. Companies may find help in the Belgian Privacy Commission’s Recommendation on Data Protection Impact Assessments and the prior consultation requirements provided for by Articles 35 and…

READ MORE