On July 17, 2018, the Dutch Supervisory Authority announced that it will start a preliminary investigation to assess whether certain large corporations comply with the EU’s General Data Protection Regulation (“GDPR”) – see the official press release here (in Dutch). To that end, the authority will review the “records of processing activities” from thirty randomly … Continue Reading
By Kristof Van Quathem and Anna Sophia Oberschelp de Meneses The European Court of Human Rights (“ECHR”) decided on 28 June 2018 that the right to request the erasure of personal data on prior convictions, may be trumped by the right to freedom of expression and information. The court confirmed prior case law deciding that the … Continue Reading
Kristof Van Quathem, special counsel in Covington’s Brussels office, advises clients on data protection, data security, and cybercrime matters. He has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies, ranging from compliance advice on the adopted laws, regulations, and guidelines, to the … Continue Reading
On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement. Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading
As announced last week, the European Data Protection Supervisor (“EDPS”) released on September 23, 2016 an opinion on “coherent enforcement of fundamental rights in the age of big data.” This opinion follows an earlier Preliminary Opinion on privacy and competitiveness in the age of big data, published in 2004 (see our previous blog post here). … Continue Reading
On September 19, 2016, PaRR reported that the European Data Protection Supervisor (“EDPS”) is working on guidelines to increase coordination on the interface between data protection and competition law. The guidelines would be released later this month. According to the report, the EDPS will recommend the creation of a “digital clearing house” in which regulators … Continue Reading
On June 16, 2016, the French data protection authority (“CNIL”) launched a public consultation on the General Data Protection Regulation (“GDPR). The consultation focuses on four priority themes set out in the Article 29 Working Party’s 2016 Action plan: the data protection officer; the right to data portability; data protection impact assessments; and certification.… Continue Reading
On May 12, 2016, The French High Court (“Cour de Cassation”) rendered a short decision stating that the right to be forgotten does not supersede the freedom of press. In this case, two brothers took legal action against a famous French daily newspaper. The two individuals requested that their respective names be removed from search results … Continue Reading
By Kristof Van Quathem Yesterday, the European Commission launched its “Digitising European Industry” package, a series of industry related initiatives aimed at “updating Europe’s digital infrastructure”, see press release here, Q&A here and homepage here. The package includes reports and proposals addressing cloud computing, ICT standardization, eGovernment, Internet of Things (“IoT”), quantum technologies and high … Continue Reading
Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”). As we explained in recent posts (here and here), publication of an … Continue Reading
Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, … Continue Reading
On October 1st, 2015, the Court of Justice of the EU rendered its judgment in the Weltimmo case (C-230/14). The case addressed two important aspects of EU data protection law, namely applicable law and the scope of the territorial powers of data protection authorities. The case arose out of a dispute between Weltimmo, a company registered … Continue Reading
On June 2, 2015, the Article 29 Working Party updated its published guidance on the topic of Processor BCRs. In their latest guidance document, the Working Party focus specifically on the sensitive topic of disclosures to law enforcement agencies (LEAs). By means of Processor BCRs, data processors are able to share EU-originating personal data within … Continue Reading
On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority. He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia). The … Continue Reading
On October 23, the Trans-Atlantic Business Dialogue held a briefing session on the EU-U.S. Safe Harbor Agreement. Ted Dean, Deputy Assistant Secretary at the U.S. Department of Commerce, gave an update on the negotiations with the European Commission. Following the Snowden revelations and a resolution of the European Parliament, the European Commission on November 17, … Continue Reading
by Kristof Van Quathem On January 8, 2013, MEP Jan Philipp Albrecht released his draft report on the proposed EU Data Protection Regulation. Albrecht, of the European Green Party, is rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament, the lead Committee for the proposal. His draft report will … Continue Reading
On 24 November 2011, the EU Court of Justice decided that ISPs cannot be forced to filter Internet traffic to fight intellectual property violations. In 2007, the Brussels Court of First Instance obliged the ISP Scarlet to filter all internet traffic and to block traffic involving violations of intellectual property rights, in particular in … Continue Reading
The Article 29 Working Party recently released an opinion on data breach notification in the EU. The opinion addresses two main issues: Experience to date with the existing breach notification rules in the ePrivacy Directive. The breach notification obligation imposed by article 4.3-5 of the ePrivacy Directive (2002/58/EC) only applies to providers of electronic communications … Continue Reading
