Tag Archives: European Commission

Summary The Irish High Court has made a preliminary reference to the Court of Justice of the European Union (“CJEU”), asking whether standard data protection clauses (“standard clauses”) are compatible with the legal rights of data subjects under EU law. Standard clauses are currently used as an appropriate safeguard to facilitate the transfer of personal data outside of the European Economic Area (the “EEA”). The reference to the CJEU comes despite previous decisions from the European Commission (the “Commission”) that have approved their use. It is worth noting that the reference does not invalidate the use of standard clauses for the moment. However, a judgment from the CJEU that does so would have implications for billions of euros worth of trade between the EU and the rest of the world. If the CJEU decides to render the use of standard clauses invalid, this would leave extremely limited scope for compliant data transfers … Continue Reading ››
Since its hotly awaited publication in January, the Proposal for an ePrivacy Regulation ("Proposal") has come under scrutiny from various stakeholders. Recently both the Article 29 Working Party ("WP29"), and the European Data Protection Supervisor ("EDPS"), have joined the chorus. Though both independent bodies are pleased with the concepts in the legislation, both express various concerns, with WP29 describing theirs as particularly 'grave'. Those (grave) concerns, alongside some recommendations are explored in detail below. EDPS: concerns over consent, tracking and cookies. As expected in his Opinion the EDPS welcomes various parts of the Proposal, including the legislators' choice for a regulation rather than a directive, and the extension of scope to over-the-top (“OTT”) communications services such as Skype and WhatsApp. The Commission's ambition to bring all publically accessible networks and services within the scope of the confidentiality requirements is also praised. However, though the EDPS … Continue Reading ››
Impact of Brexit on data protection: EU Home Affairs Sub-Committee hears evidence The EU Home Affairs Sub-Committee continues to hear evidence from various experts on the implications of Brexit on the "EU data protection package". Particularly notable are the comments of Elizabeth Denham, the UK's Information Commissioner, regarding her hopes for the UK post-Brexit. Unsurprisingly for Denham and perhaps reassuringly for business, "the right way forward… is to fully adopt the general data protection regulation". However should the UK do so, questions persist as to the ICO's role, particularly in relation to its standing with the European Data Protection Board (EDPB). Denham was keen to emphasise that the Government should do anything it can to ensure the ICO has "some status" on the EDPB. Should it not, the UK will be at the mercy of the Board's decisions, but be without influence over its policy. Lord O'Neil of Clackmannan, a Labour peer, was … Continue Reading ››
With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
  • The regime for electronic communications, based on the EU's Privacy and E-communications Directive (PECD), which dates back to 2002, is being overhauled as part of the Commission's Digital Single Market package.
  • Since the last review of the PECD in 2009, a new … Continue Reading ››
Yesterday, 10 January, the European Commission (EC) presented its formal proposals for the new ePrivacy Regulation. On initial analysis, the first official draft of the Regulation appears broadly similar to last month's leaked version, explored by Datonomy here. Datonomy will be providing a fuller analysis, however in the meantime the EC's Fact Sheet provides a useful starting point. The Commission's aim is to have the new Regulation adopted by 25 May 2018 when the GDPR takes effect. Olswang's Head of Digital and Data, Elle Todd, and Alex Dixie, the firm's Head of Adtech, will be taking a first look at the practical impacts of the new proposals in a webinar at 15:00 UK time on Thursday 19 January. Follow this link to register. In particular the webinar will examine:
 ‘If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself'. James Madison, 1788 (highlighted in the AG's opinion) Enabling a government to control the governed, whilst obliging it to control itself, is the dilemma with which the European Court of Justice (ECJ) has been faced in its preliminary ruling on the appeal decisions of Tele2 and Watson. In today's ruling against the UK Government, the ECJ has clarified that national governments need to respect EU standards on data retention in their domestic legislation. The ruling is a potentially embarrassing setback for Theresa May, as … Continue Reading ››
Yesterday (13 December) in time-honoured tradition, a draft proposal of the European Commission's (EC) new ePrivacy Regulation was leaked. The official draft of the proposal is not expected to be published by the EC until January 2017, and it is possible some of the detail will change before then. Datonomy will be providing fuller analysis of the real thing in the near future, but an initial look at the leaked draft – which (typos aside) gives a good indication of what to expect - reveals the following:
  1. It's a Regulation rather than a Directive (as predicted by Datonomy here)
As with the GDPR, this is intended to provide additional harmonisation and simplification. However, there are a number of areas where Member States can nuance provisions.
  1. A fining regime similar to GDPR
Offenders can expect turnover based fines. For example, fines of up to 2% of turnover, or up to 10,000,000 … Continue Reading ››