All posts by Elle Todd

With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
  • The regime for electronic communications, based on the EU's Privacy and E-communications Directive (PECD), which dates back to 2002, is being overhauled as part of the Commission's Digital Single Market package.
  • Since the last review of the PECD in 2009, a new … Continue Reading ››
In the past year, we have seen Safe Harbor declared invalid and the EU-US Privacy Shield put in place, as well as the start of the countdown to GDPR compliance. Datonomy contributors Elle Todd and Rob Bratby join Jamie Davies from Telecom to discuss all things data and reflect on the changes to EU data protection regulation over the past twelve months. Find the article here.
The new Prime Minister won't have welcomed the publication yesterday of the European Court of Justice (ECJ) advocate general's legal opinion since it has potentially worrying implications for her Investigatory Powers Bill (dubbed by the media as the 'Snooper's Charter') and UK data transfers in a post-Brexit era. In a case initiated by a member of her own cabinet  (David Davis, now minister for Brexit resulting in him dropping his name from the action at the beginning of this week), Labour MP Tom Watson and others, the matter concerned the data retention obligations placed on electronic communications services under the Data Retention and Investigatory Powers Act (DRIPA). The ECJ case linked these proceedings with a Swedish case on a similar point. First it is worth noting that the Advocate General's opinion is not legally binding and is only a recommendation. However it is often followed by the ECJ and his comments … Continue Reading ››
In what's turned out to be a great week for US privacy developments, hot on the heels of the Privacy Shield announcement,  yesterday, 14 July,  the 2nd US Circuit Court of Appeals gave its anxiously awaited judgment in the Microsoft search warrant saga. The case centred on a warrant in a US narcotics case requiring Microsoft to hand over emails that were stored on a Microsoft server in Dublin. After Microsoft  refused, a District Court in Manhattan held in 2014 that Microsoft was compelled to hand the emails over. Microsoft appealed. At stake of course was not just some emails, but fundamental questions concerning the extent to which one country can extend its long arm of the law into another jurisdiction and the individual's rights to privacy and protection under their own domestic laws. No wonder then that this case quickly became a cause celebre  not only for privacy … Continue Reading ››
In all the excitement last week over  the European Parliament's approval of the General Data Protection Regulation (GDPR) and the US Privacy Shield, you may have missed that the European Commission published a consultation on Monday  11 April  regarding the ePrivacy Directive. Don't worry though, here is what you need to know: What is the purpose of the consultation? The consultation forms part of the Commission's Digital Single Market (DSM) Strategy and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent requirement,  so many people are likely to want to input. It also contains rules on breach notification, consents for marketing by electronic means and use of traffic and location data. The Commission … Continue Reading ››
Safe Harbour – what’s new? Yesterday, the European Commission announced that it had agreed a new framework with the US for data flows between Europe and the US, christened “EU-US Privacy Shield”.  This would replace the former Safe Harbour agreement, which was invalidated by the ECJ on 6 October last year, and allow a mechanism for companies to legally transfer data relating to EU data subjects between Europe and the US.  Datonomy watched the Article 29 Working Party (“A29WP”) press conference given by the Chair, Isabelle Falque-Pierrotin, at midday today (following which a formal statement was released) and brings you the key points on the current status and next steps for Privacy Shield. What is the status of the new EU-US Privacy Shield? Whilst the European Commission may have reached an agreement, Privacy Shield is far from a done deal it seems.  The A29WP was not included in the negotiations relating … Continue Reading ››
Whilst a lot of attention has been given to European data protection legislation, we should not forget some interesting developments which are happening in Asia at the moment. Indeed a spate of new data protection legislation has been prepared and in some cases already passed in the last year. For example, Malaysia will have its new data protection regime come into force this summer and just last month the Philippine government passed its privacy legislation. Particular interest has been generated by the Singaporean draft legislation, the latest (and potentially last) draft of which was published a few weeks ago. Whilst the legislation does borrow some concepts from the current European regime, other provisions draw more comparison with US privacy laws (particularly with regard to information which is made publicly available). Areas of difference to familiar European legislation which caught Datonomy's eye include: