A lot has been written on the topic of intermediary liability in the past few months. But has everything been said or read? And looking at the different pieces of the regulatory jigsaw together, are we heading in the right direction? One important piece of the jigsaw is certainly the General Data Protection Regulation (GDPR) … Continue reading
Tag Archives: data controller
New UK Decisions on the Data Protection Implications of Information Sharing with Law Enforcement
Compliance with governmental requests for information raise a minefield of different laws, but data protection/privacy rights hold special pitfalls Determining when the sharing of personal data is legal can be a complicated exercise. Yet, the impetus for governmental agencies to collect and share more and more information is at an unprecedented high. In the EU, … Continue reading
Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance
Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading
The GDPR and the biggest mess of all: why accurate legal definitions really matter….
Issued last week, here is what seems to be the final version of the General Data Protection Regulation (the GDPR)! This 6 April 2016 version, likely to be adopted by the European Parliament this week, is now in the kiosks! HIP HIP HOORRAY I hear you thinking, either ironically because more than 4 years of … Continue reading
Council reaches general agreement on proposed Data Protection Regulation, but disagreements remain in view
‘A single road ahead or cross-roads reached?’ – Is the aim of EU harmonisation of data protection rules disappearing out of sight? On 15 June, the Council of the EU announced that it had agreed a general approach to the draft Regulation on the protection of individuals with regard to the processing of personal data … Continue reading
Access request for network data granted! A few thoughts on the decision of the Australian Privacy Commissioner in Ben Grubb and Telstra (1 May 2015)
Ben Grubb and Telstra Corporation Limited  AICmr 35 is a fascinating decision – issued on 1 May 2015 by Timothy Pilgrim, the Australian Privacy Commissioner – especially in the light of our recent posts, such as this one concerning Internet Service Providers (ISPs) and their roles as mere conduits and/or data controllers, or that … Continue reading
ICO responds to public comments on its approach to Big Data and Data Protection, and sets out its future agenda in this area
Big data may not be a ‘game-changer’ under data protection law, but it does ‘up the stakes’ for data-controller compliance obligations On 6 May, the European Commission published a Communication on a Digital Single Market Strategy for Europe. This sets out various measures to be taken so that “individuals and businesses can seamlessly access and … Continue reading
ISPs: data controllers as well as mere conduits? Does this make sense? What do we do with the e-privacy Directive if we care?
So here we are, the English Court of Appeal, as it has been explained by Alison in her post, has recently held in the Google v Vidal-Hall case, among other things, that there was a serious issue to be tried that Browser-Generated Information (BGI) is personal data under the Data Protection Act of 1998 (DPA), … Continue reading
A structured overview of the Article 29 Working Party’s guidelines on the implementation of the right to … alter the structured overview of data-subject information generated by search engines (the so-called ‘right to be forgotten’)
The Article 29 Data Protection Working Party adopted on 26 November 2014 its guidelines on the implementation of the controversial Court of Justice of the European Union (CJEU) judgment on Google Spain v. AEPD and Costeja (C-131/12). In that case, the CJEU ruled on three questions concerning the interpretation of the Data Protection Directive … Continue reading
‘Nothing is agreed until everything is agreed’… but still a new version of Chapter IV of the proposed General Data Protection Regulation has been released!
The Council of the European Union has agreed on a “partial general approach” when reviewing specific aspects of the proposed General Data Protection Regulation (GDPR) in a note issued on the 3rd of October 2014 for publication in the Council Register. In particular, the note contains a revised version of the draft text of Chapter … Continue reading