Latest Entries
General Data Protection Regulation / illegal content / Internet intermediaries / Legitimate interest / Personal data

The CJEU and the concept of ‘legitimate interest’: The case of Rīgas satiksme

Posted on by 1 Comment

The Court of Justice of the European Union (CJEU) delivered its awaited judgment on 4 May in the case Valsts policijas Rīgas reģiona pārvaldes Kārtības policijas pārvalde v Rīgas pašvaldības SIA ‘Rīgas satiksme’, answering two related questions: ‘(1)      Must the phrase ‘is necessary for the purposes of the legitimate interests pursued by the … third party … Continue reading

big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Posted on by Leave a comment

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading

anonymisation / big data / Personal data / Privacy / WiFI tracking

Anonymisation, pseudonymisation, WiFi tracking and the French: the JCDecaux case

Posted on by Leave a comment

The topic of ‘anonymisation’ has already been covered several times on the blog (see e.g. here, here, and here). We even have a new research paper (‘Anonymous Data v. Personal Data — A False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data’) recently published in the Wisconsin International Law Journal on this issue  … Continue reading

Data protection / General Data Protection Regulation / ICO / Personal data / pseudonymisation / Risk-based approach / sensitive data

ICO Requests Feedback on New Data Protection Profiling Provisions

Posted on by 1 Comment

If we stopped calling it ‘profiling’ and started calling it “creating composite, digital ‘mosaics’ by singling out, linking, and inferring personal attributes”, people might say “Well, it’s about time” The UK Information Commissioner’s Office (ICO) has published a discussion paper seeking feedback on profiling provisions under the EU’s General Data Protection Regulation (GDPR). The deadline … Continue reading

Data protection / Internet intermediaries / liability / Privacy

Data Protection & Intermediary liability: how do the French do it?

Posted on by 1 Comment

While the scope of intermediary liability exemptions is being discussed in several places around Europe (and beyond), it is interesting to go back to the Overblog legal saga, which a few years ago had been described by some as pre-announcing other popular sagas, such as the infamous Google Spain case (discussed in a previous post … Continue reading

Access to data / Consumer law / content data / content regulation / Data protection / Personal data

Data Protection Concerns raised by Proposed EU Directive on Contracts for Supply of Digital Content

Posted on by Leave a comment

It may not be ‘all about the money’, but there is some ‘price tag’ often associated with what we do online…. And that’s our data! Updates on the incoming GDPR and the potential implications of the new E-Privacy Regulation dominate EU privacy and data protection discourse currently. Yet, there is another further (and potentially overlapping) … Continue reading

content regulation / Copyright / Data protection / General Data Protection Regulation / immunities / Internet intermediaries / ISPs / Right to be forgotten

The GDPR, the proposed Copyright Directive and intermediary liability: one more time!

Posted on by 12 Comments

A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading

content regulation / Copyright / Internet intermediaries

If we had to live with Article 13 of the proposed Copyright Directive, what should it look like?

Posted on by Leave a comment

Readers might remember an open letter sent to the European Commission, the European Parliament and the Council a few weeks after the release by the European Commission of a proposal for a new Copyright Directive on 14 September 2016. The open letter, an initiative led by iCLIC, a Southampton University based research centre, had been … Continue reading

Access to data / Data protection / General Data Protection Regulation / Law enforcement / Legitimate interest / Personal data / sensitive data

CJEU Advocate General Opines on the ‘Legitimate Interest’ Concept

Posted on by 3 Comments

But how exactly does EU law achieve the weighing of competing legitimate interests and rights in a data protection law context? I’ve previously written (here) about the concept of legitimate interest under data protection law and how it has captured the attention of data protection agencies, as well as the EU institutions in informing the … Continue reading

Access to data / consent / content data / Data protection / Data retention / metadata / Privacy

The proposed ePrivacy Regulation: When the EC converses with the CJEU…

Posted on by 4 Comments

So, 2017 is full of promises! One of them is the proposed ePrivacy Regulation (officially, ‘Regulation on Privacy and Electronic Communications’) that the European Commission (EC) has suggested should replace the existing, old fashioned ePrivacy Directive (Directive 2002/58/EC on Privacy and Electronic Communications). The proposed ePrivacy Regulation – which would represent a signficant evolution in … Continue reading