-
Recent Posts
- Why data protection law is uniquely equipped to let us fight a pandemic with personal data
- A US Bill from 1974 shares so much DNA with the GDPR, it could be its ancestor
- Planet49 CJEU Judgment brings some ‘Cookie Consent’ Certainty to Planet Online Tracking
- The CJEU decides lack of access to personal data does not unmake a joint controller: A look at Wirtschaftsakademie
- Brief case-law companion for the GDPR professional
- Exam scripts are partly personal data and other practical findings of the CJEU in Nowak
- A Conversation with Giovanni Buttarelli about The Future of Data Protection: setting the stage for an EU Digital Regulator
- Why did Facebook just receive (one of) the biggest data protection fine(s) on record
- Exam scripts and examiner’s corrections are personal data of the exam candidate (AG Kokott Opinion in Nowak)
- Highlights of the draft LIBE report on the ePrivacy Reg
Archives
Tags roulette
AG Mengozzi Article 8 Charter article 29 working party big data CJEU cloud computing CNIL data portability data protection Data Protection Directive data protection laws data protection officer data protection reform data protection regulation directive 95/46 directive 95/46/EC EDPS European Commission European Data Protection Supervisor European Parliament Facebook Gabriela Zanfir GDPR Google personal data PNR privacy right to be forgotten Surveillance technology Viviane RedingCategories
RSS
Meta
All about personal data protection and privacy
EPIC.ORG news- An error has occurred; the feed is probably down. Try again later.
- EDRi
- Commission launches internet fee consultation full of biased questions
- Will the European Union allow politicians to use your personal data for political advertising?
- EDRi-gram, 31 May 2023
- Sex, religion and race are advertising taboos, except for power-hungry politicians
- USA border plan requires “continuous and systematic” transfers of biometric data
- €1.2 billion GDPR fine for Meta over US mass surveillance
- 5 years of the GDPR: National authorities let down European legislator
- Romania: CSA Regulation will make journalistic investigations of child abuse impossible
- Open letter: Gender-inclusive and safe digital world that is free from violence for all
- Chaos Communication Camp 2023
- European Data Protection Supervisor
- An error has occurred; the feed is probably down. Try again later.
- CNIL
- Découvrez les chercheuses et chercheurs présents à la deuxième édition du Privacy Research Day
- Journées RGPD les 13 et 14 juin à Rennes
- Fusion de la carte Vitale et de la carte d’identité : les points d’attention de la CNIL concernant la protection des données
- Clôture de l’injonction prononcée à l’encontre de MICROSOFT IRELAND OPERATIONS LIMITED
- Remise du prix « Protection de la vie privée » 2022 par la CNIL et l’Inria
- Données de santé et utilisation des cookies : DOCTISSIMO sanctionné par une amende de 380 000 euros
- Le rapport annuel 2022 de la CNIL
- Intelligence artificielle : le plan d’action de la CNIL
- Évolution des pratiques du web en matière de cookies : la CNIL évalue l’impact de son plan d’action
- Privacy Research Day : découvrez le programme et inscrivez-vous gratuitement à l’évènement
- ICO
- Two energy firms fined combined £250,000 for making unlawful marketing calls
- ICO warns of “real danger” of discrimination in new technologies that monitor the brain
- ICO reprimands Thames Valley Police for releasing witness details to suspected criminals
- John Edwards, Information Commissioner, delivers a keynote speech at the Data and the Future of Financial Services Summit
- ICO statement on Capita incident
- Statement in response to the Open Rights Group’s report
- ICO issues Ministry of Justice with reprimand after confidential personal information left in prison holding area
- “It’s important not to get caught out.” - New SARs guidance for employers issued
- Information Commissioner John Edwards' opening remarks at the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), delivered on 23 May 2023.
- ICO fines two businesses £180,000 for making unlawful marketing calls
- Privacy Commissioner Canada
- Announcement: Commissioner welcomes conclusion of the U.S. Federal Trade Commission’s investigation into Ashley Madison breach
- Announcement: OPC blog post: learn how identifiers on your phone can be used to track you
- Don’t repeat past mistakes, Privacy Commissioner warns as government reviews national security framework - December 6, 2016
- Media Advisory: Privacy guardians to unveil recommendations on modernizing Canada’s national security framework - December 5, 2016
- Announcement: Contributions Program launches call for innovative research and knowledge translation proposals - November 30, 2016
- Announcement: Commissioner shares views on Security of Canada Information Sharing Act with Parliament
- Announcement: Commissioner shares views on Bill C-22 with Parliament
- Announcement: OPC posts new summaries of cases involving businesses
- Media surveillance highlights privacy risk to all Canadians
- Announcement: Privacy Commissioner launches Privacy Tech-Know blog series
pdpEcho 
govhealthit.com: Q&A – Privacy activism in the age of Big Data
Read a very useful interview with Deborah Peel, MD, founder of the group Patient Privacy Rights, on govhealthit.com.
We chose an interesting sample:
Q: Your website cites a number of fairly nefarious and invasive scenarios: “If a school or university learns your child has ADHD or is being treated for depression, they may deny admission. If a boss knows you take Xanax or Zoloft, they may reconsider your promotion.” Wouldn’t both of those practices be illegal?
A: Of course it’s all illegal, using people’s information against them. But there’s no way that the poor employee can even know until later that’s something’s happened. For example, I can’t tell you how many stories psychiatrists hear about where somebody’s been out for two weeks for depression. They go back in, they’re assigned to a completely new job, and they end up quitting. How are they going to ever prove or know who looked at their records when there is no chain of custody? That’s the other thing that electronic records can prove: you can’t move them, you can’t open them, you can’t see them, without there being a transaction.
[Q&A: Health org’s don’t protect patient data for reasons dating ‘back to the industrial revolution’]
One of the things that we have lobbied for is a chain of custody and accounting of disclosures. And we did get that into the HITECH Act. You’re supposed to be able to get a chain of some disclosure, three years of all disclosures of electronic data from your EHR. They don’t even have the rules yet for how we can get disclosures of electronic health records — not from pharmacies, not from labs, not from insurers, not from all the other clearinghouses. What we really need is a chain of custody for all of health data, wherever it is. Because we don’t even know that, there’s no way to prove harm. One of our major projects right now is we’re working really hard with Harvard and Latanya Sweeney to raise the funds to build a data map. We do not even know how many entities have our information or what they’re doing with it. So how can we weigh risks and benefits, when we have institutional control of information, not patient control?
Share this:
Like this: