On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at
Working Party 29
Article 29 Working Party Releases New Opinion on Purpose Limitation
On April 2, the Article 29 Working Party (the “Working Party”) approved a new Opinion on a principle of European data protection law known as the “purpose limitation”. The principle (which stems from Article 6(1)(b) of the Data Protection Directive) requires that data controllers only collect data for “specific”, “explicit” and “legitimate” purposes, and not process the data for further purposes that are incompatible with the purposes for which data were originally collected. As each of these terms have been interpreted differently in different Member States, causing potential confusion for data controllers operating in multiple jurisdictions, one of the main aims of the Working Party paper is to provide clearer, more harmonized interpretations of the principle. The paper also aims to generally clarify the current legal framework and assist policy makers in drafting the new EU data protection legal framework, and offers guidance on specific scenarios (such as so-called “Big Data” processing).
Continue Reading Article 29 Working Party Releases New Opinion on Purpose Limitation
Article 29 Working Party Publishes Guidance On Cookie Rule Exemptions
On Tuesday, June 12, the Article 29 Working Party (WP29), a group of European data protection authorities, published an opinion on the exemptions available to the new cookie rules introduced by the revised EU ePrivacy Directive. The opinion provides guidance on the implementation of the available exemptions to the requirement to obtain internet users’ informed consent for the use of cookies. Specifically, the WP29 explained the criteria for relying on one of the two available exemptions:
- A user’s informed consent is not required where the cookie is used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network”. In other words, the transmission of the communication must not be possible without the use of the cookie. Simply using a cookie to assist, speed up or regulate the transmission of a communication over an electronic communications network is not sufficient.
- A user’s informed consent is not required where the cookie is “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. There must be a clear link between the strict necessity of the cookie, i.e., that the service would not work without the cookie, and the delivery of the service explicitly requested by the user. The key is to examine what is strictly necessary from the view of the user, not the service provider.
Continue Reading Article 29 Working Party Publishes Guidance On Cookie Rule Exemptions
Facial Recognition Opinion Targets Social Networks, Authentication Services and Games Consoles
The Article 29 Working Party (WP29) yesterday published an opinion on facial recognition in online and mobile services. The WP29 states this technology requires “specific attention” as it presents “a range of data protection concerns”.
The opinion focuses on facial technology being used in three main contexts: identifying people in social networks; authenticating and verifying users to control access to services; and categorising individuals, e.g., in the gaming context to enhance the user experience, allow/deny access to age-related content, or to display in-game targeted advertising.
The opinion places a heavy emphasis on the need to obtain the informed consent of individuals prior to processing their data in connection with facial recognition technologies. Perhaps of most interest to social networks and the public, is the conclusion that facial recognition should not be used to automatically suggest names of people who are not registered users of social networks for the purpose of tagging them in photographs.Continue Reading Facial Recognition Opinion Targets Social Networks, Authentication Services and Games Consoles
Article 29 Working Party Voices Concerns Over Behavioural Advertising Code
On 26 August, 2011, the Article 29 Working Party, a group of European data protection authorities, published a letter to the Online Behavioural Advertising Industry regarding the proposed industry self-regulatory framework, known as the Best Practice Recommendation on Online Behavioural Advertising (the “Code”). The letter sets out the main data privacy concerns identified by the Working Party arising from the Code. The Working Party takes a strict view regarding the application of the European Data Protection and ePrivacy Directives to the use of cookies for purposes of tracking consumer behaviour online. The main issues discussed in the letter are set out below:
Continue Reading Article 29 Working Party Voices Concerns Over Behavioural Advertising Code
Working Party 29 Releases New Opinion on the Meaning of “Consent”
On 15 July, 2011, the Working Party 29 group of European data protection authorities released Opinion 187, on the definition of “consent” as used in the Data Protection Directive and the e-Privacy Directive. Focusing on factors such as whether the consent is (i) informed, (ii) freely given, (iii) specific, (iv) unambiguous, and so on, the paper explores different scenarios in which consents provided by data subjects are sufficient or insufficient for data controllers and processors to rely on when processing relevant data. Continue Reading Working Party 29 Releases New Opinion on the Meaning of “Consent”
Working Party 29 Issues New Opinion on Prevention of Money Laundering and Terrorist Financing
Earlier this week the European group of national data protection authorities, collectively the Working Party 29 (“WP 29”), released a new opinion on data protection issues relating to the prevention of money laundering and terrorist financing. The new paper features a slew of new recommendations from the WP 29 that…
EU Working Party 29 Publishes New Series of Opinions
The EU Art 29. Working Party finished its 80th plenary meeting in Brussels last week. This week, the Party released a series of new policy opinions produced during the plenary. The highlights included:
- A declaration that, in WP 29’s opinion, New Zealand’s data protection regime is now “adequate” for the purposes of international data
…
Continue Reading EU Working Party 29 Publishes New Series of Opinions