The UPC Preparatory Committee has adopted and published the Rules and Procedure of the Unified Patent Court. The 18th draft of the agreed Rules is subject to change only with respect to the court fees that may be applicable.   The 1st draft, published in 2009, was progressed through stages of expert meetings and technical and public consultation and sets out the specific framework and functioning of the Unified Patent Court.
Continue Reading UPC publishes agreed Rules of Procedure- 18th Draft

The Supreme Court, in Nowak v The Data Protection Commissioner [2015] IESCDET 49, has granted Mr Nowak leave to appeal an ex tempore decision of the Court of Appeal delivered on 24 April 2015

The Court of Appeal upheld a decision of High Court, which in turn confirmed a decision of the Circuit Court, that there is no jurisdiction to appeal a determination by the Data Protection Commissioner (DPC) not to investigate a complaint. The DPC had determined that the appellant’s exam script was not personal data and his complaint was frivolous or vexatious.Continue Reading Supreme Court grants leave to appeal in Nowak case

The Court of Justice of the European Union (CJEU) recently held that personal data cannot be transferred between two public bodies, and subject to further processing, without the data subjects concerned having been informed in advance (Smaranda Bara and Others v Președintele Casei Naționale de Asigurări de Sănătate, Casa Naţională de Asigurări de Sănătate, Agenţia Naţională de Administrare Fiscală (ANAF), Case C‑201/14).
Continue Reading Prior notice of personal data sharing between public authorities

At a recent conference in Amsterdam, the US Federal Trade Commissioner (FTC), Julie Brill, stated that the Schrems decision “cystallizes what has been clear, or should have been clear, for a long time about privacy in Europe: it is a fundamental right that Europeans and their Court take very seriously”.
Continue Reading FTC warns of loss of transparency in EU-US data flows by invalidation of Safe Harbour

The US House of Representatives have passed the Judicial Redress Bill, which will allow EU citizens to enforce their data privacy rights in US courts. As mentioned in a previous blog, the conclusion of the EU/US Umbrella Agreement (which facilitates EU/US data transfers for law enforcement purposes) is subject to adoption of the Judicial Redress Bill by the US.

Congressman Jim Sensenbrenner, who introduced the Judicial Redress Bill, said: “The sudden termination of the Safe Harbor framework strikes a blow to US businesses by complicating commercial data flows. If we fail to pass the Judicial Redress Act, we risk similar disruption to the sharing of law enforcement information.”Continue Reading Judicial Redress Bill due at Senate

The Data Protection Commissioner has been given the green light to investigate Max Schrems’ complaint against Facebook. The Office of the Data Protection Commissioner (ODPC) had initially refused to investigate the complaint based on a view that Commission Decision 2000/520/EC (the Safe Harbour Decision) was both valid and binding on the ODPC. Continue Reading Data Protection Commissioner to investigate Schrems complaint

On 1 October, the Court of Justice of the European Union (CJEU) handed down its judgement in the Weltimmo case (Case C‑230/14), a decision which could have important ramifications for the data protection obligations of companies operating across multiple EU member states. The CJEU effectively held that where a company has a representative in a country and operates services directed at that country, the company can be held accountable by that country’s data protection authority despite not being formally established in that country.Continue Reading CJEU publish important decision on territorial application of data protection law

Recent high profile security incidents illustrate that no institution or business is immune from cyber attack. A cyber attack on the White House in 2014 resulted in a partial shutdown of its email system. In a reported attempt to extort money from the ECB, email addresses and other user contact information were stolen in 2014. Confidential movie scripts and emails about staff and movie stars were released as part of the 2014 Sony hack. Already this year, the Carphone Warehouse security breach in early August and the more recent Ashley Madison hack have received extensive media coverage.

Continue Reading Cyber risk – the legal landscape

“The next big financial shock will arise from a succession of cyber-attacks on financial services firms.” 

This is the case according to the Chairman of the International Organisation of Securities Commission as cited by the Central Bank of Ireland’s Deputy Governor, Cyril Roux, during a recent address to the Society of Actuaries.

Continue Reading Cyber Security – The Next Big Financial Shock

Model Contracts are standard contractual clauses for the transfer of personal data outside the EU/EEA which have been approved by the European Commission.  They have been approved on the basis that they provide sufficient safeguards for privacy, fundamental rights and the exercise of those rights.  To date two sets of standard contractual clauses for the transfer of personal data outside the EU/EEA from data controllers to data controllers and one set for transfers from data controllers to data processors have been approved by the Commission.Continue Reading Transfer Tools Post Schrems: EU Data Protection Authorities’ Common Position on Model Contacts