Tag Archives: Data Protection Directive

Google, the CJEU, and the Long Arm of European Data Protection Law

By Dan Cooper, Mark Young and Kristof van Quathem On May 13, the European Court of Justice (the “Court”) handed down an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The decision has wide-ranging consequences regarding the application of EU … Continue Reading

European Data Protection Regulators Clarify the Scope of the Balancing Test Required for Reliance on the “Legitimate Interests” Ground for Data Processing

On 9 April, the Article 29 Working Party (“WP29”) adopted an Opinion on the notion of legitimate interests of the data controller under Article 7(f) of the EU Data Protection Directive 95/46/EC (the “Opinion”).  The Opinion has two main objectives:  to ensure correct interpretation and implementation of the “legitimate interest” ground for data processing at … Continue Reading

Dissuading Companies from Violating Data Protection Rules: Senior European Commission Official Calls for ‘Significant’ Fines

Speaking at Berkeley’s Online Tracking Workshop today, Françoise Le Bail, Director-General of the European Commission’s DG Justice (the leading department regarding the EU data protection reforms) confirmed the European Commission’s vision that the EU needs stronger penalties in order to ensure effective enforcement of European data protection rules. Ms. Le Bail said that European privacy … Continue Reading

Advocate General Submits Opinion in Google Spain Case

On 25 June, the Advocate General (the “AG”) submitted an Opinion on a set of questions that a Spanish court referred to the Court of Justice of the European Union (the “Court”). This is the first time that the Court has been asked to interpret the European Data Protection Directive 95/46/EC (the ‘Directive’) in the context of internet … Continue Reading

The European Court of Justice Rules That Austria’s Data Protection Authority Is Not Sufficiently Independent

On 16 October 2012, the Court of Justice of the European Union (“CJEU”) ruled in favour of the European Commission in its claim against Austria that the Austrian Data Protection Authority, the Datenschutzkommission (“DSK”), was not independent from the Austrian government as required under Article 28 of the EU’s Data Protection Directive. The Commission’s action was … Continue Reading

CNIL and Article 29 Working Party Release Report on Google Privacy Policy

By Dan Cooper On 16 October, 2012, the French data protection authority, the CNIL, released a report on behalf of the Article 29 Working Party that examines Google’s compliance with European data protection law.  The report marks a new stage in an investigation which began nine months ago, when Google announced that it intended to … Continue Reading

Consent in EU Data Protection Law

I recently published an editorial with the European Privacy Association regarding the concept of “consent” under the EU’s Framework Data Protection Directive that is available here.   As the editorial explains, the concept is a fundamental fixture of the EU’s data protection regime featuring in data protection law in a variety of different ways, from “unambiguous” … Continue Reading

Publication of the European Commission’s Proposal for a Data Protection Regulation Faces Delay

Following more than two years of extensive consultations on the review of the European data protection framework, the European Commission was expected to publish its proposal for a General Data Protection Regulation later this month.  As we reported on this blog, an early version of this proposal, which was widely leaked last December, contained several … Continue Reading

Draft EU Data Protection Regulation Leaked

By Dan Cooper and Kristof Van Quathem A widely-leaked version of the first legislative proposal for a General Data Protection Regulation is making its way through Brussels and beyond.  The draft Regulation — which, among other things, aims to apply a harmonized and updated set of core data protection rules across the EU — will … Continue Reading

European Parliament Approves Report on Privacy Reform

The European Parliament approved the report of rapporteur Axel Voss yesterday.  Titled “Personal data protection in the European Union”, the report endorsed the Commission’s aim of reforming the Data Protection Directive (95/46/EC) and suggested specific directions for the upcoming reform.  Among other positions explored by the report, the European Parliament: Repeated calls for more regulation … Continue Reading

The Article 29 Working Party and Breach Notification in the EU

The Article 29 Working Party recently released an opinion on data breach notification in the EU. The opinion addresses two main issues: Experience to date with the existing breach notification rules in the ePrivacy Directive. The breach notification obligation imposed by article 4.3-5 of the ePrivacy Directive (2002/58/EC) only applies to providers of electronic communications … Continue Reading

Israel Formally Obtains EU Adequacy

Today, the EU Commission formally approved Israel’s status as a country providing “adequate protection” for personal data under the European Data Protection Directive.  The Data Protection Directive generally prohibits personal data from being transferred outside the EU unless the data is subject to an “adequate level of protection,” or certain narrow exceptions apply.  As a … Continue Reading