Questions on UK bulk communications data capabilities referred to the EU Court of Justice

The validity of EU Member State legislation to collect and analyse bulk communications (meta)data about us by the security agencies continues to be vexed by questions over the application of EU privacy law requirements The UK Investigatory Powers Tribunal (IPT) has this month referred questions to the EU Court of Justice (CJEU) in a decision … Continue reading →

Governments push on with Cybersecurity Law and Policy Initiatives – an Overview so far in 2017

Another day, another massive personal data security breach… but how have law-makers and regulators reacted in developing cyber-security policies so far this year? This week it was reported that Equifax – the US credit bureau – suffered a giant cybersecurity breach this summer compromising the personal information (including names, social security numbers, birth dates, addresses, … Continue reading →

CJEU rules EU-Canada PNR Agreement incompatible with EU Charter rights to privacy and personal data protection

EU data protection/privacy laws continue to keep this international Air Passenger data agreement ‘grounded from taking flight’, but what effect could the decision have on similar data agreements already concluded with the EU? On 26 July, the European Court of Justice (CJEU) declared that the EU-Canada Passenger Name Record (PNR) Agreement is incompatible with EU … Continue reading →

Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law

Exam scripts are personal data, says the AG, when the purpose it is to identify and record the performance of a particular individual; but that doesn’t mean you can go back and change your answers! On 20 July 2017, the EU Court of Justice’s Advocate General (AG) Kokott delivered her opinion in Peter Nowak v … Continue reading →

The GDPR, the parallel regime and the ICO

The General Data Protection Regulation (GDPR) will be applicable in less than a year, and experts are still discussing the extent to which the new regulation will have a significant impact upon the ‘legal basis’ requirement. However, as Bob Miller suggests in this guest blog post, it might not be enough to read and re-read … Continue reading →

On Article 28a and the proposal to extend the AVMSD: is it time to be pessimistic?

The proposal to extend the Audiovisiual Media Services Directive (AVMSD) continues along its legislative path. We are now entering the trilogue negotiations phase, and, after having read the unrelated [at least at first glance] G7 Taormina Statement on the fight against terrorism and violent extremism, I am re-reading  the  text of the Proposal for a … Continue reading →

The politics of online platforms: when AG Szpunar converses with the EC in Elite Taxi v Uber.

Advocate General Szpunar (AG) delivered yesterday his opinion in the highly political and much awaited case C‑434/15 Asociación Profesional Elite Taxi v Uber Systems Spain SL. In a nutshell, the AG was asked to answer four questions concerning two important milestones of the European Union (EU) acquis: the E-commerce Directive of 2000 and the services … Continue reading →