EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling

“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading →

The proposed ePrivacy Regulation: When the EC converses with the CJEU…

So, 2017 is full of promises! One of them is the proposed ePrivacy Regulation (officially, ‘Regulation on Privacy and Electronic Communications’) that the European Commission (EC) has suggested should replace the existing, old fashioned ePrivacy Directive (Directive 2002/58/EC on Privacy and Electronic Communications). The proposed ePrivacy Regulation – which would represent a signficant evolution in … Continue reading →

The CJEU in Tele2 Sverige: are general(ised) data retention obligations incompatible with EU law?

Christmas was particularly festive for privacy advocates with the Court of Justice of the European Union (CJEU) judgement in the joint cases C‑203/15 Tele2 Sverige AB v Postoch telestyrelsen and C‑698/15 Secretary of State for the Home Department v Secretary of State for the Home Department and the leak of the European Commission’s upgraded version … Continue reading →

The IPT in Privacy International v Secretary of State for Foreign and Commonwealth Affairs: Is it saying the IPB should be welcome?

The investigatory Powers Tribunal (IPT) delivered its judgment yesterday in the case Privacy International v. Secretary of State for Foreign and Commonwealth Affairs et al. The skeleton arguments for the claimants and respondents can be accessed here. In a nutshell and as recalled by para. 3 of the judgement: “The proceedings were brought on 5th June … Continue reading →

Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)

“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading →

The Draft IP Bill and data retention obligations: on the irony of the invalidation of the Data Retention Directive

The Draft Investigatory Powers (IP) Bill was published on the 4th of November. It aims to “govern the use and oversight of investigatory powers by law enforcement and the security and intelligence agencies” in the UK. It is an attempt both to simplify the legal framework and legalise practices, which means it is, in part, … Continue reading →

ICO issues guidance on when and how to remove personal data “safely” from disclosable information to avoid breaching data protection rules

To be identifiable or not to be identifiable – to what extent do our identities merit concealment through law in light of the capabilities of modern technologies? The UK Information Commissioner’s Office (ICO) has recently published guidance on what to do when handling requests for information in respect of which personal data must first be … Continue reading →

Access request for network data granted! A few thoughts on the decision of the Australian Privacy Commissioner in Ben Grubb and Telstra (1 May 2015)

Ben Grubb and Telstra Corporation Limited [2015] AICmr 35 is a fascinating decision – issued on 1 May 2015 by Timothy Pilgrim, the Australian Privacy Commissioner – especially in the light of our recent posts, such as this one concerning Internet Service Providers (ISPs) and their roles as mere conduits and/or data controllers, or that … Continue reading →

What if Commissioners could be heard by the right people? Why DRIPA is getting muddier and muddier…

Just before Christmas, the UK Interception of Communications Commissioner’s Office (IOCCO) published online its submission for the Investigatory Powers Review. It is a 51 p. document full of interesting things. The purpose of this post is to highlight the main points made by the IOCCO with a view to clarifying the debate as regards the … Continue reading →