In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
GDPR Two-Year Anniversary: The Right to be forgotten is not absolute – Webinar 9 June 2020
9 June 2020 – Cyber Security Coalition
In their third webinar, the Cyber Security Coalition Privacy Focus Group and Beltug focused on the apparently easy but actually complex ‘right to be forgotten’. In his extremely clear presentation, Peter Van Dyck, Partner at Allen and Overy (Belgium) LLP clarified the basics of this right, illustrated with three cases against Google and five rulings of the Belgian DPA.
Referring to art 17 of the GDPR, Peter Van Dyck pointed out that data subjects have a right, not so much to be completely ‘forgotten’, but for specific personal data to be erased or search results to be dereferenced. And this right is not absolute. A data subject’s request must comply with at least one of the conditions listed in art 17, and companies/organizations can invoke grounds to refuse the request (but DO document why!). He illustrated how three cases against Google at the European Court of Justice have ‘created’ and influenced the ‘right to be forgotten’, including the extent of ‘being forgotten’ and its territorial applicability (Europe yes, worldwide possibly).
Based on five rulings, Peter Van Dyck provided also insight in the interpretation of this right by the Belgian DPA. Its approach at this time is rather more lenient and cooperative, as quite often companies are not fined if they prove to remedy the infringement of this right within e.g. a month. Importantly, he stressed the need for companies/organizations to get their ‘right to be forgotten’-processes right and effective!
For a clear and concise insight in the ‘right to be forgotten’-challenge, do replay this session!
Other blog posts
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.