The recent AG’s Opinion in the Google case referred by the Spanish courts raises three issues of wide interest: the territorial scope of EU data protection law, liability of search engines and the Right To Be Forgotten. The ECJ will have the final say in the matter later this year. In the meantime, Datonomy flags the key issues – which are bound to influence debate on the new General Data Protection Regulation. Datonomy’s correspondents in Spain have been following this case right from the start: back in March 2011 we reported that the Spanish Audiencia Nacional was considering requesting a preliminary ruling from the Court of Justice of the European Union (ECJ) on several matters regarding the position of search engines in relation to the European Data Protection Directive. That referral was made in March 2012, and the Advocate General in the case delivered his Opinion at the end of June. … Continue Reading ››
Draft rules coming into effect next month for communications service providers on when and how to notify data security breaches are the clearest indication yet of the obligations proposed for all data controllers under the draft General Data Protection Regulation. The new telco-specific regime includes some welcome concessions on when deadline for notifying regulators starts, and the circumstances when individuals need to be notified. Datonomy analyses the new rules. Who is the new regulation aimed at? Last week, the European Commission presented a new draft Commission Regulation on the measures applicable to the notification of personal data breaches under the E-Privacy Directive 2002/58/EC. This Regulation (like the notification requirements under the 2002 Directive) applies only to “providers of publicly available telecommunications services” and will come into force in August 2013. According to the E-Privacy Directive, telecom companies, internet service providers and other providers of publicly available electronic communications services (“CSPs”) are … Continue Reading ››