The Commissioners sent a letter to the three parties contemplating the updated data protection regulations. Among other matters, there's this: "...... *The definition of personal data should therefore take into account the situation in which people can be “singled out” on the basis of identifiers or other information and could subsequently be treated differently. This definition should also take into account the recent CJEU rulings considering why and to what extent IP addresses and other online identifiers are as a general rule to be considered personal data." * The Letter can be found here <http://ec.europa.eu/justice/data-protection/article-29/documentation/other-d...> as well as an attachment to this message. In an Appendix <http://ec.europa.eu/justice/data-protection/article-29/documentation/other-d...> to the letter, they outlined and pronounced on what they see as the core issues; they endorsed the validity of Binding Corporate Rules as mechanisms to manage cross border transfer of personal data, declined to support risk factors as a measure to mitigate data controller's accountability, endorsed MLATs as the gold standard for access to personal data by public authorities as well as new powers for EDPBs to exact penalties. When all is said and done, countries are busy carving out bits and pieces that run counter to the ideals, all in furtherance of the 'national security interests' as they see them. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================