On 15th October 2015 the Spanish Supreme Court handed down its first ruling on the so-called digital “right to be forgotten" in which it states that harmful information affecting individuals without public relevance should not be accessible to Internet search engines when the news has lost relevance over time. The background of the case The decision of the Court is based on the following facts: in the 1980s two people were involved in drug-trafficking and consumption. After being arrested, they were finally convicted for drug smuggling and imprisoned. A few years ago, after having served their sentence imposed for these facts and having remade their personal, family and professional life, they found out that by typing their names in the major Internet search engines (particularly, Google and Yahoo!), the news that once was published in a newspaper (El País) now appeared among the first search results, because such newspaper had … Continue Reading ››
The 2014 Year End Newsletter looks at: I. Article 29 Working Party publishes Opinion on "Internet of Things" II. Data protection and competition law - statement by the Federal and State Commissioners for Data Protection III. Are IP-addresses personal data? - German Federal Court of Justice ask ECJ IV. Data processing for marketing: new guidelines V. Outlook on current draft laws and recommended reading A brief summary of each point is below - to read the full newsletter, please click here. I. Article 29 Working Party publishes Opinion on "Internet of Things" The WP29 considers IoT as generally permitted, but clearly states that any stakeholder is responsible for data protection. Despite of consent requirements and transparency obligations, personal data should be aggregated to the greatest extent possible and the principles of privacy by default and privacy by design shall be applied by the stakeholders. II. Data protection and competition law - statement by the Federal and State Commissioners for Data Protection While … Continue Reading ››
On August 19, 2014, more than one year after the first draft bill of an IT Security Act, the German Federal Ministry of the Interior has published the new draft bill of the Act, aimed at boosting the security of information technology systems. The full title of the legislation is “Entwurf eines Gesetzes zur Erhöhung der Sicherheit informationstechnischer Systeme" (IT Sicherheitsgesetz) (“IT Security Act”). The new rules are still subject to change but look likely to come into force in early 2015. General overview In fact, the IT Security Act will not be an individual law, but will amend the Act on the Federal Office for Information Security, the Telecommunication Act, the Telemedia Act and the Act on the Federal Criminal Police Office as well as the Act on the German Federal Office of Information Security. The IT Security Act contains five central topics and provides for:
- IT security in companies (see A. below)
- Protection … Continue Reading ››
Our quarterly IT and data protection newsletter keeps you informed of current legal issues, decisions and events in the technology sector in Germany. We hope you enjoy reading. This edition covers the following topics. I. Canvas Fingerprinting – Tracking without Cookies II. District Court of Berlin: WhatsApp must provide terms and conditions in German, and improve the legal notice III. „No-Spy decree“ of the German Federal Ministry of Interior requires guarantee in procurement procedures IV. German Supreme Court: Collection of minors’ personal data for marketing purposes in the course of a competition is not permitted V. ECJ: Copies on the user’s computer screen as well as in the ‘cache’ of a computer’s hard disk, created in the course of viewing a website, do not infringe copyright This is the link to the full version.
The European Union Agency for Fundamental Rights has published a Handbook of European data protection law, to which I was a contributor. This handbook is designed to familiarise legal practitioners who are not specialised in the field of data protection with this area of law. It provides an overview of the European Union’s and the Council of Europe’s applicable legal frameworks. The Handbook can be found here.
The first edition of Olswang's Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team has been published. Please click here for a printable PDF version. In this first edition we cover:
- analysis of cyber breaches in the retail world and the impact of the Target data breach;
- updates on the latest security standards and benchmarks;
- the latest from the UK regulator on top security threats and how to avoid them; and
- progress of the controversial draft EU General Data Protection Regulation and the Network and Information Security Directive and regulatory updates from Asia and the US.
The latest responses by the UK government and the ICO to the EU reform proposals will (mostly) resonate with businesses concerned about some of the more far-reaching changes. The latest developments and time line Datonomy has been taking stock of two recent UK developments: the Government's response to the Justice Select Committee's opinion on the European Data Protection framework proposals published by the MOJ on 11 January, and the "latest views from the ICO" 2 –pager on 22 January. Datonomy readers are no doubt au fait with the intricacies of the EU legislative process, but may nonetheless enjoy the blog post by Deputy Commissioner David Smith with its helpful insight into the current state of play and user friendly time line. Despite the strength of the European Parliament's support for the Commission's proposals, it still has a way to go, procedurally speaking. And not everyone shares the EP's wholehearted support for every aspect … Continue Reading ››