Questions on UK bulk communications data capabilities referred to the EU Court of Justice

Posted on September 20, 2017 by Alison Knight • 1 Comment

The validity of EU Member State legislation to collect and analyse bulk communications (meta)data about us by the security agencies continues to be vexed by questions over the application of EU privacy law requirements The UK Investigatory Powers Tribunal (IPT) has this month referred questions to the EU Court of Justice (CJEU) in a decision … Continue reading →

Access to data / consent / content data / Data protection / Data retention / metadata / Privacy

The proposed ePrivacy Regulation: When the EC converses with the CJEU…

Posted on January 12, 2017 by Sophie Stalla-Bourdillon • 4 Comments

So, 2017 is full of promises! One of them is the proposed ePrivacy Regulation (officially, ‘Regulation on Privacy and Electronic Communications’) that the European Commission (EC) has suggested should replace the existing, old fashioned ePrivacy Directive (Directive 2002/58/EC on Privacy and Electronic Communications). The proposed ePrivacy Regulation – which would represent a signficant evolution in … Continue reading →

Access to data / content data / Data protection / Data retention / Internet intermediaries / ISPs / mass surveillance / metadata / national security

The CJEU in Tele2 Sverige: are general(ised) data retention obligations incompatible with EU law?

Posted on January 4, 2017 by Sophie Stalla-Bourdillon • 6 Comments

Christmas was particularly festive for privacy advocates with the Court of Justice of the European Union (CJEU) judgement in the joint cases C‑203/15 Tele2 Sverige AB v Postoch telestyrelsen and C‑698/15 Secretary of State for the Home Department v Secretary of State for the Home Department and the leak of the European Commission’s upgraded version … Continue reading →

anonymisation / consent / Data protection / Data retention / Personal data / Risk-based approach

CJEU in Breyer: Dynamic IP addresses will (very?) often be personal data and German Law is too restrictive! Okay but how shall we care about voluntary and systematic retention of logs?

Posted on October 19, 2016 by Sophie Stalla-Bourdillon • 4 Comments

And here is delivered by the Court of Justice of the European Union (CJEU) another landmark judgment: C‑582/14 Breyer v Bundesrepublik Deutschland concerning the proper characterisation of IP addresses and the compatibility of German national law with Article 7(f) of the Data Protection Directive (DPD). The judgement is not available in English yet, but … Continue reading →

Data retention / Data transfer / Human rights / Law enforcement / safe harbour / Security / Surveillance

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

Posted on September 19, 2016 by Alison Knight • Leave a comment

We’ve heard it before, and we’ll hear it again… ‘How can interference with fundamental EU rights to privacy and personal data protection be justified when it comes to mass-automated data processing?’ In other words, to what extent will the EU Charter of Fundamental Rights keep this international agreement grounded before it can take flight? Earlier … Continue reading →

Data retention / interception / Security / Surveillance

UK Codes of Practice Enacted to Develop Regulation of State Surveillance Powers

Posted on February 2, 2016 by Alison Knight • Leave a comment

Law and policy regarding the capture of communications data continues to dominate the headlines for 2016 The European Data Protection Day, and the equivalent US/Canadian Data Privacy Day, coincided last week on 28 January. Their purpose – this year in the 10th edition of their kind, corresponding to the anniversary of the opening for signature … Continue reading →

Access to data / Breach notification / Data protection / Data retention / General Data Protection Regulation / Law enforcement / Personal data / Privacy / Privacy impact assessment / Surveillance

Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?

Posted on January 14, 2016 by Sophie Stalla-Bourdillon • 3 Comments

Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading →

Access to data / content data / Data protection / Data retention / deep packet inspection / ISPs / Law enforcement / metadata / Personal data / Privacy / Surveillance

The Draft IP Bill and data retention obligations: on the irony of the invalidation of the Data Retention Directive

Posted on November 17, 2015 by Sophie Stalla-Bourdillon • 3 Comments

The Draft Investigatory Powers (IP) Bill was published on the 4th of November. It aims to “govern the use and oversight of investigatory powers by law enforcement and the security and intelligence agencies” in the UK. It is an attempt both to simplify the legal framework and legalise practices, which means it is, in part, … Continue reading →

Data protection / Data retention / Surveillance

The Davis judgement: does Article 8 of the European Charter go beyond Article 8 of the ECHR?

Posted on July 23, 2015 by Sophie Stalla-Bourdillon • 10 Comments

Here we are! The last episode of the UK saga “and what do we do with data retention laws” has been issued by the English High Court, with its judgement in the case David Davis MP, Tom Watson MP, Peter Brice, Geoffrey Lewis v The Secretary of State for the Home Department [2015] EWHC 2092 … Continue reading →

Data protection / Data retention / Internet intermediaries

ISPs: data controllers as well as mere conduits? Does this make sense? What do we do with the e-privacy Directive if we care?

Posted on April 10, 2015 by Sophie Stalla-Bourdillon • 5 Comments

So here we are, the English Court of Appeal, as it has been explained by Alison in her post, has recently held in the Google v Vidal-Hall case, among other things, that there was a serious issue to be tried that Browser-Generated Information (BGI) is personal data under the Data Protection Act of 1998 (DPA), … Continue reading →

Peep Beep!

Peep Beep! (the clock that rings when they peep in!) is a blog dedicated to privacy and information law. #law #privacy #dataprotection #AI #informationsecurity. Interested in contributing? Email peepbeepteam at gmail dot com.

Category Archives: Data retention

Questions on UK bulk communications data capabilities referred to the EU Court of Justice

Like this:

The CJEU in Tele2 Sverige: are general(ised) data retention obligations incompatible with EU law?

Like this:

CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection

Like this:

UK Codes of Practice Enacted to Develop Regulation of State Surveillance Powers

Like this:

Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?

Like this:

The Draft IP Bill and data retention obligations: on the irony of the invalidation of the Data Retention Directive

Like this:

The Davis judgement: does Article 8 of the European Charter go beyond Article 8 of the ECHR?

Like this:

ISPs: data controllers as well as mere conduits? Does this make sense? What do we do with the e-privacy Directive if we care?

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: