Global Privacy & Security Compliance Law Blog

Tag Archives: Developments EU

Snowden’s Legacy: Safe Harbor under fire at the CJEU

This week the Court of Justice of the European Union (‘CJEU’) heard a case that could destabilise data flows between the US and EU under the EU-US Safe Harbor Decision. In Schrems v Data Protection Commissioner(C-362/14), the same court that last year approved the “right to be forgotten” online heard evidence about the adequacy of … Continue Reading

Microsoft Stands Up in Court for European Privacy Rights?

A Stored Communications Act (SCA) search warrant case arising out of a New York federal  narcotics trafficking investigation is being closely watched by EU data protection authorities, privacy advocates, multinational internet service providers, and law enforcement, among others, as the  parties pursue an expedited appeal to the Second Circuit Court of Appeals. Captioned In re Search … Continue Reading

Emergency UK Legislation Expands Government Powers to Retain and Intercept Data

On July 17th, the Data Retention and Investigatory Powers Act (DRIPA) came into effect in the United Kingdom reinstating the Government’s powers to require communication providers to retain traffic data (also known as metadata) and enabling the Government to serve warrants to intercept communications data on companies outside of the United Kingdom to the extent … Continue Reading

The “Right to be Forgotten” Landmark Decision: Beyond the Headlines

By Larry Cohen and Gail Crawford While the popular press has been full of stories about the European Court of Justice’s (“ECJ”) ruling creating a “right to be forgotten” (ahead of the still pending Data Protection Regulation), we will focus on both the ruling as well as the specific questions referred to the ECJ that … Continue Reading

Proposed amendments to draft EU Data Privacy Regulation imposes major constraints on processing and export of Personal Data

Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation.  The reports runs to over 200 pages and contains over 350 separate amendments. Since the original draft regulation was … Continue Reading

European data protection authorities urge Google to change its privacy practices

The pressure on companies to adapt to stronger privacy regulation and enforcement in the EU increased this week, following the release of a letter to Google on behalf of 30 European data-protection commissioners. On October 16, 2012, the Article 29 Data Protection Working Party publicly disclosed the correspondence it sent simultaneously to Google following the … Continue Reading

PL&B Annual Conference Review: The Draft EU Regulation, The Need for Proportionality

Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications … Continue Reading

Compliance and Enforcement in the Hospitality Industry Webinar Available

An August 2 webcast on Compliance and Enforcement in the Hospitality Industry  looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading

Insight into the ICO: 2011-12 Annual Report Overview

With data breaches and the new cookies rules never far from the press or industry agendas, and with a new European framework on the horizon, the past year has been a busy one for the Information Commissioner’s Office (ICO). Its Annual Report for 2011/12, along with a companion webcast, reflect this changing privacy landscape. Both offer … Continue Reading

PL&B Annual Conference, Day 2: The Patriot Act, Distinguishing Fact from Fiction?

By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading

CNIL Offers Guidance on Aligning Cloud Services with Data Protection Requirements

The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading

UK Cookie Rules: Are You Compliant?

By Gail Crawford, Amy Taylor, and Ben Wright The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action. Over the course of the 12-month grace period, we have seen guidance released from, amongst others, … Continue Reading

European Commission Adopts Privacy Reform Package

The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter. The proposal now moves to the European Parliament and to the Council representing … Continue Reading

Compromise on Draft European Data Protection Regulation in Reach

The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From … Continue Reading

European Commission Reconsiders Approach to European Privacy Reform

Viviane Reding, the European Commission Vice President in charge of the reform of the European privacy law, has received negative opinions from a handful of Directorates-General in the European Commission on an internal draft of the General Data Protection Regulation. As a consequence, the draft will not be ready for the official publication that was … Continue Reading

First Draft of European Privacy Reform Leaked to the Public

A recent draft of the new European Data Protection Framework has leaked from the European Commission. It is still subject to internal discussions between the different Commissioners and Directorates-General, but is likely to be reasonably close to the official Commission draft expected to be published by the end of January 2012. According to the draft … Continue Reading

European Court of Justice Enforces Strict Harmonization

The European Court of Justice (ECJ) is challenging national legislators in the European Union who introduced privacy laws stricter than those provided for by the European Data Protection Directive (95/46/EC). In a decision issued on November 24, 2011, the ECJ declared a provision in the Spanish Organic Law 15/1999 invalid because it imposes additional requirements for … Continue Reading

New EU Privacy Rules Will Apply to All Online Businesses with EU Customers

European Union Justice Commissioner Viviane Reding has confirmed that we can expect to see a draft of the eagerly awaited new Data Privacy Directive in January. The new rules are likely to significantly strengthen the rights of individuals. According to a press release issued jointly last week by Reding and Germany’s Federal Minister for Consumer Protection, Isle … Continue Reading

After the Deadline: A Status Review of the Implementation of the New European Cookies Rules

Our May 26, 2011 blog post on the new European cookies rules introduced by the revised E-Privacy Directive marked the deadline for EEA Member States to implement the Directive into national law.  As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in … Continue Reading

The German Implementation of the New European Cookies Rules

On August 3, 2011, the German Parliament received a new Bill from the Federal Council of German States (Bundesrat) proposing a revision of the German Telemedia Act (Telemediengesetz).  As part of the revision, the Bill proposes to transform the cookie consent requirement of the revised European E-Privacy Directive. While it is doubtful that the Federal … Continue Reading

Swiss Courts Raise the Bar for Data Processing Justification

A series of recent rulings by the Swiss Courts have raised the bar for data processing justification under Swiss law.  Whilst Switzerland is not part of the European Economic Area, and is therefore not subject to the European Data Protection Directive, its data privacy rules contain a number of similar, or at least recognisable, principles.  … Continue Reading

ICO Issues Further Guidance on its Monetary Penalties Powers

The UK’s data privacy regulator, the Information Commissioner’s Office (ICO) has recently issued further statutory guidance on its powers to impose monetary penalties.  This guidance builds on an earlier statutory guidance note issued by the ICO back in January 2010, by providing greater clarification on the key factors in the ICO decision process when imposing … Continue Reading

Geolocation Data Set to Become ‘Personal Data’

On 16 May 2011, the European Commission’s Article 29 Working Party released their latest Opinion on the status of geolocation data for the purposes of European privacy rules. Though not strictly binding on EEA Member States or businesses operating within Europe, the Working Party’s Opinions are highly influential and certainly set the scene for changes … Continue Reading
LexBlog