PL&B International E-news, Issue 89

24/09/2009
Tags:
  1. UK ICO approves Hyatt Hotels’ Binding Corporate Rules application
  2. EU Data Protection Supervisor’s annual report addresses privacy issues relevant to all sectors

1. UK ICO approves Hyatt Hotels’ Binding Corporate Rules application

The UK Information Commissioner’s Office (ICO) yesterday announced that it has given the green light to group transfers of personal data within Hyatt Hotels and Resorts Business to 48 countries, some of them outside the European Economic Area. The terms of the authorisation state that he may withdraw it if “any entity” in the company” has contravened or is contravening any of the provisions of their BCR.”

The authorisation for the company’s binding corporate rules programme is encouraging for those in the midst of the application process, as Hyatt’s BCRs are the first ones to be approved under the EU Data Protection authorities’ mutual recognition policy. The UK acted as lead authority and assessed the adequacy of the company’s BCRs. After a set of “simple administrative steps” says Hyatt’s law firm, Linklaters, the  BCRs will be rubber stamped by the other 16 EEA data protection authorities that have agreed with this method. This is evidence that the mutual recognition is working in practice, and should make the process much simpler and less time consuming for future applicants. For Hyatt, which was assisted by Linklaters, it took 12 months from start to finish. This timescale is much quicker than that for the previous applicants, such as Atmel (2009), Accenture (2009), Philips (2007) and GE (2005).

The BCR approval, dated 15 September, can be seen at http://www.ico.gov.uk/

Italy’s policy on Binding Corporate Rules will be explained by a speaker from the Garante, its Data Protection Authority, at the European Privacy Officers Network Roundtable in Rome on October 13th and 14th. For the detailed programme, covering subjects relevant to companies in all sectors in Italy, visit: http://www.privacylaws.com/Documents/EPON/Italy/Italyprogramme.pdf and to register, visit www.privacylaws.com/epon_25 - the programme in Italian for the Garante Roundtable is at http://www.privacylaws.com/Documents/EPON/Italy/garante_agenda.pdf

2. EU Data Protection Supervisor’s annual report addresses privacy issues relevant to all sectors

The EU Data Protection Supervisor, Peter Hustinx, today published his annual report covering his fourth year in office which covers issues beyond the processing of data in Community institutions. For the first time, he addresses access control with iris scanning or fingerprint authentication, monitoring use of the Internet by staff and video surveillance systems, all relevant to companies. He also covers new technologies, such as the “Internet of things”, RFID, cloud computing, DNA sequencing and covers long running issues, such as Passenger Name Records and much more.

The full report is at http://www.edps.europa.eu in English and there are summaries in all Community languages at http://www.edps.europa.eu/EDPSWEB

Employee surveillance across Europe will be covered by Privacy Laws & Business’s conference in Madrid on November 3rd: Employee surveillance in Europe: Balancing privacy rights and management control. Speakers include Data Protection Commissioners and their senior staff from Finland, France, Germany, Italy, Spain and the United Kingdom, plus lawyers and managers from several countries,  Register now online at: www.privacylaws.com/ipon_6.  The early bird discount deadline for the conference in Spain is October 7th.

Click here for further information about subscribing to the international newsletter.

Copyright Privacy Laws & Business 2009 

Comments:

If you would like to comment on this article, please login or register.

Archive

Tag cloud