On surveillance, safe harbour and Schrems…Are we that stuck?

Posted on April 16, 2015 by Sophie Stalla-Bourdillon • 2 Comments

Readers of this blog will almost certainly be aware that the European Union (EU) was the first regional organisation on the international stage to adopt a comprehensive, and relatively stringent, data protection regime. Yet, as the Internet is a global communications infrastructure, the EU has had to find ways to dialogue with non-EU (‘third’) countries … Continue reading →

Data protection / Internet intermediaries / Privacy / Right to be forgotten

Google: a data controller as well as an intermediary service provider? Does this make sense? Who cares?

Posted on April 1, 2015 by Sophie Stalla-Bourdillon • 13 Comments

So everyone knows it, Google is polymorphous. It has experienced many different forms: mere facilitator, publisher, hosting provider, caching provider… The latest legal label stuck on its mutant forehead is that of “data controller” and this has been done quite “noisily” by the Court of Justice of the European Union (CJEU) in its Google Spain … Continue reading →

digital identity / identity theft

Usurpation of identity à la française: the first application of Article 226-4-1 of the French Penal Code

Posted on January 8, 2015 by Sophie Stalla-Bourdillon • Leave a comment

The French LOPSSI 2 Act of 2011 [LOPSSI stands for Loi d’Orientation et de Programmation pour la Performance de la Sécurité Intérieure] introduced into the French Penal Code a new Article 226-4-1 to criminalise the “act of usurping the identity of an individual or the act of using one piece or several pieces of data … Continue reading →