In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
GDPR Two-Year Anniversary: How to collect consent without creating consent fatigue? – Webinar 4 June 2020
4 juin 2020 – Cyber Security Coalition
The second webinar co-organized by the Cyber Security Coalition Privacy Focus Group and Beltug tackled the issue of “tensions on ‘consent’ under the GDPR”, with some extra attention to cookie-related consent. Prof. Paul De Hert and Mr. Gianclaudio Malgieri (VUB LSTS) provided well-documented insights into the tricky legal areas of ‘consent in the GDPR’, ‘the crisis of consent’ and ‘three tensions on consent’.
Interestingly, consent is straight off stressed to be only as good as the other grounds, and often perhaps not the most appropriate option (e.g., with a view to the data subjects’ rights). And consent cannot be used to ask for personal information that is not strictly necessary for the purpose at hand. Today’s ‘crisis of consent’ impacts both data subjects (fatigue, overload) and controllers/processors (difficult to be compliant, e.g. big data).
The session concluded by discussing three tensions, including some apparent contradictions between GDPR and other directives. The first relates to the demand for unnecessary personal info, between the GDPR (interdiction) and the 2019/770 directive on Digital Content/service. The second puts consent validity in the GDPR versus cookies ‘easy’ consent in e-Privacy. At this point, GDPR stands as the reference law, though more clarification (e.g., by DPA’s) is required. The third ‘tension’ involves consent versus ‘legitimate interest’ in sensitive areas as marketing and research, as well as when vulnerable data subjects are involved.
This is a session that will amply reward an attentive replay, with plenty of food for study.
Nos autres articles
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.