Covington and Burling LLP

Contact:Email

On Thursday, September 2, 2021, the Irish Data Protection Commission (“DPC”) published its decision in the long-awaited inquiry it initiated into the data processing of WhatsApp Ireland Limited (“WhatsApp”) in December 2018.  It finds against WhatsApp, imposing a fine of €225 million.
Continue Reading Irish DPC Finds Against WhatsApp

On Jul 22, 2021, the Irish Joint Committee on Justice (“Committee“) published a report that included a series of recommendations on the work of the Irish Data Protection Commission (“DPC“).  The Committee, made up of 14 politicians from across the political spectrum and drawn from both the Dáil (the elected first house) and Seanad (the senate), issued this report following a public hearing held on April 27, 2021 (see our prior blog post here).  The recommendations in the report address, among other things, concerns raised about the Irish DPC’s oversight and enforcement of the EU General Data Protection Regulation (“GDPR“).
Continue Reading Ireland’s Joint Committee on Justice Publishes Recommendations to Reform the Irish Data Protection Commission

The new standard contractual clauses (“SCCs“) issued by the European Commission (see our prior blog post here) continue to prove controversial.  Among other things, the SCCs require that the law of the European Union (“EU“) Member State underpinning them provides third-party beneficiary rights.  Most EU Member States are civil law jurisdictions that already provide such rights.  Ireland, however, is a common law jurisdiction like the U.S. and the UK, and as such, depends largely on evolving case law to define the scope of various rights and obligations.
Continue Reading New Standard Contractual Clauses Raise Questions Under Irish Law

On May 20, 2021, there was a major ransomware attack on the Irish health system.  The centralized HSE (Health Service Executive), which provides and manages healthcare for the Irish population, was targeted on May 14 and has seen significant disruption since.  It has described the attack as a ‘zero-day threat with a brand new variant of the Conti ransomware.’

Continue Reading Major Cyber-attack on Irish Health System Causes Commercial Concern

On April 27, 2021, the Irish Oireachtas Committee on Justice met in Dublin to consider recent written submissions received criticising the Irish Data Protection Commission (DPC).  The meeting was divided into two hour-long meetings with the first meeting devoted to the criticisms of Max Schrems, the Austrian privacy campaigner, and Fred Logue, an Irish data protection lawyer.  The second meeting, the longer of the two, heard from Helen Dixon, the Data Protection Commissioner, and the Irish Council of Civil Liberties.

Ten politicians, including the Chair (a lawyer with data law experience), questioned each of the invitees on what was a limited agenda.  Each participant was limited to a five minute opening statement after which member politicians attending queried them.  Discussion of ongoing cases was not permitted.

The Committee scheduled Mr. Schrems and Ms. Dixon on separate panels, presumably to avoid a repeat of Ms. Dixon’s objection to the previous invitation from the European Parliament’s LIBE Committee proposing to hear from both together at the same hearing.  Each in turn were the key participants in their panel discussions.  Mr. Schrems repeated criticisms he has made previously and Ms. Dixon gave a strong defence of her office.
Continue Reading Irish Parliamentary Committee Hearing Discusses Criticism of the Irish DPC

On April 19, 2019, the Department of Health and Human Services (HHS) announced a 30-day extension, until June 3, 2019, to the comment period for two rules proposed by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC).

The
Continue Reading HHS Extends Comment Period for Proposed Rules on Patient Access and Interoperability

Today, President Trump signed an Executive Order (“EO”), “Maintaining American Leadership in Artificial Intelligence,” that launches a coordinated federal government strategy for Artificial Intelligence (the “AI Initiative”).  Among other things, the AI Initiative aims to solidify American leadership in AI by empowering federal agencies to drive breakthroughs in AI research and development (“R&D”) (including by making data computing resources available to the AI research community), to establish technological standards to support reliable and trustworthy systems that use AI, to provide guidance with respect to regulatory approaches, and to address issues related to the AI workforce.  The Administration’s EO is the latest of at least 18 other countries’ national AI strategies, and signals that investment in artificial intelligence will continue to escalate in the near future—as will deliberations with respect to how AI-based technologies should be governed.
Continue Reading President Trump Signs Executive Order on Artificial Intelligence

On January 12, 2016, the European Court of Human Rights (ECtHR) ruled that an employer who had monitored an employee’s private communications during working hours had not breached the employee’s right to privacy (under Article 8 of the European Convention on Human Rights).

This judgment will influence how other European national courts and regulators view similar cases involving employer monitoring of employee private communications. However, the full scope of the judgement remains somewhat unclear; in particular, it remains unclear whether the ECtHR would apply similar logic if the monitored communications had been carried out through a personal account, rather than a professional one.  Employers should also take note that the judgment emphasizes the need for employer monitoring policies to be reasonable and proportionate.  The judgment is available in full here.
Continue Reading European Court of Human Rights Rules That Employers Can Monitor Employee Private Communications

On January 25, 2012, the European Commission presented a proposal for a “Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “Data Protection Regulation” (DPR). The Commissioner in charge of justice at the time, Viviane Reding, aware of the complexity of the matter, stated jokingly that she hoped a decision on this proposal would at least be reached by the end of her term, i.e. in October 2014.

Reding is now gone, a new EU Commission is in place, but the Council of Ministers has only agreed very recently on a few chapters of the ninety page proposal; “Trilogue” negotiations between the European Parliament, the Council, and the Commission have not even started.  When, recently, the new Commissioner, Vera Jourova, claimed that a final agreement will be reached before the end of 2015, this deadline was seen by experts as wishful thinking, just as all those announced previously by her predecessor.

The Parliament cannot be blamed: on 12 March 2014, just before being dissolved in preparation for the May elections, it endorsed with 621 votes in favor, 10 against and 22 abstentions, the position on the regulation adopted by the LIBE (Civil Liberties, Justice and Home Affairs) Committee. But this vote was seen more as a political move (in the context of the NSA scandal) than a nuanced and balanced approach to the difficult issues at stake. The stronger safeguards inserted, the increased level of fines, and some radical definitions are light years away from the compromises currently discussed in the Council. So even when the Council will have reached a common position (or “general approach”) on the whole text, reconciling this position with the Parliament’s might take a long time – or end up in a deadlock.Continue Reading The EU data protection regulation after 3 years of negotiation

Recently, the National Network to End Domestic Violence (NNEDV) and Facebook launched a guide intended to assist individuals who have been victims of domestic violence.  The guide offers tips to individuals who have suffered abuse on “how to use Facebook in a way that ensures that they stay connected with

Continue Reading Facebook and NNEDV Develop Privacy and Safety Guide for Survivors of Abuse