Archives: European Union

Subscribe to European Union RSS Feed

UK Company Fined For Buying And Selling Non-Compliant Marketing Databases

The UK Information Commissioner’s Office (ICO), which enforces data protection legislation in the UK, has fined a company £20,000 (approximately 24,000 USD / 23,000 EUR) for not exercising sufficient due diligence when buying and using marketing databases. The ICO found that over 580,000 individuals’ contact details had been obtained by The Data Supply Company Ltd … Continue Reading

Italian DPA Issues Record Data Privacy Fine

By Luca Tosoni and Dan Cooper On 2 February 2017, the Italian DPA (“Garante”) imposed a record fine of 5,880,000 Euros on a UK company operating in Italy for its violation of the data privacy consent rules contained in Italian law.  This is the largest data privacy fine ever issued by a European data protection … Continue Reading

UK Information Commissioner’s Office Publishes Draft Guidance on Consent under the GDPR

By Dan Cooper and Rosie Klement On March 2, 2017, the Information Commissioner’s Office (“ICO”) released draft guidance for UK organizations on how the notion of consent will be interpreted and applied when the General Data Protection Regulation (“GDPR”) comes into force in May 2018. The ICO is currently engaging in a public consultation on … Continue Reading

Senators Seek Answers from DHS on Privacy Aspects of Trump Order, Including Privacy Shield

On February 9, 2017, six Democratic senators wrote to DHS Secretary John Kelly about their concerns over a Trump executive order that would remove Privacy Act protections for non-U.S. citizens and lawful permanent residents. Senators Ed Markey (MA), Ron Wyden (OR), Jeff Merkley (OR), Al Franken (MN), Chris Coons (DE), and Mazie Hirono (HI) wrote … Continue Reading

European Commission Dismisses Privacy Shield Concerns Over Trump Executive Order

On January 25, 2017, President Trump signed a new Executive Order on Enhancing Public Safety in the Interior of the U.S.  Among other elements, the Executive Order directs U.S. government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy … Continue Reading

Switzerland and US Announce New Commercial Data Transfer Framework

On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement.  Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading

EU Commissioner Plans to Assess U.S. Privacy Shield Commitments

In an interview with Politico (link requires a subscription), EU Justice Commissioner Věra Jourová, one of the principal architects of the EU-U.S. Privacy Shield, indicated that she plans to visit the U.S. once the Trump Administration is in place to assess the state of the new administration’s commitment to the Privacy Shield.  In the interview, … Continue Reading

European Commission Unveils Data Economy Package: International Data Transfers

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy” (see our post here); and A Communication … Continue Reading

European Commission Unveils Data Economy Package: “Building a European Data Economy”

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy”; and A Communication on exchanging and protecting … Continue Reading

European Commission Unveils Data Economy Package: E-Privacy Regulation

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) ; A Communication on “Building a European Data Economy” (see our post here); and A Communication on exchanging and … Continue Reading

CJEU Confirms That National Data Retention Laws May Only Be Adopted Where “Strictly Necessary”

By Joseph Jones, Phil Bradley-Schmieg and Gemma Nash On December 21, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Joined Cases C-203/15 and C-698/15, Tele2 /Watson. The decision considered the legality of UK and Swedish laws permitting the generalized retention of communications metadata (for 6-12 months) for the purposes of … Continue Reading

New EU GDPR Guidance: Data Portability, Data Protection Officers, and the One Stop Shop

The Article 29 Working Party (“WP29”) – the representatives of national data protection regulators in the EU – has issued new guidance on three important aspects of the new General Data Protection Regulation (“GDPR”), which comes into force in May 2018. This first salvo of GDPR-focused guidance concerns: the new “Right to Data Portability”, an … Continue Reading

European Parliament Approves EU-U.S. Umbrella Agreement

Yesterday, the European Parliament voted to approve the EU-U.S. Umbrella Agreement, a framework for the exchange of personal data for law-enforcement (including anti-terrorism) purposes between the EU and U.S.  As we previously explained, negotiations on this Agreement have been underway for quite some time, with the European Parliament first calling for it back in March … Continue Reading

Challenge to EU-U.S. Privacy Shield Lands at EU Court

On September 16, 2016, Digital Rights Ireland (“DRI”), a digital rights advocacy group, lodged an action with the EU General Court for annulment of the European Commission’s Decision on the EU-U.S. Privacy Shield arrangement.  While the existence of the application has only recently become public knowledge, it was widely-expected that the Privacy Shield would face … Continue Reading

Luxembourg Bill Amending the Data Protection Act with regard to the Authorization Regime

On August 31, 2016, a bill was presented to the Luxembourg Parliament (the “Bill”) to amend the Law of August 2, 2002, on the Protection of Persons with regard to the Processing of Personal Data. The Bill aims to reduce the current administrative burden and anticipates the application of the General Data Protection Regulation (“GDPR”) … Continue Reading

CJEU Confirms Dynamic IP Addresses To Be Personal Data

On Wednesday October 19, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Case C-582/14, Patrick Breyer v Germany.  The CJEU held that a “dynamic” IP address constitutes personal data (agreeing with the Opinion of the Advocate General from May this year).  Dynamic IP addresses qualify as personal data, even if … Continue Reading

EDPS-BEUC Joint Conference on Big Data Promotes Closer Dialogue

Last week, the European Data Protection Supervisor (the “EDPS”), in collaboration with European consumer organisation BEUC, hosted a joint conference on Big Data: individual rights and smart enforcement in Brussels (for the conference agenda, see here).  The conference brought together leading regulators and experts in the areas of competition, data protection and consumer protection, including … Continue Reading

EDPS Issues Opinion on Big Data and Enforcement

As announced last week, the European Data Protection Supervisor (“EDPS”) released on September 23, 2016 an opinion on “coherent enforcement of fundamental rights in the age of big data.”  This opinion follows an earlier Preliminary Opinion on privacy and competitiveness in the age of big data, published in 2004 (see our previous blog post here). … Continue Reading

Report: EDPS to Recommend Clearing House to Increase Coordination Among EU Regulators

On September 19, 2016, PaRR reported that the European Data Protection Supervisor (“EDPS”) is working on guidelines to increase coordination on the interface between data protection and competition law.  The guidelines would be released later this month. According to the report, the EDPS will recommend the creation of a “digital clearing house” in which regulators … Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

EU and US Unveil the New Privacy Shield

At a joint press conference in Brussels this morning (July 12, 2016), EU Commissioner Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the new EU-U.S. data transfer mechanism (see press release here, adequacy decision text here, annexes here and Q&A factsheet here).  The press conference followed the approval of the underlying adequacy decision … Continue Reading

Privacy Shield Deal Passes Major EU Hurdle

On July 8, 2016, the draft EU-U.S. Privacy Shield adequacy decision was formally approved by the so-called “Article 31 Committee” of EU Member States (see press release, here). That approval opens the door for the College of EU Commissioners to approve the Privacy Shield on Monday (July 11).  Once translated and published in the Official … Continue Reading
LexBlog