Category Archives: EU Data Protection Reform

The draft data protection regulation of the European Commission that had leaked in early December has been widely criticised by the German Minister of the Interior and aFederal Constitutional Court judge. The points of concern were not the new and mainly stricter rules of the draft regulation, but that the European Commission chose a regulation instead of a directive. First, Johannes Masing, one of the sixteen judges of theFederal Constitutional CourtinKarlsruhe, unmistakably warned about the new regulation in a newspaper article last Monday titled "Goodbye to fundamental rights". Mr. Masing said that as a regulation was in fact a directly applicable law in every member state, national rights would be pushed aside. This would also be the case with regard to the fundamental rights of the Grundgesetz, the German constitution. In Germany, data protection laws do not originate from the European Directive 95/46/EC or a simple law, but were "invented" … Continue Reading ››
After a first read through of the leaked Commission proposal for a new data protection regulation (Draft Regulation) that was published by statewatch.org (it is not meant to be officially published until the end of January), I remembered a speech by Viviane Reding's Chief of Cabinet who said that the Commissioner for Justice was very impressed by German data protection rules. This might help in explaining several provisions of the Draft Regulation. Take for example the rules on data processing. After some scandals on data leakages at data processors,Germanytightened the requirements for the contract on data processing to cover several specific details of data security. Article 27 of the  Draft Regulation takes up this idea and requires controller and processor to stipulate several rules and precautionary measures in their agreement, as that the controller may only act on instructions from the controller and that its staff must have committed themselves to … Continue Reading ››
For readers who missed the ICO's inaugural webcast last week, or who have not had a chance to read his Annual Report, Datonomy brings you selected highlights. But first (and on an unashamedly smug note) Datonomy is grateful to the Commissioner for his answer to the question it posed via the interactive Q&A feature - which, along with the webcast - was another ICO "first".  We posed the following question: "As Information Commissioner, if you could have three wishes in the year ahead (relating to UK private sector organisations' compliance with privacy legislation, to EU policy - or anything else), what would these be?" The Commissioner responded: "My three wishes? Businesses to wake up to the fact that 90% of consumers are fairly or very concerned about the privacy of personal information held about them - and to think through the implications for reputation when mistakes are made. Website operators to take … Continue Reading ››
By Blanca Escribano Cañas, Partner at Olswang Spain and Ellen Martinez, Associate at Olswang Spain Last January Google faced off against the Spanish Data Protection Agency ("Agencia Española de Protección de Datos –"AEPD-") in the Spanish National Court ("Audiencia Nacional"). The reason: five decisions issued by the AEPD ordering Google to remove from its indexes certain links to websites containing information allegedly affecting individuals' privacy. The referred decisions were issued following the request of five individuals who wanted Google not to associate their names with negative events which had occurred years ago and that were published in the online editions of newspapers and regional official gazettes. While AEPD argues that the right to delete "data trails" in the Internet should be understood as an extension of the right to have data deleted and the right to object, the search giant states that information made available by third parties is public and its removal … Continue Reading ››
With so many UK developments to report on recently, Datonomy has only just caught up with this important announcement from the European Commission about the wider picture – namely the long-awaited reform of Directive 95/46/ EC. It forms part of a recent speech by Viviane Reding, Vice-President of the European Commission on "Next Steps for Justice, Fundamental Rights and Citizenship in the EU".

Datonomy readers may remember the Commissioner's previous announcement back in January which we reported here.
That was somewhat light on detail as to the proposed content and timetable for the revised Directive. The Commissioner's latest speech does not go a great deal further on the specifics, but here is the key extract (with points of particular interest highlighted):

"On privacy and data protection I have initiated the process leading up to the reform and modernisation … Continue Reading ››
According to an article in the New York Times, European Data Protection Supervisor Peter Hustinx says Europe's data protection regulatory framework needs updating -- but it will be two to three years before businesses even see the reform proposals. In the meantime, companies should take data protection into their own hands by showing they have control over their data and that they are accountable for it, he added. Businesses that store and use data in the ever-changing e-environment are calling for clear guidelines, but it seems that there are none yet on the horizon.