EU data protection/privacy laws continue to keep this international Air Passenger data agreement ‘grounded from taking flight’, but what effect could the decision have on similar data agreements already concluded with the EU? On 26 July, the European Court of Justice (CJEU) declared that the EU-Canada Passenger Name Record (PNR) Agreement is incompatible with EU … Continue reading
Category Archives: Surveillance
The IPT in Privacy International v Secretary of State for Foreign and Commonwealth Affairs: Is it saying the IPB should be welcome?
The investigatory Powers Tribunal (IPT) delivered its judgment yesterday in the case Privacy International v. Secretary of State for Foreign and Commonwealth Affairs et al. The skeleton arguments for the claimants and respondents can be accessed here. In a nutshell and as recalled by para. 3 of the judgement: “The proceedings were brought on 5th June … Continue reading
CJEU Advocate General opines on the compatibility of EU-Canada PNR Agreement with EU Charter rights to privacy and personal data protection
We’ve heard it before, and we’ll hear it again… ‘How can interference with fundamental EU rights to privacy and personal data protection be justified when it comes to mass-automated data processing?’ In other words, to what extent will the EU Charter of Fundamental Rights keep this international agreement grounded before it can take flight? Earlier … Continue reading
Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)
“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading
New Air Passenger Data Processing Rules to Apply from 2018
Ready, steady, go… Clock countdown formally starts for the reform of three major pieces of EU data legislation! It’s finally final – three separate pieces of data privacy-related legislation in the EU will be coming into effect soon: As anticipated by Sophie last month here, the final version of the General Data Protection Regulation (GDPR) … Continue reading
UK Codes of Practice Enacted to Develop Regulation of State Surveillance Powers
Law and policy regarding the capture of communications data continues to dominate the headlines for 2016 The European Data Protection Day, and the equivalent US/Canadian Data Privacy Day, coincided last week on 28 January. Their purpose – this year in the 10th edition of their kind, corresponding to the anniversary of the opening for signature … Continue reading
Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?
Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading
Bulk Personal Datasets and the ‘Spectre’ of Pervasive Surveillance Concerns Back in the Spotlight with the Investigatory Powers Bill
Are proposals to introduce oversights over state powers to obtain, analyse, and retain mass sets of personal details sufficient to alleviate concerns where they include data about individuals unconnected to investigations? Much has been written about the UK government’s proposed new Investigatory Powers Bill (IPB) since it was published for consultation by the Home Office, … Continue reading
The Draft IP Bill and data retention obligations: on the irony of the invalidation of the Data Retention Directive
The Draft Investigatory Powers (IP) Bill was published on the 4th of November. It aims to “govern the use and oversight of investigatory powers by law enforcement and the security and intelligence agencies” in the UK. It is an attempt both to simplify the legal framework and legalise practices, which means it is, in part, … Continue reading
Weber, DRI and Schrems: so what are “measures of mass surveillance”? And what should we do with them? A tale of 2 Courts
While the Court of Justice of the European Union (CJEU) in its recent judgment Schrems v Data Protection Commissioner (discussed here), does not mention the words “measures of mass surveillance” it states that it is concerned about measures “authoris[ing], on a generalised basis, storage of all the personal data of all the persons”. By way … Continue reading