Category Archives: Privacy Issues

Since its hotly awaited publication in January, the Proposal for an ePrivacy Regulation ("Proposal") has come under scrutiny from various stakeholders. Recently both the Article 29 Working Party ("WP29"), and the European Data Protection Supervisor ("EDPS"), have joined the chorus. Though both independent bodies are pleased with the concepts in the legislation, both express various concerns, with WP29 describing theirs as particularly 'grave'. Those (grave) concerns, alongside some recommendations are explored in detail below. EDPS: concerns over consent, tracking and cookies. As expected in his Opinion the EDPS welcomes various parts of the Proposal, including the legislators' choice for a regulation rather than a directive, and the extension of scope to over-the-top (“OTT”) communications services such as Skype and WhatsApp. The Commission's ambition to bring all publically accessible networks and services within the scope of the confidentiality requirements is also praised. However, though the EDPS … Continue Reading ››
The Article 29 Working Party ("WP29") has recently adopted new General Data Protection Regulation ("GDPR") Guidance, this time focusing on Data Protection Impact Assessments ("DPIAs"). The Guidelines aim to clarify when a DPIA is required and provide criteria for the lists of the kind of processing operations which are subject to the requirement for a DPIA, to be adopted by Data Protection Authorities under Article 35(4) of the GDPR. Although the guidance has been formally “adopted”, the WP29 is welcoming comments from stakeholders until 23 May 2017, so it is possible that elements may be modified in the near future. The guidance is significant as it represents EU data protection authorities’ collective interpretation of this important new compliance requirement. Any comments on the guidelines can be sent to the following addresses: JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr by 23 May 2017. What is a Data Protection Impact Assessment? DPIAs are not a formal requirement … Continue Reading ››
As Max Schrems continues to do battle over Model Clauses in the Irish High Court, the Article 29 Working Party (WP29) has this week issued guidance surrounding EU-US Privacy Shield (Privacy Shield) related complaints. The guidance will be of note to any EU citizen wishing to complain about the handling of their personal data that has been transferred from the EU to one of the, as of 24 February, 1724 Privacy Shield registered organisations. It encompasses a template complaint form and Rules of Procedure and should provide parties concerned with all the information necessary to notify a breach under the 6 month old framework. The Rules of Procedure provide guidance on how an "Informal Panel of EU DPAs" (Panel) will operate in advising US organisations following a complaint. The Panel will aim to provide guidance within 60 days after receiving a complaint form. The complaint … Continue Reading ››
With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
  • The regime for electronic communications, based on the EU's Privacy and E-communications Directive (PECD), which dates back to 2002, is being overhauled as part of the Commission's Digital Single Market package.
  • Since the last review of the PECD in 2009, a new … Continue Reading ››
Yesterday, 10 January, the European Commission (EC) presented its formal proposals for the new ePrivacy Regulation. On initial analysis, the first official draft of the Regulation appears broadly similar to last month's leaked version, explored by Datonomy here. Datonomy will be providing a fuller analysis, however in the meantime the EC's Fact Sheet provides a useful starting point. The Commission's aim is to have the new Regulation adopted by 25 May 2018 when the GDPR takes effect. Olswang's Head of Digital and Data, Elle Todd, and Alex Dixie, the firm's Head of Adtech, will be taking a first look at the practical impacts of the new proposals in a webinar at 15:00 UK time on Thursday 19 January. Follow this link to register. In particular the webinar will examine:
Yesterday (13 December) in time-honoured tradition, a draft proposal of the European Commission's (EC) new ePrivacy Regulation was leaked. The official draft of the proposal is not expected to be published by the EC until January 2017, and it is possible some of the detail will change before then. Datonomy will be providing fuller analysis of the real thing in the near future, but an initial look at the leaked draft – which (typos aside) gives a good indication of what to expect - reveals the following:
  1. It's a Regulation rather than a Directive (as predicted by Datonomy here)
As with the GDPR, this is intended to provide additional harmonisation and simplification. However, there are a number of areas where Member States can nuance provisions.
  1. A fining regime similar to GDPR
Offenders can expect turnover based fines. For example, fines of up to 2% of turnover, or up to 10,000,000 … Continue Reading ››
Recently Datonomy attended the second of two conferences held by Exeter University addressing the UK's place in the Digital Single Market. The day, hosted at Portcullis House, focused on data protection and privacy policy with viewpoints provided by both practitioners and stakeholders. Of particular relevance to Datonomy readers were the panels' opinions on the ePrivacy Directive review, the GDPR, and the new Investigatory Powers Act (recently explored by Datonomy here). Draft ePrivacy Regulation on the horizon Perhaps the headline news from the day was the strong support for the review of the ePrivacy Directive to result in the implementation of a new ePrivacy Regulation (therefore directly effective). It was argued the Regulation should extend the scope of the current ePrivacy Directive to cover new tech including, for example, OTT Providers, publically used private networks and the Internet of Things. According to the European Commission the draft proposal … Continue Reading ››