Data retention / Human rights / Intelligence and security agencies / interception / Jurisdiction / mass surveillance / national security / Security / terrorism

Questions on UK bulk communications data capabilities referred to the EU Court of Justice

The validity of EU Member State legislation to collect and analyse bulk communications (meta)data about us by the security agencies continues to be vexed by questions over the application of EU privacy law requirements The UK Investigatory Powers Tribunal (IPT) has this month referred questions to the EU Court of Justice (CJEU) in a decision … Continue reading

anonymisation / consent / Data protection / Data retention / Personal data / Risk-based approach

CJEU in Breyer: Dynamic IP addresses will (very?) often be personal data and German Law is too restrictive! Okay but how shall we care about voluntary and systematic retention of logs?

  And here is delivered by the Court of Justice of the European Union (CJEU) another landmark judgment: C‑582/14 Breyer v Bundesrepublik Deutschland concerning the proper characterisation of IP addresses and the compatibility of German national law with Article 7(f) of the Data Protection Directive (DPD). The judgement is not available in English yet, but … Continue reading

Data retention / Data transfer / Human rights / Law enforcement / safe harbour / Security / Surveillance

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

We’ve heard it before, and we’ll hear it again… ‘How can interference with fundamental EU rights to privacy and personal data protection be justified when it comes to mass-automated data processing?’ In other words, to what extent will the EU Charter of Fundamental Rights keep this international agreement grounded before it can take flight? Earlier … Continue reading

Data retention / interception / Security / Surveillance

UK Codes of Practice Enacted to Develop Regulation of State Surveillance Powers

Law and policy regarding the capture of communications data continues to dominate the headlines for 2016 The European Data Protection Day, and the equivalent US/Canadian Data Privacy Day, coincided last week on 28 January. Their purpose – this year in the 10th edition of their kind, corresponding to the anniversary of the opening for signature … Continue reading

Access to data / Breach notification / Data protection / Data retention / General Data Protection Regulation / Law enforcement / Personal data / Privacy / Privacy impact assessment / Surveillance

Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?

Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU  the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading