Data protection challenges and priorities 2023: The Annual IAPP-EY Privacy Governance Report

Each year the International Association of Privacy Professionals and Ernst & Young team up to survey the privacy landscape across the globe. To do so they survey hundreds of privacy professionals in different regions, sectors and countries to identify key trends in professionals’ and organisations’ experience and expectations to guide activities for the following year. […]

The ICO’s Transfer Risk Assessment and How it works in Practice

On 17 November 2022 the Information Commissioner’s Office (ICO) published much needed guidance on international data transfers alongside a Transfer Risk Assessment (TRA) tool. The tool is designed to assist data controllers in assessing whether restricted data transfers can be made. Restricted transfers (UK) are data transfers made from the UK to a third country […]

The financial argument, a complement to moral decision-making

Contemporary discussions on modern slavery tie in with ethical discourse and normative considerations. Modern slavery has been framed as a ‘moral issue’ (Guetierrez-Huerter, Gold & Trautrims, 2021, p. 12), its policy framework has been called ‘moralistic’ (Broad & Turnbull, 2019, p. 1). But however pivotal such moral dimensions are, a focus on ethics alone does not do justice to all facets of the crime, and sometimes does not offer enough persuasion to act. To improve our knowledge of modern slavery, its victims, and its prevalence, it is of great importance to get a grasp of its precise health, social and economic costs.

Draft UK Data Protection and Digital Information Bill

On July 18, 2022, the U.K. government introduced the Draft Data Protection and Digital Information Bill (hereafter referred to as the “Bill”) to the House of Commons. Publication of the Bill was the natural next step following on from the consultation in September 2021 on the reform of UK data protection law, the final response […]

Regulating Cybersecurity: The EDPS Opinion on the Proposal for a Regulating  Cybersecurity and the Creation of a High Common Standard for EUIs (European Union Institutions)

The Proposed European Commission Proposal for Cybersecurity Regulation lays down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union (EUIs). The Proposal constitutes one of the regulatory initiatives of the EU’s Cybersecurity Strategy for the Digital Decade from 16 December 2020. It will impact EUIs and […]

CNIL’s Decision on the Use of Google Analytics and Recommended Alternatives

After the Court of Justice of the European Union’s (CJEU) decision regarding Privacy Shield (Schrems II) the CNIL, on 10.02.2022, issued notices to a number of websites that used the Google Analytics audience measurement tool. In those notices, the CNIL stated that the use of Google Analytics inherently involves an element of data transfer to […]

ENISA’s Cybersecurity Certification

ENISA Cybersecurity Certification

On 2nd–3rd June, ENISA held the 2022 edition of its Cybersecurity Certification Conference. The conference focused on the future of certification and how certification schemes will be developed and implemented as part of the EU’s certification approach. The ENISA Cybersecurity Certification Conference provided insightful presentations and panel discussions from cybersecurity experts, service providers, Conformity Assessment […]

What the Public Sector Cyber Security Baseline Standards Mean for your Organisation

The cyber-attack on the Irish Health Service Executive (HSE) in 2021 brought cybersecurity into sharp focus, particularly for public service bodies (PSBs). If the likelihood of cyber incidents of this nature and impact seemed remote to many within the public sector prior to this attack, they were now fully aware of their vulnerability. The introduction […]

Security, privacy and trust in software – assessing the ethical impact of technology

Protecting privacy and digital security are becoming increasingly important in everyday life. A lack of trust in software and how it deals with or exposes personal information could negatively impact consumers and the wider EU digital market. Privacy, security and trust in software are promoted by the TRUST aWARE project. They are also, in themselves, […]