stefan – Page 45 – Privacy Design®

August 21, 2020

Ex-Uber CISO charged over mishandling of data breach

Summons

(alleged ransom payment, disguised via Bug Bounty program, in wake of 2016 data breach [Amazon S3 bucket credentials on github])

https://www.justice.gov/usao-ndca/press-release/file/1306781/download

August 11, 2020

Privacy Impact Assessment for the U.S. Border Patrol Digital Forensics Programs

https://www.dhs.gov/sites/default/files/publications/privacy-pia-cbp053a-digitalforensics-july2020.pdf

(DPIA, PIA)

August 11, 2020

Paper: Ethics of Artificial Intelligence in Surgery

https://arxiv.org/pdf/2007.14302.pdf

August 11, 2020

News article on Google “trust tokens”

< href="https://www.theverge.com/2020/7/31/21349538/google-changes-ads-data-cookies-privacy">https://www.theverge.com/2020/7/31/21349538/google-changes-ads-data-cookies-privacy

July 19, 2020

Assessment List for Trustworthy Artificial Intelligence (ALTAI) for self-assessment

On the 17 of July 2020, the High-Level Expert Group on Artificial Intelligence (AI HLEG) presented their final Assessment List for Trustworthy Artificial Intelligence.

https://ec.europa.eu/digital-single-market/en/news/assessment-list-trustworthy-artificial-intelligence-altai-self-assessment

July 17, 2020July 17, 2020

ICO on Assessing the Adequacy of International data transfers (July 2017?)

In case you are need for some inspiration in the wake of Schrems II..
https://ico.org.uk/media/for-organisations/documents/1529/assessing_adequacy_international_data_transfers.pdf

July 10, 2020July 10, 2020

Germany: DPA Niedersachsen: FAQ on Auftragsdatenverarbeitung (data processing)

https://lfd.niedersachsen.de/download/156382/FAQ_zur_Auftragsverarbeitung_nach_Art._28_DS-GVO.pdf

Blog article with some commentary
https://www.delegedata.de/2020/07/datenschutzbehoerde-niedersachsen-umfassende-faq-zur-auftragsverarbeitung-nach-der-dsgvo/

Interesting note on contracts.

July 10, 2020July 10, 2020

ENISA: online tool for security of personal data processing

Evaluating the level of risk for a personal data processing operation
https://www.enisa.europa.eu/risk-level-tool/risk

includes further links to risk assessment methodologies

July 7, 2020July 7, 2020

EDPS Survey on Data Protection Impact Assessments under Article 39 of the Regulation (case 2020-0066)

Interesting report that also points out the wide variety in DPIA formats and sizes.
It also talks about specific passages and questions used.

https://edps.europa.eu/sites/edp/files/publication/20-07-06_edps_dpias_survey_en.pdf

Additional EDPS guidance:

July 7, 2020July 7, 2020

CNIL Open Data initiative

https://www.cnil.fr/fr/opendata

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

Contact information for Data Protection Authorities around the world
Number of formal notices notified each year since 2014
Number and type of sanctions notified each year since 2014
Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
List of notifications of personal data breaches received by the CNIL
List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
Number of complaints received annually by the CNIL since 1981
etc.