The Official Journal of the European Union has now published Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters. It's 12 pages long, with 48 recitals and 30 Articles, and comes into force 20 days post-publication, on 18 January 2009.

The Framework's objective is to enhance the swiftest and fullest exchange and transfer of personal data for crime enforcement purposes while simultaneously maintaining the highest standards of personal data protection. This ambitious target calls for an imaginative, innovative approach as well as an acute sense of balance.
Focus News Agency reports on the tale of a Bulgarian citizen, Ivaylo Asparuhov, who visited his bank in Sofia in order to unfreeze his bank account. He was asked for his personal ID card from the bank employee, who then made a photocopy of the document. Mr Asparuhov subsequently complained to the Personal Data Protection Commission that photocopies of his ID card and those of other bank clients had been carelessly thrown into a waste bin by several bank officials right in front of his eyes. His complaint was strengthened by the fact that he had the presence of mind to take photos of the alleged data protection breaches with his mobile phone.

The Commission analysed the photos and concluded that the bank had failed to destroy the personal data of its customers in a way that … Continue Reading ››
Yahoo has been applauded for announcing that announcing that it would remove personally identifiable information from its database after 90 days. According to the Financial Times, Yahoo currently anonymises user log data after 13 months, compared to nine months for Google search data. Microsoft keeps its users’ search data for 18 months but had pledged to lower that to six months if other search engines did the same. Yahoo’s new policy applies to logs of views and clicks of all its pages and advertising, as well as search.

Microsoft and Google have argued that lowering the time they retain customer data would have an adverse impact on their products for consumers and advertisers, which are increasingly personalised. Marketing agencies have however sided with with Yahoo’s claim that its service would not be adversely affected, even though Yahoo did not consult with its advertisers … Continue Reading ››
The Court of Justice of the European Communities gave its ruling two days ago in Case C‑524/06, Heinz Huber v Bundesrepublik Deutschland, in response to a reference for a preliminary ruling from the Oberverwaltungsgericht für das Land Nordrhein-Westfalen, Germany.

The facts were simple. Huber, an Austrian national, moved to Germany in 1996 in order to work there as a self-employed insurance agent. The following data relating to him was stored in the German Central Register of Foreign Nationals (Ausländerzentralregister, AZR): (i)his name, date and place of birth, nationality, marital status and gender; (ii) a record of his entries into and exits from Germany, and his residence status; (iii) particulars of passports issued to him; (iv)a record of his previous statements as to domicile and (v) reference numbers issued by the Bundesamt, particulars of the authorities which supplied the … Continue Reading ››
The Court of Justice of the European Communities (ECJ) gave its ruling this morning in Case C-73/07 Tietosujvaltuutettu v Satakunnan Markkinopörssi Oy and Others, establishing that the processing of personal data made available by the tax authorities in Finland for the purposes of putting into place a text-messaging service allowing mobile telephone users to receive tax data relating to other natural persons may be the subject of a derogation from the data protection rules if it is carried out solely for journalistic purposes.

The facts that to this reference are as follows. For several years Markkinapörssi collected public data from the Finnish tax authorities for the purposes of publishing extracts from those data in the regional editions of the Veropörrsi newspaper each year. The information contained in those publications comprises the surname and given name of approximately 1.2 million persons whose income exceeds certain … Continue Reading ››
An ICO Press Release last week assures education authorities in the UK that they can take a relaxed view of the taking of photographs at school concerts. In "ICO says festive photos are fine" the Office states:

"This Christmas the Information Commissioner's Office (ICO) is encouraging a common sense approach to photographs taken by family and friends at school concerts and plays and is reminding parents that the Data Protection Act does not prevent them from capturing those priceless moments.

David Smith, Deputy Commissioner at the ICO, says: "All too often we hear of cases where parents have been prevented by schools from taking pictures of their children and friends because of data protection. We recognise that parents want to capture significant moments on camera and would advise a common sense approach. Photographs taken for the family photo album are exempt from the Act. … Continue Reading ››