All posts by Blanca Escribano

With the fast-moving nature of automotive technology, there is no doubt that automotive transport is soon set to become very different. Connecting cars to the internet creates an opportunity for several new business models fed by thousands of apps and data flows, and autonomous connected cars will allow drivers to use the internet in a self-driving car in the same way as they would at home or at work. The use of data collected by machine learning algorithms allows these cars to deliver a personalised customer experience to drivers and passengers, however this creates privacy issues in relation to personal data usage, and the only way for the Internet of Things (IoT) to reach its full potential for innovation is by building consumer trust. The EU legal framework is developing in respect of data protection, particularly with the EU General Data Protection Regulation coming into force in 2018, and the … Continue Reading ››
Datonomy takes a look at the recent recommendations in the Article 29 Working Party Opinion on the Internet of Things, and what these mean for players in the value chain. Consumers’ fear of potentially intrusive new technologies is often cited as one of the main barriers to the adoption of the Internet of Things. Regulators in the US and Europe are starting to get to grips with the issue. As Datonomy readers will be aware, the Article 29 Working Party recently issued an Opinion on the topic, with recommendations on how to embed privacy compliance at every stage of the IoT value chain. In this paper on the Olswang website here I consider the key privacy and security challenges posed by a connected world, and analyse the latest best practice for suppliers – from device manufacturers, through to app developers and providers of operating systems. Stakeholders who can demonstrate privacy compliance and … Continue Reading ››


Almost two years have passed since Google introduced controversial changes to its privacy policy in March 2012, by merging more than 60 separate policies for Google’s numerous services into a single privacy policy.  Since then European data protection regulators, initially through the Article 29 Working Party and more recently through a task force of data protection authorities from six Member States including the UK, France, Germany, Italy, Spain and the Netherlands, have demanded that Google takes steps to bring its new policy into line with European data protection laws.  There has been much rattling of regulatory sabers and for the most part nonchalant shrugs from the Mountain View based tech giant, which has responded to the coordinated regulatory offensive by saying that its new policy “respects European law and allows us to create simpler, more effective services.”   The Spanish and French data protection watchdogs have now taken matters … Continue Reading ››
The recent AG’s Opinion in the Google case referred by the Spanish courts raises three issues of wide interest: the territorial scope of EU data protection law, liability of search engines and the Right To Be Forgotten. The ECJ will have the final say in the matter later this year. In the meantime, Datonomy flags the key issues – which are bound to influence debate on the new General Data Protection Regulation. Datonomy’s correspondents in Spain have been following this case right from the start: back in March 2011 we reported that the Spanish Audiencia Nacional was considering requesting a preliminary ruling from the Court of Justice of the European Union (ECJ) on several matters regarding the position of search engines in relation to the European Data Protection Directive. That referral was made in March 2012, and the Advocate General in the case delivered his Opinion at the end of June. … Continue Reading ››
By Blanca Escribano Cañas, Partner at Olswang Spain and Ellen Martinez, Associate at Olswang Spain Last January Google faced off against the Spanish Data Protection Agency ("Agencia Española de Protección de Datos –"AEPD-") in the Spanish National Court ("Audiencia Nacional"). The reason: five decisions issued by the AEPD ordering Google to remove from its indexes certain links to websites containing information allegedly affecting individuals' privacy. The referred decisions were issued following the request of five individuals who wanted Google not to associate their names with negative events which had occurred years ago and that were published in the online editions of newspapers and regional official gazettes. While AEPD argues that the right to delete "data trails" in the Internet should be understood as an extension of the right to have data deleted and the right to object, the search giant states that information made available by third parties is public and its removal … Continue Reading ››