content regulation / Copyright / Data protection / General Data Protection Regulation / immunities / Internet intermediaries / ISPs / Right to be forgotten

The GDPR, the proposed Copyright Directive and intermediary liability: one more time!

A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading

Data protection / Intelligence and security agencies / Law enforcement / Privacy policies

New UK Decisions on the Data Protection Implications of Information Sharing with Law Enforcement

Compliance with governmental requests for information raise a minefield of different laws, but data protection/privacy rights hold special pitfalls Determining when the sharing of personal data is legal can be a complicated exercise. Yet, the impetus for governmental agencies to collect and share more and more information is at an unprecedented high. In the EU, … Continue reading

consent / Data protection / General Data Protection Regulation / Geo-location data / Personal data

Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance

Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading

anonymisation / big data / Data protection / data protection agencies / European Data Protection Supervisor / General Data Protection Regulation / ICO / Privacy / pseudonymisation / Risk-based approach

The GDPR and the biggest mess of all: why accurate legal definitions really matter….

Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading

Data protection / pseudonymisation / Risk-based approach

Council reaches general agreement on proposed Data Protection Regulation, but disagreements remain in view

‘A single road ahead or cross-roads reached?’ – Is the aim of EU harmonisation of data protection rules disappearing out of sight? On 15 June, the Council of the EU announced that it had agreed a general approach to the draft Regulation on the protection of individuals with regard to the processing of personal data … Continue reading

big data / Data protection

ICO responds to public comments on its approach to Big Data and Data Protection, and sets out its future agenda in this area

Big data may not be a ‘game-changer’ under data protection law, but it does ‘up the stakes’ for data-controller compliance obligations On 6 May, the European Commission published a Communication on a Digital Single Market Strategy for Europe. This sets out various measures to be taken so that “individuals and businesses can seamlessly access and … Continue reading

Data protection / Data retention / Internet intermediaries

ISPs: data controllers as well as mere conduits? Does this make sense? What do we do with the e-privacy Directive if we care?

So here we are, the English Court of Appeal, as it has been explained by Alison in her post, has recently held in the Google v Vidal-Hall case, among other things, that there was a serious issue to be tried that Browser-Generated Information (BGI) is personal data under the Data Protection Act of 1998 (DPA), … Continue reading

Data protection / Internet intermediaries / Privacy / Right to be forgotten

A structured overview of the Article 29 Working Party’s guidelines on the implementation of the right to … alter the structured overview of data-subject information generated by search engines (the so-called ‘right to be forgotten’)

  The Article 29 Data Protection Working Party adopted on 26 November 2014 its guidelines on the implementation of the controversial Court of Justice of the European Union (CJEU) judgment on Google Spain v. AEPD and Costeja (C-131/12). In that case, the CJEU ruled on three questions concerning the interpretation of the Data Protection Directive … Continue reading

Breach notification / Data protection / Privacy / Privacy impact assessment / Security

‘Nothing is agreed until everything is agreed’… but still a new version of Chapter IV of the proposed General Data Protection Regulation has been released!

The Council of the European Union has agreed on a “partial general approach” when reviewing specific aspects of the proposed General Data Protection Regulation (GDPR) in a note issued on the 3rd of October 2014 for publication in the Council Register. In particular, the note contains a revised version of the draft text of Chapter … Continue reading