CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

Posted on January 28, 2017 by Alison Knight • 3 Comments

But how exactly does EU law achieve the weighing of competing legitimate interests and rights in a data protection law context? I’ve previously written (here) about the concept of legitimate interest under data protection law and how it has captured the attention of data protection agencies, as well as the EU institutions in informing the … Continue reading →

Access to data / consent / content data / Data protection / Data retention / metadata / Privacy

The proposed ePrivacy Regulation: When the EC converses with the CJEU…

Posted on January 12, 2017 by Sophie Stalla-Bourdillon • 4 Comments

So, 2017 is full of promises! One of them is the proposed ePrivacy Regulation (officially, ‘Regulation on Privacy and Electronic Communications’) that the European Commission (EC) has suggested should replace the existing, old fashioned ePrivacy Directive (Directive 2002/58/EC on Privacy and Electronic Communications). The proposed ePrivacy Regulation – which would represent a signficant evolution in … Continue reading →

Access to data / content data / Data protection / Data retention / Internet intermediaries / ISPs / mass surveillance / metadata / national security

The CJEU in Tele2 Sverige: are general(ised) data retention obligations incompatible with EU law?

Posted on January 4, 2017 by Sophie Stalla-Bourdillon • 6 Comments

Christmas was particularly festive for privacy advocates with the Court of Justice of the European Union (CJEU) judgement in the joint cases C‑203/15 Tele2 Sverige AB v Postoch telestyrelsen and C‑698/15 Secretary of State for the Home Department v Secretary of State for the Home Department and the leak of the European Commission’s upgraded version … Continue reading →

Access to data / anonymisation / Data protection / Data transfer / de-identification / General Data Protection Regulation / pseudonymisation / Risk-based approach

A call for a common techno-legal language to speak about anonymisation, pseudonymisation, de-identification… Could this be one of the biggest challenges brought about by the GDPR?

Posted on November 9, 2016 by Sophie Stalla-Bourdillon • 1 Comment

The General Data Protection Regulation (GDPR) will be applicable in less than two years and lawyers as well as others are trying to grapple with definitional issues. The graduated approach that would have meant alleviating the regime of certain categories of data such as pseudonymised data (e.g. by eliminating the need to comply with … Continue reading →

anonymisation / consent / Data protection / Data retention / Personal data / Risk-based approach

CJEU in Breyer: Dynamic IP addresses will (very?) often be personal data and German Law is too restrictive! Okay but how shall we care about voluntary and systematic retention of logs?

Posted on October 19, 2016 by Sophie Stalla-Bourdillon • 4 Comments

And here is delivered by the Court of Justice of the European Union (CJEU) another landmark judgment: C‑582/14 Breyer v Bundesrepublik Deutschland concerning the proper characterisation of IP addresses and the compatibility of German national law with Article 7(f) of the Data Protection Directive (DPD). The judgement is not available in English yet, but … Continue reading →

Access to data / Data protection / IP Bill / mass surveillance / metadata / national security / Surveillance / terrorism

The IPT in Privacy International v Secretary of State for Foreign and Commonwealth Affairs: Is it saying the IPB should be welcome?

Posted on October 18, 2016 by Sophie Stalla-Bourdillon • 3 Comments

The investigatory Powers Tribunal (IPT) delivered its judgment yesterday in the case Privacy International v. Secretary of State for Foreign and Commonwealth Affairs et al. The skeleton arguments for the claimants and respondents can be accessed here. In a nutshell and as recalled by para. 3 of the judgement: “The proceedings were brought on 5th June … Continue reading →

anonymisation / big data / Data protection / General Data Protection Regulation / ICO / Personal data / Privacy / pseudonymisation / research / Risk-based approach / sensitive data

The First-Tier Tribunal and the anonymisation of clinical trial data: a reasoned expression of Englishness…. which would have to be abandoned with the GDPR?

Posted on September 19, 2016 by Sophie Stalla-Bourdillon • 1 Comment

The Queen Mary University of London v (1) The Information Commissioner and (2) Alem Matthees, EA/2015/0269 case decided by the First-Tier Tribunal (Information Rights) (FTT(IR)) on 12 August 2016 is a fascinating decision. [Could it be a stylish expression of Englishness…. or otherness?] The case-facts concern a freedom of information request for clinical trial patient data … Continue reading →

Data protection / Intelligence and security agencies / Law enforcement / Privacy policies

New UK Decisions on the Data Protection Implications of Information Sharing with Law Enforcement

Posted on September 2, 2016 by Alison Knight • Leave a comment

Compliance with governmental requests for information raise a minefield of different laws, but data protection/privacy rights hold special pitfalls Determining when the sharing of personal data is legal can be a complicated exercise. Yet, the impetus for governmental agencies to collect and share more and more information is at an unprecedented high. In the EU, … Continue reading →

Brexit / Data protection / Data transfer / Jurisdiction / safe harbour

EU Approves ‘Privacy Shield’ Safe Framework for Trans-Atlantic Personal Data Transfers

Posted on July 11, 2016 by Alison Knight • Leave a comment

Privacy shields doubling as privacy swords? … While “the best defence” may also make a “good offence” (or, “offense”, as our US counterparts would call it), first you need to be confident that your defence strategy works! Last Friday, a statement was made by EU Vice-President Ansip and Justice Commissioner Vera Jourová announcing the adoption … Continue reading →

anonymisation / Brexit / Data protection / Data transfer / digital identity / e-government / eIDAS / General Data Protection Regulation / safe harbour

eIDAS applies from 1 July 2016: An EU dream come true after a Brexit nightmare?

Posted on June 30, 2016 by Sophie Stalla-Bourdillon • 1 Comment

Six days after the results of the UK Brexit referendum and it is still very hard to go back to a “normal” life, especially while remaining an EU citizen living in the UK. One of the most upsetting things of the referendum, at least for lawyer, is its nonsense. This holds true in particular … Continue reading →

Peep Beep!

Peep Beep! (the clock that rings when they peep in!) is a blog dedicated to privacy and information law. #law #privacy #dataprotection #AI #informationsecurity. Interested in contributing? Email peepbeepteam at gmail dot com.

Category Archives: Data protection

CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

Like this:

The CJEU in Tele2 Sverige: are general(ised) data retention obligations incompatible with EU law?

Like this:

The IPT in Privacy International v Secretary of State for Foreign and Commonwealth Affairs: Is it saying the IPB should be welcome?

Like this:

New UK Decisions on the Data Protection Implications of Information Sharing with Law Enforcement

Like this:

EU Approves ‘Privacy Shield’ Safe Framework for Trans-Atlantic Personal Data Transfers

Like this:

eIDAS applies from 1 July 2016: An EU dream come true after a Brexit nightmare?

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: