Employee monitoring versus privacy rights is back in the spotlight due to today’s decision by the Grand Chamber of the European Court of Human Rights (ECHR) in Bărbulescu v. Romania.  The Grand Chamber held there had been a violation of Article 8 of the European Convention on Human Rights, where an employer monitored and accessed personal emails sent by an employee during work hours from his Yahoo Messenger account, using a company computer, without notifying the employee in advance of such monitoring.
Continue Reading ECHR rules employees must receive prior notice of email monitoring

The General Data Protection Regulation (GDPR) will automatically come into force across the EU on 25 May 2018. As the deadline fast approaches, Member States are busy progressing their draft implementing legislation. Article 23 of the GDPR provides Member States with discretion over how certain provisions will apply. These proposed derogations to the GDPR have been a focus point for many commentators on the draft national legislation.
Continue Reading UK Government sets out proposed derogations under GDPR

News reports have confirmed that on Wednesday 26 July, after a public consultation period on the issue, the Irish Government have agreed to set the digital age of consent at 13 years of age. Article 8 of the General Data Protection Regulation (GDPR) provides that a child under the age of 16 cannot consent to the processing of their personal data without the express consent of their parents. EU Member States have been granted the discretion to set a lower age under the GDPR provided that it is no lower than 13.

The decision follows consideration of a submission made
Continue Reading Digital Age of Consent agreed by Irish Government

On 26 July 2017 the Court of Justice of the European Union (CJEU) delivered its Opinion that the draft Passenger Name Record (PNR) Agreement between the EU and Canada is not compatible with the EU Charter of Fundamental Rights (the Charter) and may not be concluded in its current form. The Opinion follows a referral by the European Parliament to the CJEU and is the first time the Court has been requested to examine the compatibility of an international agreement with the EU Charter.
Continue Reading EU-Canada Passenger Name Records Agreement declared incompatible with EU Fundamental Rights

The European Commission (EC) has opened an online public consultation on the targeted revision of EU consumer law (the Consultation). The Consultation follows the EC’s publication of the results of its Fitness Check on consumer and marketing law and of the evaluation of the Consumer Rights Directive (Directive 2011/83/EU) (the CRD).
Continue Reading European Commission opens public consultation on EU Consumer Law

Stakeholders have written a joint letter to Article 29 Working Party (WP29) expressing their concerns about the GDPR consultation process. ​ They believe that the GDPR consultation processes which have taken place so far with 30-day deadlines to respond were much too short, and that a reasonable consultation period (for example 8 weeks) should be set.

An additional concern is that the WP29 guidelines effectively introduce additional rules. The WP29 guidelines are non-binding, but can still be introduced as compulsory requirements at national level.  The stakeholders therefore point out that whilst it is important that they provide clarity
Continue Reading Stakeholders express concerns about GDPR consultation process

The UK Information Commissioners Office (the ICO) has released an International Strategy (the Strategy) in which it outlines its plans for 2017 – 2021 to deal with the data protection challenges presented by globalism, the GDPR and Brexit. The Strategy which can be read in full here is the first with an international emphasis released by the ICO. It is described by the UK Information Commissioner, Elizabeth Denham, in a statement on 4 July, as a “blueprint” for how the ICO will deliver its international objectives.

The Strategy reiterates the ICO’s commitment to assisting with the implementation of the GDPR
Continue Reading ICO Releases International Strategy

The UK Information Commissioner’s Office (the ICO) has ruled that Virgin Trains East Coast (Virgin) did not break data protection law when it published CCTV images of the UK’s Labour party leader, Jeremy Corbyn. Virgin released the footage last year following Mr Corbyn’s comments that a Virgin train he was travelling on from London to Newcastle was “ram-packed”. The footage shows Mr Corbyn walking past empty seats.

Following its investigation, the ICO found that Virgin had a “legitimate interest” to release the footage of Mr Corbyn: “namely correcting what it deemed to be misleading news reports that
Continue Reading ICO rules Virgin’s CCTV images of Jeremy Corbyn didn’t break data protection law

The Article 29 Working Party (WP29) has recently provided its Opinion 2/2017 on data processing at work. The Opinion, adopted on 8 June 2017, highlights the risks and challenges of processing employees’ personal data in light of new technologies. While the Opinion focuses on the current data protection regime, it also considers some of the obligations arising under the General Data Protection Regulation (GDPR) from 25 May 2018.
Continue Reading Article 29 Working Party Opinion on Data Processing at Work

The European Council has finalised its position on the directive setting out new rules relating to the supply of digital content and digital services, acknowledging it as a priority for the Digital Single Market. The makings of the proposed directive were initially presented by the European Commission in late 2015 as part of the move towards a connected digital single market.  On 8 June 2017, the European Council adopted its position on the scope of the proposed directive, the remedies for lack of supply and non-conformity, supplier liability and burden of proof restrictions.
Continue Reading Digital Single Market- Digital Content