UK’s Information Commissioner’s Office (ICO) has published guidance on privacy notices under EU General Data Protection Regulation (GDPR). GDPR introduces new requirements for controllers on notifying data subjects about processing of their data. GDPR requires privacy notices to be understandable and accessible. ICO’s guidance provides best practice on communicating privacy information to individuals. Access guidance
Yesterday (October 19, 2016) the Court of Justice of the European Union (CJEU) issued its judgment in case Patrick Breyer v. Bundesrepublik Deutschland, in which court recognizes that dynamic IP addresses registered by websites are personal data. CJEU followed the Opinion of the Advocate General delivered earlier this year. In its decision CJEU concluded that […]
On September 23 the European Data Protection Supervisor (the “EDPS”) Giovanni Buttarelli published his opinion “Coherent enforcement of fundamental rights in the age of big data”. This opinion is part of an ongoing project, launched in March 2014 with the EDPS’ “Preliminary Opinion on Privacy and Competitiveness in the Age of Big Data”.It addresses the concern […]
Cloud Infrastructure Services Providers in Europe (“CISPE”) – a relatively new coalition of more than 20 cloud infrastructure providers operating in Europe – has recently published its first Code of Conduct for Cloud Infrastructures Services. The CISPE Code of Conduct: Gives a framework to comply with the General Data Protection Regulation Excludes the reuse of […]
On September 9, 2016, the operator of the world’s largest Internet hub, De-Cix, filed lawsuit against the German government to stop mass surveillance by the German intelligence agency Bundesnachrichtendienst (BND). De-CIX is challenging the legality of orders from the BND to implement monitoring of communications flowing through its Frankfurt Internet exchange point. De-CIX insists that […]
UK’s National Audit Office (NAO) has found that government has breached personal data security nearly 9,000 times in a year. Most of breaches – about 6,000 – are on HMRC. NAO found that 17 largest departments recorded 8,995 data breaches in years 2014-2015, but reported to the Information Commissioner (ICO) only 14 incidents. Although not […]
Michel Reymond has published a paper “Hammering Square Pegs into Round Holes: The Geographical Scope of Application of the EU Right to Be Delisted” where he explores the extraterritorial effects of the decision of Court of Justice of European Union (CJEU) in so called Google Spain case. In that case CJEU recognized “right to be forgotten” or, according Michel […]
There is a new developments in a privacy case brought by Austrian privacy activist Max Schrems against Facebook. Facebook has questioned the right of Schrems to bring a Europe-wide class action. Now, Austria’s Supreme Court referred the question to the European Court of Justice (CJEU). Read full story
Dutch police have seized two servers belonging to Switzerland-based VPN provider Perfect Privacy. The VPN provider claims that Dutch police haven’t informed or contacted them about the reason servers were seized and about seizure they were informed by their hosting provider. Despite the seizure of servers, Perfect Privacy promises that no user data was compromised. Full story