big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading

Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data

ICO Requests Feedback on New Data Protection Profiling Provisions

If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading

Data protection / Internet intermediaries / liability / Privacy

Data Protection & Intermediary liability: how do the French do it?

While the scope of intermediary liability exemptions is being discussed in several places around Europe (and beyond), it is interesting to go back to the Overblog legal saga, which a few years ago had been described by some as pre-announcing other popular sagas, such as the infamous Google Spain case (discussed in a previous post … Continue reading

Access to data / Consumer law / content data / content regulation / Data protection / Personal data

Data Protection Concerns raised by Proposed EU Directive on Contracts for Supply of Digital Content

It may not be ‘all about the money’, but there is some ‘price tag’ often associated with what we do online…. And that’s our data! Updates on the incoming GDPR and the potential implications of the new E-Privacy Regulation dominate EU privacy and data protection discourse currently. Yet, there is another further (and potentially overlapping) … Continue reading

content regulation / Copyright / Data protection / General Data Protection Regulation / immunities / Internet intermediaries / ISPs / Right to be forgotten

The GDPR, the proposed Copyright Directive and intermediary liability: one more time!

A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading

Access to data / Data protection / General Data Protection Regulation / Law enforcement / Legitimate interest / Personal data / sensitive data

CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

But how exactly does EU law achieve the weighing of competing legitimate interests and rights in a data protection law context? I’ve previously written (here) about the concept of legitimate interest under data protection law and how it has captured the attention of data protection agencies, as well as the EU institutions in informing the … Continue reading