Joint paper of the Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), and the European Data Protection Supervisor (EDPS) on 14 misunderstandings with regard to biometric identification and authentication.

The use of biometric data for identification and authentication purposes is not new but has greatly increased in recent years. Along with its growing popularity, unfortunately, some misconceptions about the technologies involved have become widespread. 
The objective of this document is to raise awareness about some misunderstandings about biometric technologies, and to motivate its readers to check assertions about the technology, rather than accepting them without verification. 

In public health, contact tracing is the process to identify individuals who have been in contact with infected persons. Proximity tracing with smartphone applications and sensors could support contact tracing. It involves processing of sensitive personal data.
What is Contact Tracing?

During epidemics of infectious diseases, such as the Coronavirus disease (COVID-19), it is important to lower the number of new infection cases and to stop it eventually. Therefore the infection chain of onward transmissions must be interrupted. When those persons known to be infected reveal their recent contacts, other infected persons may be identified, informed and e.g. isolated already early on, even before they become aware of their infection. The process to identify contacts of known cases is called contact tracing.
A person becomes a contact of a primary case by e.g. face-to-face contact within a short distance over some time span, physical contact or spending time indoors together–all within the incubation period of e.g. up to 2 weeks for the coronavirus disease.

To establish the risk exposure in contact tracing, information about the distance between the persons and the duration of contact are important. Close contacts with high-risk exposure may then become subject to different rules or treatments.

To read the HTML edition, click the title above.
To read the PDF edition, click the EN button below.

The modern car is a computer on four wheels. Today’s cars are constantly processing and transmitting data about themselves, their surroundings and the people in it – in most of the cases even without the knowledge of the driver. This data is used in navigation, to manage car systems like the engine or to deliver communication and infotainment services to passengers.

Increasingly today, the data generated by the car is shared over the internet with other vehicles, traffic infrastructure and private and public entities. These so-called connected cars belong to the evolving Internet of Things (IoT) - with manifold related risks attached. The growing amount of personal data generated by connected cars raises the interest of insurers, automakers, law enforcement authorities and other third parties.

To read the HTML edition, click the title above.
To read the PDF edition, click the EN button below.

This technology report on smart glasses and data protection aims at clarifying the state of play of smart glasses in the market, official positions on related privacy and data protection issues and future developments.

Avis du CEPD sur la proposition de règlement relatif au renforcement de la sécurité des cartes d’identité des citoyens de l’Union et d’autres documents

The GDPR is an outstanding achievement for the EU, its legislators and stakeholders, but the EU's work to ensure that data protection goes digital is far from finished. The majority of the world population now has access to the internet, while tech giants now represent the six highest valued companies in the world. With this in mind, in 2017 the EDPS issued advice to the legislator on the new ePrivacy Regulation, as well as pursuing his own initiatives relating to the Digital Clearinghouse and Digital Ethics, the latter of which will be the main topic of discussion at the 2018 International Conference of Data Protection and Privacy Commissioners, co-hosted by the EDPS.

Finalising and implementing a revised version of the current legislation governing data protection in the EU institutions and bodies as soon as possible is also a priority, if the EU is to remain a credible and effective leader in the protection of individuals' rights. The EDPS intends to exercise the powers granted to him in the revised Regulation efficiently and responsibly, in order to ensure that the EU's institutions and bodies set an example for the rest of the EU to follow. For this reason, the EDPS has invested a lot of effort in preparing the EU institutions for the new rules and will continue to do so throughout 2018.  

In 2017, the EDPS also contributed to ongoing discussions on the Privacy Shield and on the free flow of data in trade agreements, which will remain on the EU and EDPS agenda throughout 2018. With the fight against terrorism still a pressing concern for the EU, the EDPS continues to advocate the need to find a balance between security and privacy in the processing of personal data by law enforcement authorities. As the new data protection supervisor for Europol, the EU’s police authority, he is determined to ensure that the EU sets an example in achieving this balance.