The much discussed and long-awaited General Data Protection Regulation (“GDPR”) applies from today, May 25, 2018. It will update and harmonize data protection laws across the EU, and sets out comprehensive rules in relation to personal data handling, as well as the rights of individuals over their personal data. It is unclear how aggressively the … Continue Reading
Last week, the European Data Protection Supervisor (the “EDPS”), in collaboration with European consumer organisation BEUC, hosted a joint conference on Big Data: individual rights and smart enforcement in Brussels (for the conference agenda, see here). The conference brought together leading regulators and experts in the areas of competition, data protection and consumer protection, including … Continue Reading
Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here). This 14-point position paper follows a meeting that these authorities held last week. Key points include: following the Safe Harbor judgment of the … Continue Reading
On October 1st, 2015, the Court of Justice of the EU rendered its judgment in the Weltimmo case (C-230/14). The case addressed two important aspects of EU data protection law, namely applicable law and the scope of the territorial powers of data protection authorities. The case arose out of a dispute between Weltimmo, a company registered … Continue Reading
The CJEU “Right to be Forgotten” Ruling. In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12). The CJEU’s decision re-interpreted European data protection law to include … Continue Reading
On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority. He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia). The … Continue Reading
The 35th International Data Protection and Privacy Commissioners Conference, which comprises national, regional and local data protection and privacy authorities from all five continents, convened in Warsaw last week. The Conference adopted a total of nine resolutions and a declaration, which is the highest number of resolutions since the Conference’s first annual meeting back in … Continue Reading
The 35th International Data Protection and Privacy Commissioners Conference, which comprises national, regional and local data protection and privacy authorities from all five continents, convened in Warsaw last week. The Conference adopted a total of nine resolutions and a declaration, which is the highest number of resolutions since the Conference’s first annual meeting back in … Continue Reading
On 16 October 2012, the Court of Justice of the European Union (“CJEU”) ruled in favour of the European Commission in its claim against Austria that the Austrian Data Protection Authority, the Datenschutzkommission (“DSK”), was not independent from the Austrian government as required under Article 28 of the EU’s Data Protection Directive. The Commission’s action was … Continue Reading