Data protection / data protection agencies / Privacy / safe harbour

DPAs or national supervisory authorities and the CJEU in Schrems: what does it mean to “engage in legal proceedings”?

The CJEU has definitely been very bold in its recent decision in Schrems v Data Protection Commissioner. While the judgement of the CJEU is more convincing than the opinion of the Advocate General (see my posts here and here), it is obviously not perfect. [But I wonder, perhaps naively: shouldn’t the CJEU’s decision be seen … Continue reading

Data protection / Internet intermediaries / Privacy / Surveillance

Weber, DRI and Schrems: so what are “measures of mass surveillance”? And what should we do with them? A tale of 2 Courts

While the Court of Justice of the European Union (CJEU) in its recent judgment Schrems v Data Protection Commissioner (discussed here), does not mention the words “measures of mass surveillance” it states that it is concerned about measures “authoris[ing], on a generalised basis, storage of all the personal data of all the persons”. By way … Continue reading

Data protection / Privacy / safe harbour / Surveillance

AG Bot on Schrems v DP Commissioner: does the EU Charter of Fundamental Rights really go beyond the ECHR?

Advocate General (AG) Bot delivered his awaited opinion on 23 September 2015 in the case C-362/14 Maximillian Schrems v Data Protection Commissioner. As readers might remember (see my previous post here), the Irish High Court had made a reference for a preliminary ruling back in 2014. [For background, talented Austrian Facebook user, Maximillian Schrems complained … Continue reading

Data protection / drones / Privacy / Privacy impact assessment

Opinion on drones released by EU Data Protection Working Party

“Technology is neither good nor bad; nor is it neutral” – How far might future usage of drone technology affect the very fabric of the societies in which we live? The Article 29 EU Working Party (WP) has issued an Opinion about the data protection and privacy implications of utilising unmanned aerial systems (“drones”). This … Continue reading

Data protection / Privacy / Surveillance

The new judgement of the UK Supreme Court on the scope of Article 8 ECHR or why Lord Kerr is right…

In its recent judgement of 1 July 2015 In the matter of an application by JR38 for Judicial Review (Norther Ireland) [2015] UKSC 42, the UK Supreme Court held that the publication of photographs of a minor (just about 14 years old at the time of publication) suspected of involvement in criminal activities did not … Continue reading

damages / Privacy

A breach of the right to privacy justifies an award of damages for the act of misusing private information ‘per se’, says English High Court in phone-hacking decision

Are ‘the times a-changin’’ for the future of English privacy claims? UK privacy law is a slow-evolving story. Most of its principles have developed from case law since the Millennium, yet awards of damages by the courts in compensation for harm suffered as a consequence of privacy infringements (such as for distress and loss of … Continue reading

Internet intermediaries / Privacy

Facebook misued private information of convicted sex offender in not removing threatening posts containing his personal information, despite not receiving their web addresses

Facebook “has considerable resources at its disposal and does not require to have spelled out to it on each occasion with inappropriate precision the particular laws of the UK which are in issue and which are being contravened” – Ouch! The High Court of Justice in Northern Ireland recently held that Facebook Ireland misused the … Continue reading

Data protection / Internet intermediaries / Privacy / Right to be forgotten

Google: a data controller as well as an intermediary service provider? Does this make sense? Who cares?

So everyone knows it, Google is polymorphous. It has experienced many different forms: mere facilitator, publisher, hosting provider, caching provider… The latest legal label stuck on its mutant forehead is that of “data controller” and this has been done quite “noisily” by the Court of Justice of the European Union (CJEU) in its Google Spain … Continue reading

anonymisation / big data / Data protection / Privacy / pseudonymisation

The Council of the EU and the proposed Genaral Data Protection Regulation… And what about pseudonymous data?

NGOs (non-governmental organisations) have been doing a good job recently in trying to explain where things stand in the process of re-drafting [and maybe one day adopting] the General Data Protection Regulation (GDPR). You might remember that on 25 January 2012, the European Commission released a Proposed Revised Data Protection Legislative Framework, including the GDPR. … Continue reading