Privacy and data protection


For the European Union, the Indian draft data protection bill raises several concerns.   As detailed in a written submission to the Indian Ministry of Electronics and Information Technology (MeitY), the main issues for the EU concern the level of discretion on key matters given to the government and the DPA, the independence of the DPA, the exemptions from data protection safeguards provided to law enforcement authorities, and the introduction of data localization requirements.

According to Telecompaper, EU telecom ministers will not vote on the ePrivacy reform at their next meeting in December. Due to divides between member states on key provisions of this legislative text and calls from the industry to delay its adoption process, it appears now unlikely that this regulation will be concluded before the next European elections in 2019. In parallel, a number of NGOs are urging the Austrian Presidency of the Council of the European Union to take action towards ensuring the finalisation of the e-Privacy reform.

The Spanish Senate recently approved a draft law in order to implement at the national level certain provisions of the EU’s GDPR. Certain provisions have triggered strong reactions from civil society groups, in particular regarding an amendment giving the possibility to political groups to "use personal data obtained from web pages and other publicly accessible sources to carry out political activities" before elections.

As reported by The Guardian, Amazon suffered a major data breach, days before Black Friday, causing customer names and email addresses to be disclosed on its website. Amazon has indicated the issue has been fixed and customers who could be impacted have been informed.

In the view of the permeability of algorithmic technics and automated data processing in all aspects of the contemporary life, the Committee of Ministers of the CoE has drafted recommendation to member states to evaluate the impacts of the application of algorithmic systems in public and private spheres on the exercise of human rights and fundamental freedoms. The document outlines that the misuse of algorithmic systems can jeopardise the rights to privacy, freedom of expression and prohibition of discrimination provided by the European Convention for the Protection of Human Rights and Fundamental Freedoms. Although public and private sector initiatives to develop ethical guidelines for the design, development and deployment of algorithmic systems are welcome, they do not substitute the duty of member States to guarantee that human rights obligation are embedded into all steps of their algorithmic operations. In addition, member States should ensure appropriated regulatory frameworks to promote human rights-respecting technological innovation by all actors. The guidelines for States on actions to address the use of algorithmic system include data quality and modelling standards; principles of transparency and contestability; provision of effective judicial and non-judicial remedies to review algorithmic decisions; the implementation of precautionary measures to maintain control over the use of algorithmic systems; and empowerment through research and public awareness. The document also engages responsibilities for private actors that member States should ensure, including guidelines on data quality and modelling.  ​

Facebook announced it would dispute the financial penalty which had been imposed by the Information Commissioner’s Office in the UK on the company for its role in the Cambridge Analytica scandal. Facebook indicated it would appeal against this fine of £500,000, because this decision “challenges some of the basic principles of how people should be allowed to share information online”.




The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top