Osservatorio sul diritto e telecomunicazioni informatiche, a cura del dott. V. Spataro dal 1999, 9216 documenti.

Il dizionario e' stato letto volte.

Segui via: Email - Telegram
  Dal 1999   spieghiamo il diritto di internet  Store  Podcast  Dizionario News alert    
           privacy, formulari, check up per WordPress

Temi attuali:
Algoritmi ChatGPT Intelligenza artificiale Privacy WordPress

Privacy 03.11.2020    Pdf    Appunta    Letti    Post successivo  

Linee guida su Schrems II: nel breve, mappare tutti i trasferimenti di dati con gli USA

Nasce un nuovo e inevitabile tipo di raccolta: il Transfer Impact Assessments(TIAs)




Subito realizzare l'elenco di tutti i trattamenti fatti con gli USA invece di vietarli o sanzionarli.

Così l'EDPS prende parola e ferma ogni immediata procedura di rinnovo fornitori, rinviando l'obbligo ad secondo momento. A breve termine resta solo un accolorato invito.

Preannunciate anche numerose autorizzazioni generali da parte dell'EDPS.

Il metodo è anche ottimo: sarebbe opportuno in ogni contesto: prima spiegare cosa si vuole a tutti,  poi multare.

Un ex Garante anni fa ricordava che era più utile obbligare le aziende a cambiare le procedure, piuttosto che sanzionarle.

E' bene ricordarlo, visto che anche con l'INPS si è intrapresa questa direzione.

Ecco il comunicato:

Strategy for EU institutions to comply with “Schrems II” Ruling

The European Data Protection Supervisor (EDPS) issued today a strategic document aiming to monitor compliance of European institutions, bodies, offices and agencies (EUIs) with the “Schrems II” Judgement in relation to transfers of personal data to third countries, and in particular, the United States. The goal is that ongoing and future international transfers are carried out in accordance with EU data protection law.

Wojciech Wiewiórowski, EDPS, said: “Transfers of personal data by EUIs to third countries should comply with the EU Charter of Fundamental Rights, as well as applicable EU data protection legislation, specifically Chapter V of Regulation (EU) 2018/1725. To this end, the Strategy builds on the cooperation and accountability of controllers to assess whether the essentially equivalent standard of protection, based on the Court’s ruling, is guaranteed when transfers of personal data are made towards third countries. Furthermore, the EDPS will continue to closely cooperate with other Data Protection Authorities (DPAs) within the European Data Protection Board (EDPB) so that individuals’ personal data is consistently protected throughout the EU/EEA, when data transfers to third countries occur”. 

The Judgement has far-reaching consequences on all legal tools used to transfer personal data from the EEA to any third country, including transfers between public authorities. While the strategy aims to bring all transfers into compliance with the Judgement in the medium term, the EDPS has identified two priorities to address in the short-term: ongoing controller to processor contracts and/or processor to sub-processor contracts involving transfers of data to third countries, with a particular emphasis on those carried out to the United States.

It is in this context that the EDPS has developed an action plan to streamline compliance and enforcement measures, distinguishing between short-term and medium-term compliance actions.  

As the Strategy continues to be implemented, the EDPS strongly encourages EUIs to avoid transfers of personal data towards the United States for new processing operations or new contracts with service providers.

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725

The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, offices and agencies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.

Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.

Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details, such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).

Processing of personal data: According to Article 3(3) of Regulation (EU) 2018/1725, processing of personal data refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction". See the glossary on the EDPS website.

The powers of the EDPS are clearly outlined in Article 58 of Regulation (EU) 2018/1725.

03.11.2020 EDPS

Download Pdf

Come funziona la Privacy, l'intelligenza artificiale e il riconoscimento della posizione tramite fotografia.
FCC (USA): Robocall con voci generate dalla AI e' illegale. Elezioni e Marketing avvertiti.
Provvedimento del 7 dicembre 2023 [9978568] dating online, password e durata
Company offering electronic communication services – no complete information of the data subjects & no sufficient technical and organisational measures | European Data Protection Board
Police data sharing: “Prüm II” lacks safeguards | European Pirate Party
ICO urges all app developers to prioritise privacy | ICO
Provvedimento dell'11 gennaio 2024 [9979128] Mancata comunicazione dati di contatto del DPO al Garante Privacy
Patrick Breyer: Chat control in the EU Parliament today, in court tomorrow
Ordinanza ingiunzione nei confronti di Clearview AI 10 febbraio 2022 [9751362]
Banca dati DNA: il Garante privacy invia una segnalazione a Governo e Parlamento 21 settembre 2007

Segui le novità in materia di Privacy su via Telegram
oppure via email: (gratis Info privacy)

dallo store:
visita lo store

Dal 1999 il diritto di internet. I testi sono degli autori e di IusOnDemand srl p.iva 04446030969 - diritti riservati - Privacy - Cookie - Condizioni d'uso - in 0.051