Included in this issue: Release of UK Cyber Security Annual Report; European Commission opens consultation on e-Privacy Directive; EU working party criticises new EU-US data protection shield and more...
Release of UK Cyber Security Annual Report
The UK government has published its final annual report on the UK Cyber Security Strategy, which was introduced in 2011 to help deal with the threat of cyber crime in the UK. By developing the UK's cyber security capabilities, the five year programme aims to make the UK a secure hub for cyberspace.
Whilst it is difficult to measure the success of cyber security, the report states that overall, the UK's cyber security capabilities have improved and the UK has increased its share of the international cyber security market. However, cyber attacks still present a major threat to UK national security and businesses, and the government will be introducing a new strategy this year, raising its investment in cyber security to £1.9bn.
European Commission opens consultation on e-Privacy Directive
In light of technological developments and the incoming General Data Protection Regulation (GDPR), the European Commission has launched a public consultation on the e-Privacy Directive to seek business and stakeholder opinions on potential reform. The Commission hopes to evaluate the performance of the directive, which is aimed at protecting EU citizens' privacy rights and creating an equal playing field for companies in the market.
One issue to explore is whether the e-Privacy Directive should apply to popular social communication apps such as Whatsapp. Currently the Directive, which restricts the use of customer traffic and location data, only applies to traditional telecommunications companies – something which has been dubbed as unfair by telecommunications associations. The consultation also seeks to identify when customers would expected to be asked for consent for processing their personal data. The results of the consultation will help the Commission to draft proposals for privacy reform.
The consultation is open for submissions now and closes on until 5 July 2016.
EU working party criticises new EU-US data protection shield
An EU working party has raised concerns over the new EU-US privacy shield arrangement which will replace the invalidated safe harbour regime. Whilst recognising that the privacy shield is an improvement on the safe harbour regime, the working party stressed that the limits on data collection were still broadly defined, potentially permitting mass data collection. Further, the working party echoed concerns of other privacy advocates by questioning the (lack of) independence of the US data protection ombudsman. The working group highlighted that model clauses could be used for now, pending review once the privacy shield is finalised.
EU parliament approves air passenger data laws
The EU parliament has approved the Passenger Name Records (PNR) Directive, which will force airlines to share personal data of passengers with member states in order to prevent, detect, investigate and prosecute terrorism offences and serious crime.
PNR data for flights entering and leaving the EU will need to be provided by airlines, and member states will also have the power to collect internal EU flight data, upon notifying the EU commissioner. It is expected that the PNR Directive will come into force within the next month, giving member states two years to implement the rules and set up a body to receive airline data. However, the UK already has processes in place and can start collecting data once the Directive is implemented. Airline and travel companies should check their data management processes to ensure they will be able to comply with the new rules.