Joseph Jones

Joseph Jones

Subscribe to all posts by Joseph Jones

European Commission Unveils Data Economy Package: International Data Transfers

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy” (see our post here); and A Communication … Continue Reading

European Commission Unveils Data Economy Package: “Building a European Data Economy”

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy”; and A Communication on exchanging and protecting … Continue Reading

European Commission Unveils Data Economy Package: E-Privacy Regulation

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) ; A Communication on “Building a European Data Economy” (see our post here); and A Communication on exchanging and … Continue Reading

CJEU Confirms That National Data Retention Laws May Only Be Adopted Where “Strictly Necessary”

By Joseph Jones, Phil Bradley-Schmieg and Gemma Nash On December 21, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Joined Cases C-203/15 and C-698/15, Tele2 /Watson. The decision considered the legality of UK and Swedish laws permitting the generalized retention of communications metadata (for 6-12 months) for the purposes of … Continue Reading

Challenge to EU-U.S. Privacy Shield Lands at EU Court

On September 16, 2016, Digital Rights Ireland (“DRI”), a digital rights advocacy group, lodged an action with the EU General Court for annulment of the European Commission’s Decision on the EU-U.S. Privacy Shield arrangement.  While the existence of the application has only recently become public knowledge, it was widely-expected that the Privacy Shield would face … Continue Reading

CJEU Confirms Dynamic IP Addresses To Be Personal Data

On Wednesday October 19, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Case C-582/14, Patrick Breyer v Germany.  The CJEU held that a “dynamic” IP address constitutes personal data (agreeing with the Opinion of the Advocate General from May this year).  Dynamic IP addresses qualify as personal data, even if … Continue Reading

Inherited Infrastructure, Outdated Software, And Other Failings That Led To TalkTalk’s Record Fine

On October 5, 2016, the UK Information Commissioner’s Office (“ICO”) fined telecoms company TalkTalk a record £400,000 for failing to put in place appropriate data security measures and allowing a cyber-attacker to access TalkTalk customer data “with ease.”  The ICO highlighted several  technical and organizational deficiencies as justification for issuing its largest fine to-date.  Many … Continue Reading

EU DPA Enforcement Guidance Post-Schrems

Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”).  As we explained in recent posts (here and here), publication of an … Continue Reading

Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

By Dan Cooper, Phil Bradley-Schmieg and Joseph Jones Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union … Continue Reading

Debate in the European Parliament’s LIBE Committee on the Schrems ruling

On October 12, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs (“LIBE”) Committee held a debate to discuss the aftermath of the ruling of the Court of Justice of the European Union (“CJEU”) ruling in Case C-362/14 Maximillian Schrems v Data Protection Commissioner (see summary of the ruling here and summary of the … Continue Reading

UK ICO Issues Largest Ever Fine In Connection With Automated Marketing Calls

The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls.  The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in relation to “free” solar panels, recklessly … Continue Reading

Advocate General Considers EU-U.S. Safe Harbor to be Invalid

By Jetty Tielemans, Mark Young and Joseph Jones This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection … Continue Reading
LexBlog