On 16 May 2011, the European Commission’s Article 29 Working Party released their latest Opinion on the status of geolocation data for the purposes of European privacy rules. Though not strictly binding on EEA Member States or businesses operating within Europe, the Working Party’s Opinions are highly influential and certainly set the scene for changes to come. This latest Opinion confirms the position taken by the European Data Protection Supervisor, that geolocation data should be considered ‘personal data’, and
Location Privacy
March Madness or a Sign of Times to Come? Google’s Proposed Consent Agreement with Federal Trade Commission
Google has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are staggering in scope, breadth and duration, reaching Google’s entire business, not merely online communication products such as Gmail. One interpretation of the (rather amazing) document…
France’s CNIL Announces a Record Fine of €100,000
In a 32-page-long decision adopted on March 17, 2011, the French Data Protection Authority (CNIL) determined that Google Inc.’s collection of data in the course of its Street View application and Latitude service breached the French Data Protection Act No. 78-17. (The CNIL’s English summary of its action is here). Making use of its enforcement and sanction powers, CNIL decided to issue a record fine of €100,000. Google Inc. has now two months to lodge an appeal…
UK Court Casts Doubt on Use of IP Addresses to Identify Individuals
A court in the United Kingdom has cast doubt on whether IP addresses can be used to identify infringement of copyright by a specific individual. In this post, we ask whether this case impacts the generally accepted view in Europe that IP addresses should be treated as personal data under applicable data privacy laws.
The case of Media CAT Limited v Adams & Ors [2011] EWPCC 6 involved allegations that a number of defendants had infringed copyright in pornographic films…
Article 29 Working Party Comments on Applicable Law Highlight the Need for Greater Harmonisation
The processing of personal data in the context of evolving technology and globalisation of commerce has prompted the Article 29 Working Party to take a hard look at the applicable law provisions under the European Data Protection Directive and its implementation by the Member States in its most recent Opinion.
The Working Party believes that the increase in the number of multi-jurisdictional businesses and changes in technology, together with the current inconsistency in approach to the applicable law provisions seen across the Member States, make this a pressing area for review.
Whilst the guidance provides some helpful clarification on the current rules that apply national laws to controllers either (i) “established” in an European country or (ii) that use equipment located in a European country where the controller is not established in any EU territory; what is more interesting is some of the more fundamental changes which are being considered as part of the proposed overhaul of the Data Protection Directive (and how the approach has changed since the views of the Working Party issued in 2002).
There is a suggestion that Europe should return to a country of origin principle, where all establishments of a controller within Europe will apply the law of the territory of the controller’s head quarters or “main” establishment (as opposed to different national laws applying to each establishment that carries out processing depending on the territory in which it is situated). Given the marked differences in implementation of the Directive, enforcement activity and imposition of penalties throughout Europe, without a major harmonisation exercise such an approach could only result in forum shopping and confusion for individuals as to what rights apply.
Commerce Department Speaks on Privacy
Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information Privacy Principles, creation of a privacy office within the Department, and consideration of a national data security breach notification law. The themes are…
FTC Issues Long Anticipated Privacy Report
In a long anticipated report entitled Protecting Consumer Privacy in an Era of Rapid Change, a divided U.S. Federal Trade Commission focused on raising consumer awareness and soliciting industry feedback on online tracking and behavioral advertising. Industry is portrayed as “too slow” to improve privacy practices in this arena. The report proposes a normative framework for how companies should protect consumer privacy, which is designed to serve “as a policy vehicle for approaching privacy.”
While the report solicits industry…