By Luca Tosoni and Dan Cooper

On 2 February 2017, the Italian DPA (“Garante”) imposed a record fine of 5,880,000 Euros on a UK company operating in Italy for its violation of the data privacy consent rules contained in Italian law.  This is the largest data privacy fine ever issued by a European data protection authority for a breach of the EU’s data protection framework.

The Garante imposed the fine on a company that allegedly made money transfers to China on behalf of individuals without their knowledge or agreement, and therefore did not obtain the individuals’ consent to the processing of their data.

The size of the fine reflects, in part, the fact that a significant number of data subjects were impacted by the breach.  In fact, the Garante concluded that the company had committed a separate privacy violation for each data subject whose data was used without consent.  The fine therefore reflects the sum total obtained from adding up the fine for each individual breach committed by the company.
Continue Reading Italian DPA Issues Record Data Privacy Fine

On December 21, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Joined Cases C-203/15 and C-698/15, Tele2 /Watson.

The decision considered the legality of UK and Swedish laws permitting the generalized retention of communications metadata (for 6-12 months) for the purposes of prevention, detection or prosecution of crime (not

Yesterday, the European Parliament voted to approve the EU-U.S. Umbrella Agreement, a framework for the exchange of personal data for law-enforcement (including anti-terrorism) purposes between the EU and U.S.  As we previously explained, negotiations on this Agreement have been underway for quite some time, with the European Parliament first calling for it back in March 2009.

According to the European Commission’s fact sheet, the Agreement “puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation.”  Specifically, the Umbrella Agreement includes the following protections:

  • Data Use Limitations
  • Onward Transfer Requirements
  • Publicly Available Retention Periods
  • Access and Rectification Rights
  • Data Breach Notification
  • Judicial Redress and Enforceability


Continue Reading European Parliament Approves EU-U.S. Umbrella Agreement

By Jean de Ruyt

According to the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, the EU and the US have finalized the EU-US Umbrella Agreement (for the press release, see here; a reportedly near-final draft of the agreement can be read here). This is a remarkable breakthrough after the first calls for such an agreement back in March 2009, when the European Parliament called for an “EU – US agreement ensuring adequate protection of civil liberties and personal data protection”.


Continue Reading EU – US Umbrella Agreement about to be concluded: towards a transatlantic approach to data protection?

As protests have continued across the nation in the wake of back-to-back decisions by grand juries in Missouri and New York not to indict white police officers for their involvement in the deaths of unarmed black citizens, civil rights advocates, along with state leaders and the federal government, are exploring measures to better relationships between law enforcement and communities of color.  Just last week, the Department of Justice released a revised version of its Guidance Regarding the Use of Race by Federal Law Enforcement Agencies.  Yesterday afternoon, President Obama signed an Executive Order to create the Task Force on 21st Century Policing, and following the Michael Brown jury decision, the President proposed a three-year $263 million investment package to increase, among other things, the use of body-worn cameras.

In light of the events leading to Eric Garner’s death, however, which were captured by mobile video in their entirety, there has been skepticism about the efficacy of body-worn cameras in preventing such fatal interactions with the police and also in providing sufficient evidence to juries.  Privacy advocates, along with police officers, have expressed concern about the new technology as well.  On the one hand, body cameras have greater potential to invade privacy if they are used in homes or to film bystanders, suspects, and victims during what can be volatile and extreme encounters.  On the other hand, cameras could reduce police use of force while protecting officers from false accusations of misconduct.  Moreover, cameras could provide vital data used over time to monitor, measure, and improve departments’ institutional practices.  On balance, video cameras on police officers seem to be a good thing with short- and longer-term benefits, but only if they are deployed within a policy framework that prioritizes citizens’ privacy.
Continue Reading Looking at Police-Community Relations Through the Lens of Body-Worn Cameras

By Jim Garland, David Fagan, and Alex Berengaut

On January 27, 2014, the Attorney General and Director of National Intelligence announced that the U.S. government will allow Internet companies and telecommunications providers to disclose more information about government demands for customer data in national security investigations.  The government’s new transparency policy addresses legal demands served under two distinct statutory authorities.  First, under the Foreign Intelligence Surveillance Act (“FISA”), the government can apply to the U.S. Foreign Intelligence Surveillance Court (“FISC”) for orders compelling providers to disclose both the contents of their customers’ communications as well as non-content “metadata” relating to such communications.  Second, under the National Security Letter (“NSL”) statute, the FBI can compel companies to disclose certain non-content information about their customers.

Under the new policy announced on January 27, technology companies now have two options for reporting on the number of FISA orders and NSLs they receive:  


Continue Reading Justice Department Allows More Transparency on Government Demands for Customer Information in National Security Investigations

Recent news that the U.S. Justice Department obtained telephone records for two months covering more than 100 journalists working for the Associated Press has prompted lawmakers to propose new statutes meant to strengthen protections against the kinds of requests that our Jeff Kosseff described as “undermin[ing]” the “entire Fourth Estate.”


Continue Reading New Statutes Proposed in the Wake of AP Spying Scandal

In the wake of the Boston marathon bombings and in response to the quick work of law enforcement officials who were significantly aided in their identification of the suspected bombers by videos from government- and privately owned surveillance cameras, there has been renewed public discussion regarding the privacy implications of the proliferation of security cameras. While many government officials advocate the deployment of more security cameras and law enforcement access to captured material, privacy advocates urge caution with regard to increased surveillance. In particular, privacy advocates voice concern with regard to the potential use of surveillance by law enforcement officers on “fishing expeditions” — combing through video footage to identify individuals engaged in unusual behavior, without having any other evidence that those individuals are engaged in illegal activities. Below we have highlighted a few interesting pieces discussing the issues.


Continue Reading Boston Marathon Bombings Spark Renewed Debate Over Surveillance