What better timing than less than two weeks after the release of the (poorly drafted) proposed Digital Omnibus to issue a (ground-shaking) judgment on the interplay between the old e‑Commerce Directive (ECD) and the General Data Protection Regulation (GDPR)? Here’s a freshly delivered ruling from the Court of Justice of the European Union (CJEU) that … Continue reading
Tag Archives: General data protection Regulation
On Pancakes, Paper Pudding, and the Draft Digital Omnibus: What Happens Next?
I thought I was done with blogging. Yet if the leaked digital Omnibus achieved anything positive, it was to bring me back to joyful collage… which is worth explaining. As for what comes next, we’ll have to wait, and make time, to search for antidotes. This post is about pancakes and paper pudding, and how … Continue reading
Advocate General Delivers Opinion on Whether Examination Scripts Are Personal Data under Data Protection Law
Exam scripts are personal data, says the AG, when the purpose it is to identify and record the performance of a particular individual; but that doesn’t mean you can go back and change your answers! On 20 July 2017, the EU Court of Justice’s Advocate General (AG) Kokott delivered her opinion in Peter Nowak v … Continue reading
New UK Decisions on the Data Protection Implications of Information Sharing with Law Enforcement
Compliance with governmental requests for information raise a minefield of different laws, but data protection/privacy rights hold special pitfalls Determining when the sharing of personal data is legal can be a complicated exercise. Yet, the impetus for governmental agencies to collect and share more and more information is at an unprecedented high. In the EU, … Continue reading
New EU Cyber Security Directive enters into force, alongside new US Cyber Incident Coordination Directive
Cyber threats know no borders even if the law does…so how are cyber policies evolving in 2016 to deal with the increasing complexity and scale of cyber-incidents now faced by countries, businesses, and individuals? As anticipated in my post from January this year, a bolstering of cyber security legislation is squarely on the legislative and … Continue reading
anonymisation / Brexit / Data protection / Data transfer / digital identity / e-government / eIDAS / General Data Protection Regulation / safe harbour
eIDAS applies from 1 July 2016: An EU dream come true after a Brexit nightmare?
Six days after the results of the UK Brexit referendum and it is still very hard to go back to a “normal” life, especially while remaining an EU citizen living in the UK. One of the most upsetting things of the referendum, at least for lawyer, is its nonsense. This holds true in particular … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Internet intermediaries / metadata / pseudonymisation / Risk-based approach / Surveillance
Mind the Caveats – CJEU Advocate General opines that Dynamic IP Addresses can be Personal Data … (sometimes)
“I am not a number …” – but to what extent does EU data protection law deem that I am identifiable from one if someone somewhere could link it back to me at a single point in time? The Court of Justice of the EU (CJEU) has been hearing arguments in a case involving the … Continue reading
anonymisation / big data / Data protection / General Data Protection Regulation / Geo-location data / Personal data / Privacy / Privacy impact assessment / pseudonymisation
Location Data and Making Sense of the Goldilocks Paradox of Legal Anonymisation (too much, too little or just right…?)
Collect, delete, repeat …. From ‘Where I am’ to ‘Who I am’, and back again? To pick up the thread from my previous posts on the topic of location data here and here, this final piece in the set returns to the first theme I discussed. This relates to the legal debate over when location … Continue reading
Geo-Location Data Processing and Meaningful Consent – A Comparison of Latest Data Protection Guidance
Of ‘Mice and Men’ to ‘Maps and Machines’ – “Whatever in creation exists without my knowledge exists without my consent.” Further to my post in March, the purpose of this sequel post is to continue considering two guidelines published by European regulators regarding the processing of geolocation data. I continue to delve into the cloudy legal … Continue reading
New Air Passenger Data Processing Rules to Apply from 2018
Ready, steady, go… Clock countdown formally starts for the reform of three major pieces of EU data legislation! It’s finally final – three separate pieces of data privacy-related legislation in the EU will be coming into effect soon: As anticipated by Sophie last month here, the final version of the General Data Protection Regulation (GDPR) … Continue reading