Tag Archives: Data Protection Directive

CJEU Confirms That National Data Retention Laws May Only Be Adopted Where “Strictly Necessary”

By Joseph Jones, Phil Bradley-Schmieg and Gemma Nash On December 21, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Joined Cases C-203/15 and C-698/15, Tele2 /Watson. The decision considered the legality of UK and Swedish laws permitting the generalized retention of communications metadata (for 6-12 months) for the purposes of … Continue Reading

Privacy Shield Deal Passes Major EU Hurdle

On July 8, 2016, the draft EU-U.S. Privacy Shield adequacy decision was formally approved by the so-called “Article 31 Committee” of EU Member States (see press release, here). That approval opens the door for the College of EU Commissioners to approve the Privacy Shield on Monday (July 11).  Once translated and published in the Official … Continue Reading

EU Passes Sweeping New Privacy and Data Security Laws

As forecast in our latest blog on the topic (available here), the European Parliament today voted into law a new General Data Protection Regulation (“GDPR”) that will replace the EU’s all-encompassing Data Protection Directive as of mid-2018. Today’s vote brings to a close a legislative process that has lasted nearly five years; the law’s official publication, which should be … Continue Reading

European Commission Launches Consultation on Reform of the ePrivacy Directive

By Ezra Steinhardt and Vera Coughlan Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive. On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the … Continue Reading

EU Poised to Formally Adopt New Data Protection Laws; Amended Texts Published

By Phil Bradley-Schmieg and Vera Coughlan.  This post has been updated to include links to the final texts and comparisons with preceding drafts. After three months of legal-linguistic checks and translations, the EU is poised to formally adopt the new EU General Data Protection Regulation (GDPR) and its sister law, the EU Policing and Criminal Justice … Continue Reading

Privacy Shield: Top Five Reasons It’s Tougher Than the Safe Harbor, Whether You Should Certify, and Next Steps

As noted in our post yesterday, the text of the EU-U.S. Privacy Shield, the upcoming trans-Atlantic data-transfer framework between the EU and U.S. to replace the invalidated U.S.-EU Safe Harbor, has been released by the U.S. Department of Commerce.  Commerce’s release coincided with the release of a draft adequacy decision by the European Commission. A … Continue Reading

Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement

On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government.  The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading

Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

By Dan Cooper, Phil Bradley-Schmieg and Joseph Jones Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union … Continue Reading

The New EU Data Protection Law: Key Elements for Business

The General Data Protection Regulation (GDPR) (see the latest text here), which was approved at the political level last week, heralds a new era of data protection in the EU and beyond.  The GDPR imposes numerous new obligations on companies both within and outside the EU, strengthens the rights of individuals and foresees stiff penalties … Continue Reading

LIBE Committee Votes in Favor of the GDPR

By Vera Coughlan and Monika Kuschewsky This morning, the European Parliament’s Civil Liberties, Justice and Home Affairs committee (“LIBE”) formally adopted the result of the negotiations on the EU’s General Data Protection Regulation (“GDPR”).  The text of GDPR was the outcome of trilogue negotiations between the European Parliament and Council and the Commission, which concluded … Continue Reading

Political Agreement on the EU General Data Protection Regulation – Start of a New EU Privacy Era?

By Monika Kuschewsky, Charlotte Ryckman and Vera Coughlan Today, the EU institutions reached the long-awaited political agreement on the General Data Protection Regulation (GDPR), which will fundamentally change the EU privacy landscape (for the Commission press release see here and the European Parliament press release here).  Almost four years after the publication of the legislative … Continue Reading

EU’s Highest Court Rules on Applicable Law and Territorial Powers of the National Data Protection Authorities

On October 1st, 2015, the Court of Justice of the EU rendered its judgment in the Weltimmo case (C-230/14).  The case addressed two important aspects of EU data protection law, namely applicable law and the scope of the territorial powers of data protection authorities. The case arose out of a dispute between Weltimmo, a company registered … Continue Reading

CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC) … Continue Reading

Committees of European Parliament Hold Confirmation Hearing for Commissioner-Designate for Justice, Consumers, and Gender Equality

By Sophie Noya and Henriette Tielemans From September 29 to October 7, 2014, parliamentary Committees of the European Parliament (“EP”) will be holding public confirmation hearings with Commissioners-designates with a view to assessing their skills and qualifications ahead of the EP’s vote on October 22 to approve (or reject) the Council’s appointment of the new … Continue Reading

Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related … Continue Reading

Article 29 Working Party Emphasizes Importance of Personal Data Protection for Big Data Operations and Development

A recent statement from the Article 29 Working Party, the independent European advisory body on data protection and privacy, comprised of representatives of the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission, finds that the EU data protection principles, outlined in the EU Data Protection … Continue Reading

EU Court of Justice clarifies the definition of personal data and scope of access requests

By Jacqueline Clover and Monika Kuschewsky   The Court of Justice of the European Union (‘CJEU’) has ruled that an analysis produced by an administrative agency to inform and support the agency’s formal decisions (‘legal analysis’) is not of itself “personal data” as defined under Directive 95/46/EC (the ‘EU Data Protection Directive’).  This is the … Continue Reading

Google, the CJEU, and the Long Arm of European Data Protection Law

By Dan Cooper, Mark Young and Kristof van Quathem On May 13, the European Court of Justice (the “Court”) handed down an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The decision has wide-ranging consequences regarding the application of EU … Continue Reading

European Data Protection Regulators Clarify the Scope of the Balancing Test Required for Reliance on the “Legitimate Interests” Ground for Data Processing

On 9 April, the Article 29 Working Party (“WP29”) adopted an Opinion on the notion of legitimate interests of the data controller under Article 7(f) of the EU Data Protection Directive 95/46/EC (the “Opinion”).  The Opinion has two main objectives:  to ensure correct interpretation and implementation of the “legitimate interest” ground for data processing at … Continue Reading

Dissuading Companies from Violating Data Protection Rules: Senior European Commission Official Calls for ‘Significant’ Fines

By Charlotte Ryckman & Jetty Tielemans Speaking at Berkeley’s Online Tracking Workshop today, Françoise Le Bail, Director-General of the European Commission’s DG Justice (the leading department regarding the EU data protection reforms) confirmed the European Commission’s vision that the EU needs stronger penalties in order to ensure effective enforcement of European data protection rules. Ms. … Continue Reading
LexBlog