CIPL, TRUSTe, IAF, IIS Workshop: Building a Dependable Framework for Privacy, Innovation and Cross-Border Data Flows in the Asia-Pacific Region (22 February 2016, Lima, Peru).
CIPL, TRUSTe, IAF, and IIS are holding a one day workshop on 22 February 2016 in Lima, Peru, on the margins of the APEC meetings to be held that week. This interactive workshop will focus on the APEC Cross-Broder Privacy Rules.
Link to the invitation.
Description from the Hunton & Williams privacy blog.
by Pablo A. Palazzi
It has been a busy year in Argentina for Privacy and Data Protection practitioners.
On February 2015 the Data Protection Agency (DPA) of Argentina enacted a new regulation for sanctions (DNPDP n. 9/2015). This new regulation aimed at including new sanctions for the do not call registry regulation.
Also on February 2015 the DPA issued a regulation (DNPDP n. 10/2015) for CCTV surveillance for security purposes.
On April 2015, Allende & Brea hosted the first Knowledgnet Meeting of the Argentine chapter in Buenos Aires.
On April the DPA also started to send Enforcement Notices of the Do not call law to local companies.
On April the DPA also issued a Regulation (DNPDP n. 18/2015) about mobile Apps, the first of its kind in Latin America. It is a long list of recommendations for app producers, including privacy by design and privacay by default rules.
On May 2015 the DPA issued a new regulation (DNPDP n. 20/2015) on Drones and Data protection. As far as I know it is the first of its kind in the world. The WP29 issued its opinion on drones in June 2015.
During 2015 the DPA also finished implementing the Do not Call law enacted in the year 2014, and started to impose some sanctions. The number of individuals registered and complaints are escalating fast. Also the number of companies with fines.
On September 2015 a labour court issued a ruling declaring illegal the use of geolocation tools included in the app of the mobile phones provided to the workers by a company.
With Paula Vargas three more meetings were organized during the year with IAPP sponsorship with a huge assistance of practitioners. We did an event for the Schrems case, another event for the Mobile apps regulation.
Finally at the end of the year the former commisioner Juan Cruz Gonzalez Allonca step out and the new government is looking to name a new director of data protection for Argentina. We will have news soon in this blog.
Pablo Palazzi is a partner in Allende & Brea specialized in IT and IP law. He is co chair of the IAPP Knowledge Net Buenos Aires and founder of the Latin America Data Protection Law Review.
A sign that data protection law is growing in the region is the proliferation of DP law courses in Latin American Universities.
This year there are already two important courses in schools of law of two leading universities:
Nelson Remolina data protection course in Universidad de los Andes, Bogotá, Colombia (3rd edition in 2016).
María Veronica Perez Asinari and Pablo Palazzi, Data Protection Course in Universidad de San Andrés, Buenos Aires, Argentina (2nd edition in 2016).
A good sense on how data protection is becoming more and more important is the fact that this year both INTA and ASIPI have new committees on data protection in their organization.
At INTA, the Data Protection committee has three sub-committees: Enforcement (in the context of data protection); Training and Awareness and Best Practices. The core Mission is to analyze major global trends in privacy and data security regulations, laws and cases to provide data protection best practices to enhance and preserve brand value, and develop and advocate related policies to maintain strong trademark rights.
International development in Privacy and Human Rights
Alexandrine Pirlot de Corbion, Advocacy Officer from Privacy International, will be presenting at San Andres University next Thursday December 3 2015 at 930 am
Place: San Andres University (downtown campus).
In the last three years, starting with the Snowden’s revelations and related political fallout that followed; there has been a great momentum to put the right to privacy on the agenda of various forums at the regional and international level. This has been illustrated by the various resolutions reports by UN human rights independent experts and by the UN main political bodies including the UN General Assembly, the Human Rights Council and Human Rights Committee on the right to privacy, and in particular as to how it relates to its definitions within Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights. Other forums at the regional and international level have been exploring related topics encryption, anonymity, export control of surveillance technologies, data protection, data exploitation, big data, cyber security, and counter-terrorism. To leverage this momentum, PI has been engaging through various mechanisms in many of these debates in order to ensure that policies and regulations being developed reflect the local realities. PI has thus been working to articulate legal, policy and technological standards and principles to guide research, policy engagement and calls for reform on the right to privacy and related topics, in particular as it relates to the global south, data exploitation and communications surveillance. This session will outline the main discussions taking place at the international level on the right to privacy and related topics, present some of the challenges and opportunities and conclude with suggestion for avenues for research and policy engagement.
Alexandrine is a Programme Lead and Advocacy Officer at Privacy International working across the organisation and the PI network on privacy related issues with a particular focus on communications surveillance with the aim of engaging in advocacy activities at the national, region and international level and carrying out related thematic research. Additionally, she coordinates the PI’s work with its International Network across Africa Asia and Latin America. Before joining PI, she was engaged in research and advocacy on issues relating to human rights, irregular migration, Security Sector Reform, gender, conflict management and human security. Alexandrine graduated from the University of Birmingham with an MSc in Conflict Security and Development following an LLM in International Law at the University of Westminster.
Argentina´s DPA has imposed the first sanctions based on the do not call registry law. More information in this blog about the cases soon.
Argentina Supreme Court issued a ruling requiring state-controlled oil company YPF to fully disclose the agreement it signed with U.S.-based Chevron Corp. for the development of the giant Vaca Muerta shale formation. The agreement between YPF and Chevron called for $1.24 billion in investment in an initial pilot phase and $1.6 billion in the second phase.
The FOI claim was filed by opposition Senator Hector Ruben Giustiniani after YPF refused to answer his questions about the contract with Chevron, particularly in regard to the potential environmental impact of the project. It was based on the FOI Regulation and the Public Access to Environmental Information Law.
The company refused to disclosed the agreement stating generically that it contained trade secrets. It also argued that it was a private company not subject to the FOI Regulation.
The Supreme Court concluded that:
– The imprecise and generic affirmations formulated by YPF SA were not sufficient to hold as proven that the release of the content of the accord might compromise industrial, technical and scientific secrets.
– YPF may be a private company but it is owned and controlled by the State.
– Freedom of information is “a fundamental human right” that implies the protection of “access to information under the control of the state.
This is another case in a long list of cases this Court has issued in matters of FOI law.
Since November 9 2015 it is possible to register databases containing personal data in the DPA of Colombia (See Circular n. 2 0f 2015 of the Superintendency of Commerce). The registry is already available online.
The Municipality of San Isidro, in Lima (Perú) has issued an ordinance related to drones. The regulation was enacted for the purpose of protecting privacy and integrity of the citizens of San Isidro. The fines will be of Soles 1900 (580 U$S). Only adults can pilot a drone, or kids with an adult present. Drones are only allowed in public open spaces but not on residential zones.
See here for more information in Spanish.
The Ministry of Justice of Brazil has introduced a new Data Protection Bill. The Bill has significant and important changes in relation with the previous Draft Data Protection Bill reported at the beginning of this year.
Final version of the Bill (PDF).
See links here.