On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period
On April 2, the Article 29 Working Party (the “Working Party”) approved a new Opinion on a principle of European data protection law known as the “purpose limitation”. The principle (which stems from Article 6(1)(b) of the Data Protection Directive) requires that data controllers only collect data for “specific”, “explicit” and “legitimate” purposes, and not process the data for further purposes that are incompatible with the purposes for which data were originally collected. As each of these terms have been interpreted differently in different Member States, causing potential confusion for data controllers operating in multiple jurisdictions, one of the main aims of the Working Party paper is to provide clearer, more harmonized interpretations of the principle. The paper also aims to generally clarify the current legal framework and assist policy makers in drafting the new EU data protection legal framework, and offers guidance on specific scenarios (such as so-called “Big Data” processing).
Continue Reading Article 29 Working Party Releases New Opinion on Purpose Limitation
- A user’s informed consent is not required where the cookie is used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network”. In other words, the transmission of the communication must not be possible without the use of the cookie. Simply using a cookie to assist, speed up or regulate the transmission of a communication over an electronic communications network is not sufficient.
- A user’s informed consent is not required where the cookie is “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. There must be a clear link between the strict necessity of the cookie, i.e., that the service would not work without the cookie, and the delivery of the service explicitly requested by the user. The key is to examine what is strictly necessary from the view of the user, not the service provider.
The Article 29 Working Party (WP29) yesterday published an opinion on facial recognition in online and mobile services. The WP29 states this technology requires “specific attention” as it presents “a range of data protection concerns”.
The opinion focuses on facial technology being used in three main contexts: identifying people in social networks; authenticating and verifying users to control access to services; and categorising individuals, e.g., in the gaming context to enhance the user experience, allow/deny access to age-related content, or to display in-game targeted advertising.
The opinion places a heavy emphasis on the need to obtain the informed consent of individuals prior to processing their data in connection with facial recognition technologies. Perhaps of most interest to social networks and the public, is the conclusion that facial recognition should not be used to automatically suggest names of people who are not registered users of social networks for the purpose of tagging them in photographs.Continue Reading Facial Recognition Opinion Targets Social Networks, Authentication Services and Games Consoles
Continue Reading Article 29 Working Party Voices Concerns Over Behavioural Advertising Code
On 15 July, 2011, the Working Party 29 group of European data protection authorities released Opinion 187, on the definition of “consent” as used in the Data Protection Directive and the e-Privacy Directive. Focusing on factors such as whether the consent is (i) informed, (ii) freely given, (iii) specific, (iv) unambiguous, and so on, the paper explores different scenarios in which consents provided by data subjects are sufficient or insufficient for data controllers and processors to rely on when processing relevant data. Continue Reading Working Party 29 Releases New Opinion on the Meaning of “Consent”
Earlier this week the European group of national data protection authorities, collectively the Working Party 29 (“WP 29”), released a new opinion on data protection issues relating to the prevention of money laundering and terrorist financing. The new paper features a slew of new recommendations from the WP 29 that are designed to enhance privacy…
The EU Art 29. Working Party finished its 80th plenary meeting in Brussels last week. This week, the Party released a series of new policy opinions produced during the plenary. The highlights included:
- A declaration that, in WP 29’s opinion, New Zealand’s data protection regime is now “adequate” for the purposes of international data transfer. This opinion will now be