The EDPS Annual Conference 2022: Trilateral’s involvement and key take-aways
On 16 and 17 June, Trilateral Research was pleased to attend and present at the 2022 EDPS Conference on “Effective Enforcement in the Digital Age”. The conference was attended by leading academics, activists, practitioners, regulators and policy-makers, and featured several high-level keynote speeches by individuals like Max Schrems (NOYB), Wojciech Wiewiórowski (EDPS) and Shoshana Zuboff […]
EDPS Opinion on Information Security Proposal
The Proposal for a Regulation of the European Parliament and of the Council on the information security in the institutions, bodies, offices and agencies of the Union (EUIs)[1] suggest developing a set of standards and rules regarding information security that EUIs will need to adhere to. These aim to firstly, facilitate the interoperability of information classification […]
Googles decides to make easier to Reject All
Recently, Google announced its plans to introduce a “Reject All” option within its famous cookie banner. The decision was appreciated by the Information Commissioners Office, by observing this to be a change that was long awaited to improve not only the user interaction, but also the compliance aspects. The ICO in its statement was also […]
The DPC’s new approach to addressing personal data breach notifications
The Data Protection Commission Ireland, in its Annual Report 2021, announced a changed approach towards handling data breach notifications. The report explains that the focus of DPC will shift towards enforcement rather than the current approach that prioritises communication and conciliation with data controllers to assist mitigating the impacts of data breaches on the controllers […]
European Commission launches proposal for a Regulation for the European Health Data Space (EHDS)
The health sector, like many other sectors, is going through transformative change fuelled by advances; amongst others, in Artificial Intelligence (AI), Machine Learning (ML) and Smart Devices. The aim of the proposed EHDS is the creation of data spaces to facilitate access to data in safe and secure environments and ensure EU data is used […]
ENISA Report on Deploying Pseudonymisation Techniques in the Health Sector
On 24 March 2022, the European Union Agency for Cybersecurity (‘ENISA’) published a report on deploying pseudonymisation techniques in the health sector. Building on previous ENISA guidance in this area, the report explores, through the illustration of simple use cases, how such techniques can improve the protection of health data. The digitisation of medical data […]
EU-US Data Transfers – The Inception of Privacy Shield 2.0
On 6 April 2022, the European Data Protection Board (EDPB) released a statement adopting the announcement dated 25 March 2022 regarding an European Union (E.U.) – United States (U.S.) Transatlantic Agreement for facilitating data transfers. In its statement, the EDPB highlights the “unprecedented” measures that the U.S. intends on implementing to ensure adequate protection of […]
Transparency while processing Children’s personal data
Transparency is a key obligation for any data processor to discharge while processing personal data. The same has been mentioned within Article 5(a) of the GDPR. Recently, documents filed in the UK Courts have accused TikTok, a popular social media platform, of processing children’s personal data without meeting transparency obligations or seeking consent as required […]
Analysing the human-factor aspects of cybersecurity
Cybersecurity has become increasingly important across organisations, departments and teams. However, effective cyber-security requires both technical and organisational measures to reduce risks to organisations and the clients they serve. Furthermore, attacks on many types of critical infrastructure service providers, such as financial, healthcare or public institutions, could result in serious economic and societal repercussions. An […]
EDPB issues new guidelines on Codes of Conduct as tools for transfers
Under Article 46 of the GDPR, Controllers and Processors must implement appropriate safeguards for transfers of personal data to third countries or to international organisations. Where the European Commission has not determined a third country as having adequate protection, there are several mechanisms available to achieve this end. The most utilised of these are Standard […]
