This week the Court of Justice of the European Union (‘CJEU’) heard a case that could destabilise data flows between the US and EU under the EU-US Safe Harbor Decision. In Schrems v Data Protection Commissioner(C-362/14), the same court that last year approved the “right to be forgotten” online heard evidence about the adequacy of … Continue Reading
A Stored Communications Act (SCA) search warrant case arising out of a New York federal narcotics trafficking investigation is being closely watched by EU data protection authorities, privacy advocates, multinational internet service providers, and law enforcement, among others, as the parties pursue an expedited appeal to the Second Circuit Court of Appeals. Captioned In re Search … Continue Reading
On July 17th, the Data Retention and Investigatory Powers Act (DRIPA) came into effect in the United Kingdom reinstating the Government’s powers to require communication providers to retain traffic data (also known as metadata) and enabling the Government to serve warrants to intercept communications data on companies outside of the United Kingdom to the extent … Continue Reading
By Larry Cohen and Gail Crawford While the popular press has been full of stories about the European Court of Justice’s (“ECJ”) ruling creating a “right to be forgotten” (ahead of the still pending Data Protection Regulation), we will focus on both the ruling as well as the specific questions referred to the ECJ that … Continue Reading
Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation. The reports runs to over 200 pages and contains over 350 separate amendments. Since the original draft regulation was … Continue Reading
By Tess Waldron As has been widely reported, on 6 November 2012 the ICO fined Prudential £50,000 for what was described by the ICO’s head of enforcement, Stephen Eckersley, as a case that “would be considered farcical were it not for the serious sums of money involved”. The breach originally occurred in 2007, when the … Continue Reading
The pressure on companies to adapt to stronger privacy regulation and enforcement in the EU increased this week, following the release of a letter to Google on behalf of 30 European data-protection commissioners. On October 16, 2012, the Article 29 Data Protection Working Party publicly disclosed the correspondence it sent simultaneously to Google following the … Continue Reading
Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications … Continue Reading
An August 2 webcast on Compliance and Enforcement in the Hospitality Industry looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading
With data breaches and the new cookies rules never far from the press or industry agendas, and with a new European framework on the horizon, the past year has been a busy one for the Information Commissioner’s Office (ICO). Its Annual Report for 2011/12, along with a companion webcast, reflect this changing privacy landscape. Both offer … Continue Reading
By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading
The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading
By Gail Crawford, Amy Taylor, and Ben Wright The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action. Over the course of the 12-month grace period, we have seen guidance released from, amongst others, … Continue Reading
The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter. The proposal now moves to the European Parliament and to the Council representing … Continue Reading
The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From … Continue Reading
Viviane Reding, the European Commission Vice President in charge of the reform of the European privacy law, has received negative opinions from a handful of Directorates-General in the European Commission on an internal draft of the General Data Protection Regulation. As a consequence, the draft will not be ready for the official publication that was … Continue Reading
A recent draft of the new European Data Protection Framework has leaked from the European Commission. It is still subject to internal discussions between the different Commissioners and Directorates-General, but is likely to be reasonably close to the official Commission draft expected to be published by the end of January 2012. According to the draft … Continue Reading
The European Court of Justice (ECJ) is challenging national legislators in the European Union who introduced privacy laws stricter than those provided for by the European Data Protection Directive (95/46/EC). In a decision issued on November 24, 2011, the ECJ declared a provision in the Spanish Organic Law 15/1999 invalid because it imposes additional requirements for … Continue Reading
European Union Justice Commissioner Viviane Reding has confirmed that we can expect to see a draft of the eagerly awaited new Data Privacy Directive in January. The new rules are likely to significantly strengthen the rights of individuals. According to a press release issued jointly last week by Reding and Germany’s Federal Minister for Consumer Protection, Isle … Continue Reading
Our May 26, 2011 blog post on the new European cookies rules introduced by the revised E-Privacy Directive marked the deadline for EEA Member States to implement the Directive into national law. As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in … Continue Reading
On August 3, 2011, the German Parliament received a new Bill from the Federal Council of German States (Bundesrat) proposing a revision of the German Telemedia Act (Telemediengesetz). As part of the revision, the Bill proposes to transform the cookie consent requirement of the revised European E-Privacy Directive. While it is doubtful that the Federal … Continue Reading
A series of recent rulings by the Swiss Courts have raised the bar for data processing justification under Swiss law. Whilst Switzerland is not part of the European Economic Area, and is therefore not subject to the European Data Protection Directive, its data privacy rules contain a number of similar, or at least recognisable, principles. … Continue Reading
The UK’s data privacy regulator, the Information Commissioner’s Office (ICO) has recently issued further statutory guidance on its powers to impose monetary penalties. This guidance builds on an earlier statutory guidance note issued by the ICO back in January 2010, by providing greater clarification on the key factors in the ICO decision process when imposing … Continue Reading
On 16 May 2011, the European Commission’s Article 29 Working Party released their latest Opinion on the status of geolocation data for the purposes of European privacy rules. Though not strictly binding on EEA Member States or businesses operating within Europe, the Working Party’s Opinions are highly influential and certainly set the scene for changes … Continue Reading
