Data retention / Data transfer / Human rights / Law enforcement / safe harbour / Security / Surveillance

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

We’ve heard it before, and we’ll hear it again… ‘How can interference with fundamental EU rights to privacy and personal data protection be justified when it comes to mass-automated data processing?’ In other words, to what extent will the EU Charter of Fundamental Rights keep this international agreement grounded before it can take flight? Earlier … Continue reading

Brexit / Data protection / Data transfer / Jurisdiction / safe harbour

EU Approves ‘Privacy Shield’ Safe Framework for Trans-Atlantic Personal Data Transfers

Privacy shields doubling as privacy swords? … While “the best defence” may also make a “good offence” (or, “offense”, as our US counterparts would call it), first you need to be confident that your defence strategy works! Last Friday, a statement was made by EU Vice-President Ansip and Justice Commissioner Vera Jourová announcing the adoption … Continue reading

Data protection / data protection agencies / safe harbour

EU Commission publishes Legal Texts of New ‘Privacy Shield’ Framework for Trans-Atlantic Data Transfers

…But, will the highly anticipated EU-US ‘Privacy Shield’ live up to its super-hero billing? Last month proved to be a particularly busy time for data protection news. First, the Council of the EU adopted a political agreement on the texts that will form part of the new Data Protection Reform Package. Also hitting headlines was … Continue reading

Data protection / data protection agencies / Privacy / safe harbour

DPAs or national supervisory authorities and the CJEU in Schrems: what does it mean to “engage in legal proceedings”?

The CJEU has definitely been very bold in its recent decision in Schrems v Data Protection Commissioner. While the judgement of the CJEU is more convincing than the opinion of the Advocate General (see my posts here and here), it is obviously not perfect. [But I wonder, perhaps naively: shouldn’t the CJEU’s decision be seen … Continue reading

Data protection / Internet intermediaries / Privacy / Surveillance

Weber, DRI and Schrems: so what are “measures of mass surveillance”? And what should we do with them? A tale of 2 Courts

While the Court of Justice of the European Union (CJEU) in its recent judgment Schrems v Data Protection Commissioner (discussed here), does not mention the words “measures of mass surveillance” it states that it is concerned about measures “authoris[ing], on a generalised basis, storage of all the personal data of all the persons”. By way … Continue reading

Data protection / Law enforcement / terrorism

The European Commission announces that data protection ‘umbrella agreement’ negotiations are concluded

With Schrems and safe harbours in the spotlight, what does the conclusion of a US-EU umbrella agreement actually mean for EU citizens and US-EU relations? With news in Sophie’s recent post here on the recent judgement of the CJEU in Schrems v Data Protection Commissioner, the purpose of this post is to discuss the recent … Continue reading

data protection agencies / Jurisdiction

Sick of hearing about safe harbours? What about Weltimmo?! – CJEU decision raises prospects for companies operating web services across the EU being subject to multiple data protection authorities

How should online businesses determine which data protection laws to comply with, and how should multiple claims to jurisdiction over the national application of data protection laws be resolved? Much has been written in the last week about the ruling of the Court of Justice of the EU (CJEU) in holding that EU Commission Decision … Continue reading

Data protection / Data transfer / safe harbour

The CJEU in Schrems v Data Protection Commissioner: Commission Decision 2000/520 is invalid!

Here we are: less than 2 weeks after the issuance of the opinion of the Advocate General (AG) Bot in the case Schrems v Data Protection Commissioner (see my post here) the Court of Justice of the European Union (CJEU) declared today that the US-EU safe harbour framework was invalid! While this is definitely one … Continue reading

Data protection / Privacy / safe harbour / Surveillance

AG Bot on Schrems v DP Commissioner: does the EU Charter of Fundamental Rights really go beyond the ECHR?

Advocate General (AG) Bot delivered his awaited opinion on 23 September 2015 in the case C-362/14 Maximillian Schrems v Data Protection Commissioner. As readers might remember (see my previous post here), the Irish High Court had made a reference for a preliminary ruling back in 2014. [For background, talented Austrian Facebook user, Maximillian Schrems complained … Continue reading

Biometrics / Data protection / Surveillance

On Willems et al. v Burgemeester van Nuth and the processing of personal data by law enforcement agencies…If only the CJEU had been more prolix….

As explained in an earlier post, the Court of Justice of the European Union (CJEU) issued on 16 April 2015 its preliminary ruling in the case of Willems and Others v Burgemeester van Nuth and Others C-446-12 to C-449/12 (Willems) concerning the interpretation of an EU Regulation (2252/2004, ‘the Regulation’) on standards for security features and biometrics … Continue reading