It may not be ‘all about the money’, but there is some ‘price tag’ often associated with what we do online…. And that’s our data! Updates on the incoming GDPR and the potential implications of the new E-Privacy Regulation dominate EU privacy and data protection discourse currently. Yet, there is another further (and potentially overlapping) … Continue reading
Category Archives: Access to data
Access to data / Data protection / General Data Protection Regulation / Law enforcement / Legitimate interest / Personal data / sensitive data
CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept
But how exactly does EU law achieve the weighing of competing legitimate interests and rights in a data protection law context? I’ve previously written (here) about the concept of legitimate interest under data protection law and how it has captured the attention of data protection agencies, as well as the EU institutions in informing the … Continue reading
The proposed ePrivacy Regulation: When the EC converses with the CJEU…
So, 2017 is full of promises! One of them is the proposed ePrivacy Regulation (officially, ‘Regulation on Privacy and Electronic Communications’) that the European Commission (EC) has suggested should replace the existing, old fashioned ePrivacy Directive (Directive 2002/58/EC on Privacy and Electronic Communications). The proposed ePrivacy Regulation – which would represent a signficant evolution in … Continue reading
Access to data / content data / Data protection / Data retention / Internet intermediaries / ISPs / mass surveillance / metadata / national security
The CJEU in Tele2 Sverige: are general(ised) data retention obligations incompatible with EU law?
Christmas was particularly festive for privacy advocates with the Court of Justice of the European Union (CJEU) judgement in the joint cases C‑203/15 Tele2 Sverige AB v Postoch telestyrelsen and C‑698/15 Secretary of State for the Home Department v Secretary of State for the Home Department and the leak of the European Commission’s upgraded version … Continue reading
Access to data / anonymisation / Data protection / Data transfer / de-identification / General Data Protection Regulation / pseudonymisation / Risk-based approach
A call for a common techno-legal language to speak about anonymisation, pseudonymisation, de-identification… Could this be one of the biggest challenges brought about by the GDPR?
The General Data Protection Regulation (GDPR) will be applicable in less than two years and lawyers as well as others are trying to grapple with definitional issues. The graduated approach that would have meant alleviating the regime of certain categories of data such as pseudonymised data (e.g. by eliminating the need to comply with … Continue reading
Access to data / Data protection / IP Bill / mass surveillance / metadata / national security / Surveillance / terrorism
The IPT in Privacy International v Secretary of State for Foreign and Commonwealth Affairs: Is it saying the IPB should be welcome?
The investigatory Powers Tribunal (IPT) delivered its judgment yesterday in the case Privacy International v. Secretary of State for Foreign and Commonwealth Affairs et al. The skeleton arguments for the claimants and respondents can be accessed here. In a nutshell and as recalled by para. 3 of the judgement: “The proceedings were brought on 5th June … Continue reading
Access to data / Breach notification / Data protection / Data retention / General Data Protection Regulation / Law enforcement / Personal data / Privacy / Privacy impact assessment / Surveillance
Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?
Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading
Access to data / content data / Data protection / Data retention / deep packet inspection / ISPs / Law enforcement / metadata / Personal data / Privacy / Surveillance
The Draft IP Bill and data retention obligations: on the irony of the invalidation of the Data Retention Directive
The Draft Investigatory Powers (IP) Bill was published on the 4th of November. It aims to “govern the use and oversight of investigatory powers by law enforcement and the security and intelligence agencies” in the UK. It is an attempt both to simplify the legal framework and legalise practices, which means it is, in part, … Continue reading
What if the French constitutional judges had read the Davis Judgement? Would we be living in a better world?
The French Constitutional Court (Conseil Constitutionnel) issued its decision n°2015-713 DC on the recently adopted Law on intelligence on 23 July 2015. Reading its decision after having read the Davis judgment of the English High Court, one wonders whether legal syllogism has suddenly been replaced by useless tautology. The newly adopted law on intelligence is … Continue reading
The (EU Parliament) Legal Service’s opinion on the impact of the invalidity of the data retention Directive…. Is the wind starting to blow?
On 8 January, the legal service of the European Parliament released an opinion, the purpose of which was to answer 9 questions posed by its LIBE Committee (Civil Liberties, Justice and Home affairs), as regards the effect of the judgment of CJEU in the landmark Digital Ireland (DRI) case of 8 April 2014 on the … Continue reading