Data retention / Human rights / Intelligence and security agencies / interception / Jurisdiction / mass surveillance / national security / Security / terrorism

Questions on UK bulk communications data capabilities referred to the EU Court of Justice

The validity of EU Member State legislation to collect and analyse bulk communications (meta)data about us by the security agencies continues to be vexed by questions over the application of EU privacy law requirements The UK Investigatory Powers Tribunal (IPT) has this month referred questions to the EU Court of Justice (CJEU) in a decision … Continue reading

Consumer data / Cybersecurity / Internet of Things / national security / Risk-based approach

Governments push on with Cybersecurity Law and Policy Initiatives – an Overview so far in 2017

Another day, another massive personal data security breach… but how have law-makers and regulators reacted in developing cyber-security policies so far this year? This week it was reported that Equifax – the US credit bureau – suffered a giant cybersecurity breach this summer compromising the personal information (including names, social security numbers, birth dates, addresses, … Continue reading

Human rights / mass surveillance / safe harbour / Surveillance

CJEU rules EU-Canada PNR Agreement incompatible with EU Charter rights to privacy and personal data protection

EU data protection/privacy laws continue to keep this international Air Passenger data agreement ‘grounded from taking flight’, but what effect could the decision have on similar data agreements already concluded with the EU? On 26 July, the European Court of Justice (CJEU) declared that the EU-Canada Passenger Name Record (PNR) Agreement is incompatible with EU … Continue reading

Data protection / General Data Protection Regulation / Personal data

Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law

Exam scripts are personal data, says the AG, when the purpose it is to identify and record the performance of a particular individual; but that doesn’t mean you can go back and change your answers! On 20 July 2017, the EU Court of Justice’s Advocate General (AG) Kokott delivered her opinion in Peter Nowak v … Continue reading

big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading

Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data

ICO Requests Feedback on New Data Protection Profiling Provisions

If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading

Access to data / Consumer law / content data / content regulation / Data protection / Personal data

Data Protection Concerns raised by Proposed EU Directive on Contracts for Supply of Digital Content

It may not be ‘all about the money’, but there is some ‘price tag’ often associated with what we do online…. And that’s our data! Updates on the incoming GDPR and the potential implications of the new E-Privacy Regulation dominate EU privacy and data protection discourse currently. Yet, there is another further (and potentially overlapping) … Continue reading