Data Controller

News & Analysis as of

What Can We Expect From The EU General Data Protection Regulation?

After over three years of discussions at many levels, it is now clear that the proposed EU data protection framework will be revised, and that it will be in the form of a Regulation – the General Data Protection Regulation....more

Class Action Exposes Massive Data Leak Of Social Security and Drivers’ License Numbers of Every Registered Georgia Voter;...

Did the Georgia Secretary of State release the social security numbers, driver’s license numbers, and dates of birth of every registered Georgia voter? Those are the allegations first made by putative class representatives,...more

Safe Harbor Invalidated by the CJEU; Are There Other Solutions for Transatlantic Transfers?

After the October 6, 2015, decision of the CJEU, it is clear that transfers of personal data may no longer take place under the Safe Harbor. This was confirmed with no ambiguity by the Article 29 Working Party (Group 29,...more

Advertising Law - October 2015 #3

With EU Safe Harbor Invalidated, Companies Ask: What Now? - What happens now?: That is the question that businesses across the country are asking after the Court of Justice of the European Union (CJEU) threw out the...more

The Safe Harbor Ruling – FAQs and What Your Business Should Do Now

Overview questions - 1. I’m Safe Harbor certified and have seen news articles reporting that “Safe Harbor is invalid”. What does that mean? On 6 October, the European Court of Justice delivered a judgment which...more

Court Invalidates US-EU Data Transfer Safe Harbor Program

The European Union’s highest court has, effective immediately, invalidated the US-EU Safe Harbor program relied upon by many companies as the basis for lawfully transferring and processing personal information from the EU to...more

Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and...

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social...more

Safe Harbor Invalidated – What’s Next on the Chopping Block?

As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at by searching on...more

EU Data Protection Reforms: ICO Critiques Council Draft Regulation Over Consent, Access Rights, EU v. Member State Balance of...

With the EU Data Protection “reform train” rounding what is hopefully the final bend towards the summit of consensus, the UK ICO have published their latest analysis on the Council’s draft EU Data Protection Regulation. The...more

More fines to come in Germany? Service provider engagements are under increased scrutiny.

Following a significant fine against the parties to an asset acquisition for illegally transferring customer information, the Bavarian Data Protection Supervisory Authority (Bavarian DPA) announced on August, 20, 2015 that it...more

Privacy in financial markets, not to be ignored

The Article 29 Working Party published a letter it sent to the European Commission urging it to consider the data protection and privacy issues when adopting the secondary regulations (‘Regulations’) necessary to implement...more

Google Declares “Non!” to French Privacy Regulator’s Demands that Google Apply the “Right to be Forgotten” Worldwide

In an expected but controversial move, Google has rejected a demand by the French Data Privacy authority CNIL to apply the European “Right to be Forgotten” worldwide. We have covered the E.U.’s Right to be Forgotten...more

Progress on Data Protection in the European Union

We may see the final text of the proposed EU General Data Protection Regulation by the end of 2015. In mid-June, the Council of the European Union set forth an agreed general approach to the proposed EU General Data...more

EU antitrust authorities to take value of personal data into consideration when reviewing digital markets in merger and antitrust...

In an interview on 9 April 2015, European Competition Commissioner Margrethe Vestager indicated that companies who control personal data could come under increased scrutiny from European antitrust authorities. She recognises...more

Delicate balance between right to be forgotten and information access

The right of oblivion (le droit a l’oubli) has a distinctly French air, perhaps more reminiscent of existentialist philosophy than of legal codes. That right, though, is enshrined in French law, providing convicted criminals...more

Caveat Emptor or Caveat Vendor? The Evolution of Unfairness in Federal Consumer Protection Law

Under the Federal Trade Commission’s original interpretation of unfair or deceptive acts or practices law, financial institutions could feel some sense of security that, if they provided a consumer with a clear understanding...more

International Privacy — 2014 Year in Review — EU

While the last refrains of “should old acquaintance be forgot” fade away from New Years’ Eve celebrations, 2014 may be remembered as the year of the “right to be forgotten” in light of an EU privacy ruling last May. Below we...more

From the Right to be Forgotten to the Right to an “e-Reputation’’: First Enforceability Ordered by French Court under Penalty

A few months after the European Court of Justice ruled on May 13, 2014 that search engines are considered personal data controllers under the EU Data Protection Directive of 1995 and, as such, should provide data subjects...more

FRANCE: What You Need to Know About the CNIL’s New Online Investigative Powers and Enforcement Goals

Earlier this year we reported on the new online investigative powers of the French Data Protection Authority (the “CNIL”). Whereas before CNIL agents could only conduct on-site inspections, since March 2014 they are...more

Top 5 takeaways on connected cars

Here are the main legal topics on connected cars covered during the Connected Automobiles conference where I gave a presentation named “Privacy and regulations: state-of-the-art and future issues” on legal issues relating to...more

Article 29 Working Party Discusses the Right to be Forgotten

On 18 September 2014, the European Union’s Article 29 Data Protection Working Party published a press release outlining its recent plenary session discussions on the so-called “right to be forgotten” or “de-listed.”...more

FRANCE: Orange receives a public warning from the French Data Protection Authority (CNIL) following a security breach in a...

The CNIL’s decision provides useful guidance on security measures that the CNIL considers must be taken by data controllers. Earlier this year, Orange discovered that the database of one of its sub-subcontractors had...more

The EU Article 29 Working Party's Guidance on the "Legitimate Interest" Ground for Processing Personal Data

When precisely is a data controller lawfully permitted to process personal data? If a data controller does not have the consent of a data subject to process his or her data, when does the “legitimate interest”...more

The EU's Right to be Forgotten: Overly Burdensome?

In May earlier this year, the European Union's top court held in favor of an individual who requested that Google remove the search results associated with his name. In this particular case, a Spanish citizen requested that...more

The Google Tornado: Just How Ground-Breaking Is The "Right To Be Forgotten"

The recent decision of the European Court of Justice relating to Google and the "right to be forgotten", enabling citizens from the European Union to request search engines operating in Europe to delete, or not to show,...more

30 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.