Cyber Risk & Data Privacy

Subscribe to Cyber Risk & Data Privacy via RSS

The Data Protection Commissioner (DPC) has published new guidance on ‘Data sharing in the public sector’ following the decision of the CJEU in Bara (C-201/14) (see our previous blog on the Bara judgment).

The Bara judgment serves as a reminder that any decision by public bodies to share personal data bodies should not be taken lightly, and only the minimum amount of personal data should be shared. It shows the importance of public bodies informing individuals as to how their personal data is used, for what purpose, and who has access to it.Continue Reading DPC publishes guidance on data sharing in the public sector

Following the CJEU decision in the Schrems Case on 6 October 2015 invalidating the Safe Harbour regime, the Article 29 Working Party (the group comprised of representatives of European national data protection authorities (Article 29WP)) gave the EU and US a three month timeline in which to agree a political solution to replace Safe Harbour. Following intense negotiations, political agreement on the core elements of a new EU/US Privacy Shield was announced yesterdayContinue Reading Safe Harbour will be replaced by an EU/US Privacy Shield – will it withstand Article 29 Working Party scrutiny?

Europe is today celebrating Data Protection Day, with this year’s celebrations coinciding with the recent political agreement for the finalised text of the new General Data Protection Regulation (GDPR) (for further information – see our earlier blog post). One of the many events organised across Europe in conjunction with Data Protection Day was the National Data Protection Conference, which took place over the course of yesterday and today. Continue Reading Data Protection Day – National Data Protection Conference

Digital Rights Ireland (DRI) intend to serve legal proceedings on the Government in the coming days, claiming that the Office of the Data Protection Commissioner (ODPC) has acted in breach of EU law by failing to ensure that the Data Protection Commissioner (DPC) exercises her role independently. The High Court is to be asked to make a referral to the EU’s highest court for a ruling on whether the DPC is truly independent under EU law.
Continue Reading Independence of ODPC called into question

The Department of Justice yesterday published the Criminal Justice (Offences Relating to Information Systems) Bill 2016. The Bill, which is long overdue, will replace some of the existing patchwork of cybercrime legislation.

The primary purpose of the Bill is to transpose the European Directive 2013/40 or the Cybercrime Directive as it is more commonly known. The Cybercrime Directive is aimed at harmonising Member States’ criminal law in the area of cybercrime by creating minimum rules for the definition of cybercrime offences and the relevant sanctions and to improve cooperation between competent authorities.Continue Reading The Cybercrime Bill is here

The Data Protection Commissioner (DPC) has published updated guidance on the use of CCTV, and new guidance on the use of Body Worn Cameras and Drones. While guidance issued by the DPC is not legally binding, it is regarded as best practice, and organisations should take steps to comply with same.Continue Reading DPC issues guidance on CCTV, Body Worn Cameras and Drones

In Barbulescu v Romania, a case concerning employees’ right to privacy, the European Court of Human Rights (ECHR) held that an employer could monitor and access personal messages sent by an employee during work hours from his Yahoo Messenger account. The decision, however, is not a precedent for unrestricted monitoring by employers of personal messages sent by employees during office hours.Continue Reading ECHR rules employer can monitor personal messages sent by employee

The draft of the General Data Protection Regulation (GDPR) took a significant step towards finally becoming European-wide law last week. The European Parliament’s Civil Liberties, Justice & Home Affairs Committee (LIBE) approved the final draft agreed by the European Council and Parliament as part of the trilogue negotiations. The text is available on the website of the European Parliament – under item 3 of the Committee Meeting agenda. The GDPR, which was first published in 2012, has gone through a number of iterations and extensive amendment on its journey to ratification. The final draft, which is expected to be ratified by the European Parliament and Council in Spring 2016, contains a number of compromise positions agreed by the EU institutions in an effort to get the GDPR across the line. Once ratified, there will be a two year period before the GDPR becomes directly applicable in all European Member States.Continue Reading A New Dawn -The draft General Data Protection Regulation takes a step closer to ratification