Attention: tentative d’escroquerie – enquêtes de la CNPD

Plusieurs acteurs ont informé la CNPD d’avoir été contactés par des sociétés privées offrant des services de conseil et d’audit en matière de protection des données, en indiquant que ces services se feraient prétendument sous le mandat ou pour le compte de la CNPD.

Afin d’éviter des accidents nous avons publié une note sur notre site internet :

–          (FR) https://cnpd.public.lu/fr/actualites/national/2018/November2018/enquetes-cnpd-escroquerie.html

–          (EN) https://cnpd.public.lu/en/actualites/national/2018/November2018/enquetes-cnpd-escroquerie.html

N’hésitez pas à partager ce message si vous l’estimez utile.

Journée Mondiale de la Normalisation 2018 au Grand-Duché de Luxembourg

Le 12 octobre dernier s’est déroulée à Belval la Journée Mondiale de la Normalisation 2018 au Grand-Duché de Luxembourg : https://portail-qualite.public.lu/fr/actualites/normes-normalisation/2018/journee-mondiale-normalisation-2018-luxembourg.html.

Blockchain : first CNIL’s analysis

The CNIL published a paper (in French) discussing the intersection between the Distributed Ledger Technology (blockchain) and General Data Protection Regulation. (link)

Events in Luxembourg

La 49ème Journée Mondiale de la Normalisation : l’ILNAS et l’Université du Luxembourg présenteront notamment un nouveau White Paper « Data Protection and Privacy in Smart ICT », développé avec le support du Ministère de l’Economie (https://portail-qualite.public.lu/fr/actualites/normes-normalisation/2018/Save-the-Date-Journee-Mondiale-de-la-Normalisation-2018.html)

La Cyber Security Week : https://www.cybersecurityweek.lu/events/

Legal News

Nouvel article 261-1 du code du travail:  http://paperjam.lu/news/des-changements-dans-la-surveillance-au-travail

Loi du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et mise en oeuvre du règlement (UE) : http://legilux.public.lu/eli/etat/leg/loi/2018/08/01/a686/jo

Last News (30/05/2018)

Corrigendum GDPR :

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2018.127.01.0002.01.ENG&toc=OJ:L:2018:127:TOC

WP29 elects new chairwoman :

https://iapp.org/news/a/andrea-jelinek-elected-new-wp29-chair/?mkt_tok=eyJpIjoiTm1RMFl6aGhPV0psWXpjNCIsInQiOiJlUHdia0JVcHRhNGs1RUNHa1ZCSTQxeTJVVXBJXC9mREZyTHhRZFA5c2tkWjlBOWJ2OFpwaXcxSTVETXBkbG5IR1BvQ1RLNDFDXC9zZE8rNW80RjNEdGRnMWU5RUJ3N0gyTlVjOEpBNDg4MjUrT09JTjlHakQ2YWNcL3pmZk1MN0pSOSJ9

Le RGPD vu comme une belle opportunité :

http://paperjam.lu/news/le-rgpd-vu-comme-une-belle-opportunite?utm_medium=email&utm_campaign=12-02-2018-soir&utm_source=Email%20Marketing%20Software

Séances d’information CNPD 18-10-2017 & 19-10-2017

Les présentations sont en ligne:   / The presentations are online: https://cnpd.public.lu/fr/actualites/national/2017/10/seances-info-GDPR.html Article 29 Working Party Guidelines On October 18, the Article 29 Working Party released its draft of “Guidelines on Personal data breach notification under Regulation 2016/679”and  “ Guidelines on Automated individual decision-making and Profiling for the Purpose of Regulation 2016/679”. The guidelines are not final yet and stakeholders may comment on these guidelines until November 28.

Lignes directrices du groupe de travail «Article 29» Le 18 octobre, le groupe de travail «Article 29» a publié son projet de «Directives sur la notification des violations de données personnelles conformément au règlement 2016/679» et «Lignes directrices sur la prise de décision individuelle automatisée et le profilage aux fins du règlement 2016/679». Les lignes directrices ne sont pas encore finalisées et les intervenants peuvent les commenter  jusqu’au 28 novembre.

Judgment C-73/16 of the European Court of Justice: processing of personal data, tax collection and fight against tax fraud

We would like to inform you on judgment C-73/16 of the Court of justice of the European Union dated 27 September 2017 and pertaining notably to tax collection, tax fraud, the protection of fundamental rights and freedoms, as well as the legitimacy of a processing carried on by authorities in the public interest.

(see: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:62016CJ0073&qid=1506511807587&from=EN)

The judgment can be briefly summarised as follows: believing himself to be a victim of an infringement of his rights relating to personality by the inclusion of his name on a contested list, Mr Pu?kár applied to the Supreme Court of the Slovak Republic by an action followed by an appeal, to order the Finance Directorate, all tax offices under its control and the Financial Administration Criminal Office not to include his name on the contested list or any other similar list and to delete any reference to him from those lists and from the finance authority’s IT system. According to Mr Pu?kár, the Finance Directorate and the Financial Administration Criminal Office have drawn up and are using a contested list of natural persons, which the public authorities refer to by the expression ‘biele kone’ (‘white horses’). That expression is used for persons acting as ‘fronts’ in company director roles.

The Court in particular rules that article 7(e) of the Directive 95/46 must be interpreted as not precluding the processing of personal data by the authorities of a Member State for the purpose of collecting tax and combating tax fraud such as that effected by drawing up of a list of persons such as that at issue in the main proceedings, without the consent of the data subjects, provided that, first, those authorities were invested by the national legislation with tasks carried out in the public interest within the meaning of that article, that the drawing-up of that list and the inclusion on it of the names of the data subjects in fact be adequate and necessary for the attainment of the objectives pursued and that there be sufficient indications to assume that the data subjects are rightly included in that list and, second, that all of the conditions for the lawfulness of that processing of personal data imposed by Directive 95/46 be satisfied.

Conférence de la Chambre de Commerce du Luxembourg

http://www.een-events.com/fit4dataprotection-volet1/Home/Page/66