The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia.
With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
EU POLICY AND REGULATION
- EU policy and regulation including latest news from Brussels on the GDPR and NISD
- GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
Last week’s seismic decision
in the Google Spain case continues to generate many column inches of comment and will no doubt continue to do so for some time. Datonomy's colleagues in Olswang's international privacy team have just published a paper considering the practical implications of this decision in the round. You can access it at this link
. The paper considers:
- Google’s practical options in terms of next steps
- the implications for individuals’ rights
- the implications for online publishers
- what it means for the Right To Be Forgotten under the new EU Regulation
- the impact on wider “data debates” over other technologies such as email scanning and Google Glass
- what it tells us about the workings of Europe’s highest commercial court, and tactical tips for bringing referrals on points of EU law.
The paper is also available in PDF here
Datonomy's Spanish correspondents have just posted an analysis of a recent ruling by the AEPD over Google's autocomplete function, Google Suggest. The full analysis
, which spans not only data protection but wider issues of defamation, intermediary liability and freedom of speech, is well worth a read over the weekend.
For Datonomy readers short of time, here's a lunchtime synopsis provided by our Iberian Datonomists, Blanca Escribano and Marcos Garcia-Gasco.
The latest AEPD ruling
In May 2012, a citizen addressed a claim before Spain's DP authority, the AEPD. Google's autocomplete function paired his name with the term "gay", which he found a potential door of defamation against him. Now, a decision against Google has been issued by the AEPD, which recognises the data subject's right to object.
How does Google Suggest work?
As Datonomy readers will be familiar, Google's autocomplete function helps users to find information quickly by predicting and displaying searches that might be similar to … Continue Reading ››
At a recent roundtable event hosted by Olswang LLP, Datonomy heard a range of perspectives on the new cookie consent requirements. Readers can find useful resources from the event via the right menu below (scroll down to "Cookie resources") including the headline comments from our panel of speakers.
Over 30 in house counsel from a range of consumer facing businesses – all getting to grips with compliance with the UK's new rules – attended the breakfast seminar. Recognising that the legal world is now sick of cookie puns, croissants were on the breakfast menu instead.
The UK regulatory perspective was provided by Dave Evans, Group Manager at the Information Commissioner's Office. The clear message to UK website owners, echoing the ICO's recent guidance
, is that doing nothing and hoping a browser-based consent solution will come to the rescue is simply not an option. Businesses should be analysing the cookies on their websites, informing … Continue Reading ››
By Blanca Escribano Cañas, Partner at Olswang Spain and Ellen Martinez, Associate at Olswang Spain
Last January Google faced off against the Spanish Data Protection Agency ("Agencia Española de Protección de Datos –"AEPD-
") in the Spanish National Court ("Audiencia Nacional
"). The reason: five decisions issued by the AEPD ordering Google to remove from its indexes certain links to websites containing information allegedly affecting individuals' privacy.
The referred decisions were issued following the request of five individuals who wanted Google not to associate their names with negative events which had occurred years ago and that were published in the online editions of newspapers and regional official gazettes.
While AEPD argues that the right to delete "data trails" in the Internet should be understood as an extension of the right to have data deleted and the right to object, the search giant states that information made available by third parties is public and its removal … Continue Reading ››
The Spanish Data Protection Agency has issued a report called the “Study on privacy of personal data and information security on online social networks”
in collaboration with INTECO
(the Instituto Nacional de Tecnologías de la Comunicación).
This report provides a study of users' profiles on social networks and the risks they are exposed to, principally in relation to personal data. It also provides information on what measures have been adopted or must be adopted by social networks providers in order to avoid those risks.
The report states that the legal framework applicable to social networks providers in Spain is the Data Protection (Organic Law 15/1999, on Protection of Personal Data
, based on Directive 95/46/CE) and the Information Society Providers (Law 34/2002, about Information Society Services and Electronic Commerce
Based on an analysis of a wide spectrum of different social networks (about 75 in total) the Agency has identified certain … Continue Reading ››
The Spanish Data Protection Agency has launched
a privacy handbook for children and parents with useful advice and recommendations on how to browse the internet with the appropriate safeguards by following a set of simple rules. The guide, based on the current Spanish Data Protection Act, sets out the underlying principles of the Data Protection Laws. It provides a definition of the right to data protection and personal data and addresses issues such as the scope of the legislation, the special protection of children's privacy rights and the privacy risks to which minors are exposed. It then gives a basic overview of the fundamental principles of data protection.
In Spain, parental consent is required for processing of data for children under the age of 14. It is forbidden to request personal data from the minor's relatives such as household income, profession or leisure … Continue Reading ››